4. CAS Server

[Note]Note

In a production environment the CAS server should run on its own Tomcat instance but for purposes of this demonstration we will drop it in the same instance as Liferay Portal.

  1. Go to the server.xml file and uncomment the SSL section to open port 8443.

  2. Save.

  3. Download the latest available version of the Liferay-portal-cas-4.3.x.war file from www.liferay/web/guest/downloads.

  4. Rename the file to cas-web.war.

  5. Copy the war file and paste it to the Tomcat webapps directory.

  6. To download the Yale CAS Client 2.0.11 go to http://www.ja-sig.org/products/cas/downloads/index.html.

  7. Create a folder and extract the cas.client zip file into this folder.

  8. Open the folder and navigate to the casclient jar file (cas-client-2.0.11\java\lib).

  9. Copy the file.

  10. Go to the lib file in Tomcat (webapps\ROOT\WEB_INF\lib) and paste the casclient jar file to replace the existing one.

  11. In the command prompt go to the ROOT directory.

  12. Enter the following:

    keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
  13. Enter changeit for the password.

  14. Anser the list of questions. Note that the first and last name must be the host name of your server and cannot be an IP address. This is very important because an IP address will fail client hostname verification even if it is correct.

  15. Enter the following command to export he cert you generated from your personal keystore:

    keytool -export -alias tomcat -keypass changeit -file server.cert 
  16. Enter changeit for the password.

  17. Import the cert into Java's keystore with this command:

    keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
  18. Enter changeit for the password.

  19. Enter yes.

  20. To set up Liferay Portal, navigate to the classes file in Tomcat (webapps\ROOT\WEB_INF\classes).

  21. Create portal-ext.properties if it does not exist yet, somewhere in the server classpath:

  22. Open portal-ext.properties and enter:

    cas.auth.enabled=true
  23. If necessary assign appropriate values to the following properties (default values shown below):

    #
    # A user may be authenticated from CAS and not yet exist in the portal. Set
    # this to true to automatically import users from LDAP if they do not exist
    # in the portal.
    #
    cas.import.from.ldap=false
    
    #
    # Set the default values for the required CAS URLs.
    #
    cas.login.url=https://localhost:8443/cas-web/login
    cas.logout.url=https://localhost:8443/cas-web/logout
    cas.service.url=http://localhost:8080/c/portal/login
    cas.validate.url=https://localhost:8443/cas-web/proxyValidate
    
  24. Save.

  25. Start Tomcat and go to Liferay Portal.

  26. Click Sign In. If everything is set up correctly you will be redirected to the CAS server’s login screen.