This topic provides instructions on how to configure the CAS inbound authenticator and the WSO2 Identity Server and demonstrates this integration using a sample app (cas-client-webapp).
This procedure was tested using Java 8. The current version of the CAS Inbound authenticator is not supported with a tenant user. CAS Version 1.0.2 Inbound Authenticator is supported by WSO2 Identity Server versions 5.2.0 and CAS Version 2.0.1 Inbound Authenticator is supported by WSO2 Identity Server versions 5.3.0.
If you are using CAS authenticator version 2.0.2, go to the v2.0.2 tag of the identity-outbound-auth-cas GitHub repository to view the documentation
See the following sections for more information on configuring this integration.
Download the sample CAS client webapp (cas-client-webapp.war) from https://github.com/wso2-docs/IS/tree/master/IS-Connector-Artifacts/CAS
If you want to upgrade the CAS Inbound Authenticator (.jar) in your existing IS pack, please refer upgrade instructions.
- The CAS login URL is required if you want to use it in your own app. It must be:
- Generate Keystore to enable 'https' request in your web container (e.g., Tomcat).
Use the following "keytool" command inside the "web-container/bin" (e.g.,
<TOMCAT_HOME/bin>) directory to create a keystore with the self-signed certificate. During the keystore creation process, you need to assign a password and fill in the certificate’s details.
keytool -genkey -alias localhost -keyalg RSA -keystore "PATH_TO_CREATE_KEYSTORE/KEYSTORE_NAME".
localhostis the same name as the machine's hostname.
Add the following connector in the
server.xmlfile in your web-container (e.g.,
Tip: KEYSTORE_PASSWORD is the password you assigned to your keystore via the "keytool" command.
- To establish the trust between cas-client-webapp and CAS-Server (WSO2 IS), take the following steps:
- Go to the
<IS_HOME>/repository/resources/security/directory and execute the following command to create a certificate file for the wso2carbon JKS.
keytool -export -alias wso2carbon -file wso2.crt -keystore wso2carbon.jks -storepass wso2carbon
- Inside the above directory use the following command to import the CAS server certificate (
wso2.crt) into the system truststore of the CAS client. You will be prompted for the keystore password, which is by default changeit.
keytool -import -alias wso2carbon -file wso2.crt -keystore PATH-TO-jre/lib/security/cacerts
- Go to the
Deploying CAS artifacts
- Place the
cas-client-webapp.warfile into the webapps directory of the web-container (e.g.,
- Place the
org.wso2.carbon.identity.sso.cas-1.0.2.jarfile (for Identity Server 5.3.0, use the
cas-2.0.1.jarfile instead as described in the note below) into the
<IS_HOME>/repository/components/dropinsdirectory and restart the Identity Server.
If you are using WSO2 Identity Server 5.3.0, make sure to take the WUM updated product since this feature needs some core fixes done to the product.
Configuring the service provider
Now, you are ready to configure WSO2 Identity Server by .
- Run WSO2 Identity Server.
- Log in to the management console as an administrator.
In the Identity section under the Main tab, click Add under Service Providers.
Enter cas-client-webapp in the Service Provider Name text box and click Register.
In the Inbound Authentication Configuration section, click CAS Configuration .
Configure the Service Url: https://localhost:8443/cas-client-webapp/
Service URL refers to the URL of the application that the client is trying to access.
Go to Claim Configuration and click to add the requested claims. (This is required to show requested claims as user attributes in the cas-client-webapp; otherwise, no attributes will be shown.) Add the Service Provider Claim name that corresponds to the Local Claim URI and mark it as Requested Claim.
- Click Update to save the changes. Now you have configured the service provider.
Testing the sample
- To test the sample, navigate to
https://[server-address]/cas-client-webapp/in your browser (i.e., go to the following URL: https://localhost:8443/cas-client-webapp/).
- The basic authentication page appears. Use your IS username and password.
- If you have successfully logged in, you will see the following CAS Home page of cas-client-webapp with the authenticated user and user attributes.