background preloader

SSO

Facebook Twitter

OpenAM | ForgeRock. CAS. How To Set Up Apache, Tomcat (mod_jk), SSO (CAS, mod_auth_cas. This article describes how you can set up Apache and Tomcat, linked with mod_jk. It also explains how you set up the SSO (single sign on) solution JA-SIG CAS to protect servlets (provided by tomcat) and static content (provided by Apache). I worked with OpenSuse 10.2 and 11, Apache2, Tomcat 5.5 and 6. It should work on other distributions as well. 1. Install Apache, Tomcat and mod_jk Goto Yast, Software, Software Management and search and install Apache (with devel package), Tomcat (with webapps package) and apache2-mod_jk. 2. Next, edit /etc/apache2/httpd.conf and add: LoadModule jk_module /usr/lib/apache2/mod_jk.so JkWorkersFile /etc/apache2/workers.properties JkMount /*.jsp worker1 JkMount /servlets-examples/* JkMount /cas/* worker1 You can do this alternatively in your vhost.

JkMount /trn-webapp-0.8.1/map worker1 for example, where map is the servlet Next, create /etc/apache2/workers.properties with the following content: Then, goto /etc/tomcat5/base/ and check your server.xml. . [...] 3. Clustering CAS - pdf. Clustering CAS - User Manual. The clustering guide describes concerns and configuration guidelines for deploying CAS in a high availability (HA) environment. Implementing clustering introduces CAS server security concerns Icon It's easy to visualize the requirements to secure the path of sensitive information when working with a single-server installation of CAS: Protect user passwords with SSL encryptionSecure the communication between the CAS server and the credential storeAssure that the Ticket Granting Cookie is only sent from the browser to the CAS serverAssure that Proxy Tickets are only issued to an SSL-protected endpointSecure the validation of Service Tickets and Proxy Tickets with SSL encryption It is also easy to visualize how clustering CAS servers may create additional security concerns.

This article, while thorough at explaining needs for CAS servers to share their data with each other, does not aim to explain how to secure these additional network communication channels. Overview Assumptions Clustering and: