ESUP CAS

This package (esup cas-toolbox-new v3 and v4) is used to deploy and customize a CAS server (v3.4.1x or v4.0.x) You must have JDK (1.6 or greater), Maven 3 install (and Tomcat 7 or greater)

Deploying a CAS server into an existing Tomcat installation
Simplifying and centralizing CAS configuration
- config.properties file and Authentication “HandlersDiscover” functionality
Esup pre-settings and add-ons
- Esup Theme, LDAP, Logging, TraceMe, Stats, BlockAttack, SAML 1.1…
- Configured modules that user can activate : Memcached, Rest…

Install

git clone https://github.com/EsupPortail/cas-toolbox-new.git
git checkout v4.0.x
Rename config.sample.properties to config.properties
Set the deploy.path property in config.properties
Configure config.properties
(Set customizations in the cas-toolbox-custom directory : deployerConfigContext.xml for example )
Initialize and deploy in an existing Tomcat by running mvn clean package
Start Tomcat and browse http://localhost:8080/cas http://localhost:8080/cas-management

Directories Structure

An integrator can easily copy the files from cas-toolbox-core (or the Apereo CAS project) to cas-toolbox-custom and then modify the files.

cas-toolbox-core
  |-- src/main/java
  |-- src/main/webapp
  |-- target
  pom.xml
cas-toolbox-custom
  |-- src/main/webapp
  |-- target
  pom.xml
cas-toolbox-management
  |-- src/main/webapp
  |-- target
  pom.xml
etc
config.sample.properties
config.properties
pom.xml

target : folders where cas server was build before deploy
cas-toolbox-core : folder that stores all esup addons and preconfigurations of the cas server
cas-toolbox-core/src/main/java : java sources added or updated by the esup packaging
cas-toolbox-core/src/main/webbapp : files of webpages, configurations (spring, log, messages...) updated by the esup packaging
cas-toolbox-custom : folder where you can put your configurations and cutomizations of the cas server (the same stucture of cas-toolbox-core folder)
cas-toolbox-management : folder that stores a default configuration of the services management module of the cas server
etc : HOWTo help files, scripts, notice and licence examples...
config.sample.properties : esup cas configuration example
config.properties : esup cas configuration file (with University )

Statistics, Monitoring and Logs

Esup Stats Page: /cas/stats.jsp

SERVICE_TICKET_CREATED : 1
TICKET_GRANTING_TICKET_CREATED : 1
AUTHENTICATION_SUCCESS : 1
AUTHENTICATION_FAILED : 1
SERVICE_TICKET_VALIDATED : 1
TICKET_GRANTING_TICKET_NOT_CREATED : 1

Apereo Monitoring Page: /cas/status

Health: OK
	1.MemoryMonitor: OK - 418,07MB free, 623,54MB total.
	2.SessionMonitor: OK - 1 sessions. 0 service tickets.

Esup User and Service Stats Logs: serviceStats.log

[Sun May 31 16:01:15 CEST 2015] [IP:127.0.0.1] [ID:admin] [TICKET:ST-1-ZW74nIKOVEECbowbB0BT-localhost] [SERVICE:http://localhost:8080/cas-management/j_spring_cas_security_check] [USER-AGENT:Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0]

Apereo Performance Statistics Logs: perfStats.log

Performance Statistics   2015-05-31 16:01:00 - 2015-05-31 16:02:00
Tag                                                  Avg(ms)         Min         Max     Std Dev       Count
AUTHENTICATE                                            21,0          21          21         0,0           1
CREATE_TICKET_GRANTING_TICKET                           25,0          25          25         0,0           1
GRANT_SERVICE_TICKET                                     3,0           3           3         0,0           1
VALIDATE_SERVICE_TICKET                                  1,0           1           1         0,0           1

Tickets: tickets.log

2015-05-31 16:01:15,606 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1-ZW74nIKOVEECbowbB0BT-localhost] for service [http://localhost:8080/cas-management/j_spring_cas_security_check] for user [admin]

Success and failed authentications, blockAttack: auth.log (works with CAS 3)

Thu Dec 18 15:47:00 CET 2014 - AUTHENTICATION_FAILED for '[username: admin]' from '127.0.0.1'
AccountLockingService::incrementAttempts() : [admin] - number of attempts : 3 of 3AccountLockingService::isAccountLocked() : [admin] added to user list
AccountLockingService::isAccountLocked() : [admin] locked
Account "admin" is locked for : 3 s
AccountLockingService::run() : [admin] removed from user list
Thu Dec 18 15:48:00 CET 2014 - AUTHENTICATION_SUCCESS for '[username: admin]' from '127.0.0.1‘

Rejected Services: rejectedServices.log

2015-05-31 16:02:31,091 WARN [org.jasig.cas.web.flow.ServiceAuthorizationCheck] - ServiceManagement: Unauthorized Service Access. Service [http://loc:8080/cas-management/j_spring_cas_security_check] is not found in service registry.

CAS management Services: cas-management.log

2015-05-31 16:01:15,606 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1-ZW74nIKOVEECbowbB0BT-localhost] for service [http://localhost:8080/cas-management/j_spring_cas_security_check] for user [admin]

Trace (used by Esup AGIMUS-ng: Indicators and Usage): trace.log

TRACE-1-70RFFjeWwSqCfoqwHxUoimyMBELrhdlqAjhtlhoIpChkFnuG5f-localhost:admin

Authentication handlers "Discover"

Set Handlers to use in config.properties (reported in esup.properties file)

	# Handler to use (cf cas\WEB-INF\*.auth.xml to find id)
	# - ldapFastBindHandler : make a fast bind in ldap (AD or direct bind configuration)
	# - ldapFullBindHandler : make a search after a bind with find dn (OpenLdap or anonymous)
	# - fileEncAuthHandler : use a flat encoded file
	# - filePlainAuthHandler : use a flat plaintext file
	authHandlers=fileEncAuthHandler
	# IF USE ldapFullBindHandler
	#authHandlers=fileEncAuthHandler,ldapFullBindHandler
	
	authResolvers=primaryPrincipalResolver
	# IF USE ldapFullBindHandler
	#authResolvers=primaryPrincipalResolver,ldapPrincipalResolver
	defaultResolver=primaryPrincipalResolver

HandlersDiscover JAVA class: org.esupportail.cas.HandlersDiscover.java
- Browse the list of authentication Handlers, the list of authentication Resolvers
- Put each couple <AuthHandler, AuthResolver> within the HandlerMap used by Authentication Manager bean
Handlers to discover within src\main\webapp\WEB-INF\auth-configuration*-auth.xml
HandlerDiscover bean defined in src\main\webapp\WEB-INF\deployerConfigContext.xml

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
	<constructor-arg ref="handlerMap"/>
	...
	<property name="authenticationPolicy">
		<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
	</property>
</bean>

<bean id="handlerMap" class="org.springframework.beans.factory.config.MapFactoryBean">
	<property name="sourceMap">
	<map>
		<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
	</map>
	</property>
</bean>

<bean id="handlerDiscover" class="org.esupportail.cas.HandlersDiscover">
	<property name="handlersId" value="${cas.authHandlers}"/>
	<property name="resolversId" value="${cas.authResolvers}"/>
	<property name="defaultResolverId" value="${cas.defaultResolver}"/>
	<property name="mapToAdd" ref="handlerMap"/>
</bean>

Apereo CAS Documentation

http://jasig.github.io/cas/4.0.x/

loumorens / cas-toolbox-new Goto Github PK

cas-toolbox-new's Introduction

ESUP CAS

cas-toolbox-new's People

Contributors

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent