[Deprecated] Gazelle CAS (SSO) - Installation
Warning: This documentation is out-dated, newest version of the documentation is available at https://gazelle.ihe.net/gazelle-documentation
If you'd like more information about the use of the CAS by the gazelle tools, please visit the following page : link to CAS page information
Tomcat7
- You need to download tomcat7 :
sudo apt-get install tomcat7
sudo chgrp -R tomcat7 /etc/tomcat7 sudo chmod -R g+w /etc/tomcat7
- You need to configure server.xml from tomcat7
- Change the http port number from 8080 to 8180
<Connector port="8180" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" />
- Uncomment the ssl part
- Don't forget to add paths for keystoreFile and truststoreFile (replace keyPass and truststorePass by your password)
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" keystoreFile="/etc/tomcat7/keystore.jks" keystorePass="gazelle" keyAlias="tomcat" keyPass="***" truststoreFile="/etc/tomcat7/truststore.jks" truststorePass="***"/
- Make sure AJP is enabled on the tomcat7 server.xml file
<Connector port="8109" protocol="AJP/1.3" redirectPort="8443" />
- Create a new certificate on Gazelle PKI with the role "Client and Server"
- Once the request is signed by the CA
- Download files corresponding to your certificate :
Type your code in the box. To create a new line within the box use SHIFT + ENTER.
- PEM : used by the apache2 frontend
- KEY : used by the apache2 frontend
- JKS : used by tomcat
- Now you can generate a truststore :
keytool -import -alias tomcat -file ***.pem -keystore .truststore.jks
- Verify the configuration in your .bashrc file for JAVA_HOME.
- Start tomcat with sudo su
sudo service tomcat7 restart
Apache2
You need to activate https with the following command :
sudo a2enmod ssl
You need to make redirection for login, logout, cas, image, favicon and serviceValidate.
- Open the default-ssl file in /etc/apache2/sites-enabled
- In the same file you need to provide paths to SSL certificate file et key file
SSLCertificateFile /etc/ssl/certs/***.pem SSLCertificateKeyFile /etc/ssl/private/***.key
- Check the apache2 configuration is ok and then restart apache
sudo apache2ctl configtest sudo apache2ctl restart
Postgresql
The CAS server application is accessing the Gazelle Test Management database in order to know the username and the credentials of the user. It is necessary that the system that runs the CAS application cas access the postgresql server hosting the Gazelle Test Manager database.
Check it by trying to access the database from the server hosting the CAS :
psql -U gazelle -h localhost gazelle
You may have to edit the the postgresql.conf file and make sure that postgresql is listening on incoming TCP/IP connexions. If the CAS and TM are running on the same machine then you just need to make sure the file postgresql.conf contains the followings:
#------------------------------------------------------------------------------ # CONNECTIONS AND AUTHENTICATION #------------------------------------------------------------------------------ # - Connection Settings - listen_addresses = 'localhost' # what IP address(es) to listen on; # comma-separated list of addresses; # defaults to 'localhost', '*' = all # (change requires restart) port = 5432 # (change requires restart)
If you have to change the postgresql.conf file, then you need to restart postgresql and the jboss application server.
War deployment
- Rename your cas.war in ROOT.war
- Copy ROOT.war in /var/lib/tomcat7/webapps/
- Edit /var/lib/tomcat7/webapps/cas/WEB-INF/view/jsp/default/ui/casLoginView.jsp and replace gazelleUrl by yours
- Edit /var/lib/tomcat7/webapps/cas/WEB-INF/deployerConfigContext.xml and replace <value>jdbc:postgresql://kujira.irisa.fr/ihe-europe-2010</value> by your databse name.
- Stop tomcat
- Remove ROOT.war
- Start tomcat
Your CAS is now activated !