https:\/\/fawnoos.com\/2022\/05\/31\/cas65x-docker-deployment\/
https:\/\/fawnoos.com\/2021\/02\/04\/cas63-management-webapp\/<\/code><\/pre>\n\n\n\nWe were previously using the demo CAS server avaible here : https:\/\/casserver.herokuapp.com\/cas<\/a> but for some time now, it is not possible anymore to use it with any application. It refuses unauthorized applications. That is why we needed to have our own CAS server.<\/p>\n\n\n\n\n\n\n\nFor our tutorial, we took a vanilla instance into Digital Ocean on Debian 12 with 16 GB RAM.<\/p>\n\n\n\n
- Requirements :
- Java 11 <\/li>
- Docker<\/li>
- A real certificate name on the server. Indeed without it, we could not have a functional environment (we used LetsEncrypt in this example)<\/li>
- jq installed
See annexes below to have indications to install these dependencies<\/li><\/ul><\/li><\/ul>\n\n\n\n- Installation of the CAS server<\/strong><\/li><\/ol>\n\n\n\n
- Create a keystore on the server with the SSL certificate generated<\/li><\/ul>\n\n\n\n
We assume that the certificate and the key were issued by LetsEncrypt and are located into \/etc\/letsencrypt\/live\/$DOMAIN_NAME<\/p>\n\n\n\n
Replace $DOMAIN_NAME by the name of your domain, in our example it is castest.datafari.com<\/p>\n\n\n\n
export DOMAIN_NAME=castest.datafari.com\nopenssl pkcs12 -export -in \/etc\/letsencrypt\/live\/$DOMAIN_NAME\/fullchain.pem -inkey \/etc\/letsencrypt\/live\/$DOMAIN_NAME\/privkey.pem -out letsencrypt.p12<\/code><\/pre>\n\n\n\nWhen the script asks you for a password enter ‘changeit’.<\/p>\n\n\n\n
With the last command, we created a keystore into p12 format. We need to convert it into JKS format.<\/p>\n\n\n\n
keytool -importkeystore -srckeystore letsencrypt.p12 -srcstoretype PKCS12 -destkeystore letsencrypt.jks -deststoretype JKS\n<\/code><\/pre>\n\n\n\nWhen the script asks you for a password : destination and source, always enter ‘changeit’.<\/p>\n\n\n\n
We can now run the CAS server with Docker.<\/p>\n\n\n\n
Create a directory for CAS : here \/var\/work\/cas<\/p>\n\n\n\n
mkdir -p \/var\/work\/cas<\/code><\/pre>\n\n\n\nCopy the JKS keystore to this folder :<\/p>\n\n\n\n
cp \/root\/letsencrypt.jks \/var\/work\/cas<\/code><\/pre>\n\n\n\nRename it to ‘thekeystore’ and change the permission on it (just in case)<\/p>\n\n\n\n
mv \/var\/work\/letsencrypt.jks \/var\/work\/thekeystore\nchmod 777 \/var\/work\/thekeystore<\/code><\/pre>\n\n\n\nBefore launching the CAS server, we can set some settings. Look at https:\/\/fawnoos.com\/2022\/05\/31\/cas65x-docker-deployment\/#container-configuration to have more information.<\/p>\n\n\n\n
“Adjust the CAS root logging level to debug so we can get more details from the running CAS web application.
Rename the CAS SSO cookie to SSO_COOKIE<\/em>.
Allow the service registry instance to initialize and bootstrap itself from the embedded JSON files that ship with CAS.
Enable the schedule for the service registry loader”<\/p>https:\/\/fawnoos.com\/2022\/05\/31\/cas65x-docker-deployment\/#container-configuration<\/cite><\/blockquote>\n\n\n\nBasically with this configuration, we will have more verbosity on logs and we will authorize all applications with our CAS server.<\/p>\n\n\n\n
Enter this command :<\/p>\n\n\n\n
properties='{\n \"logging\": {\n \"level\": {\n \"org.apereo.cas\": \"debug\"\n }\n },\n \"cas\": {\n \"tgc\": {\n \"name\": \"SSO_COOKIE\"\n },\n \"service-registry\": {\n \"core\": {\n \"init-from-json\": true\n },\n \"schedule\": {\n \"enabled\": false\n }\n }\n }\n}'\nproperties=$(echo \"$properties\" | tr -d '[:space:]')\necho -e \"***************************\\nCAS properties\\n***************************\"\necho \"${properties}\" | jq<\/code><\/pre>\n\n\n\nWe can now use these properties into the SPRING_APPLICATION_JSON property.<\/p>\n\n\n\n
We can now launch the CAS server. We add a bind mount with the keystore we just created: <\/p>\n\n\n\n
export CAS_KEYSTORE=\/var\/work\/cas\/thekeystore\ndocker run --rm -d --mount type=bind,source=\"${CAS_KEYSTORE}\",target=\/etc\/cas\/thekeystore -e SPRING_APPLICATION_JSON=\"${properties}\" -p 8444:8443 --name casserver apereo\/cas:6.5.<\/code><\/pre>\n\n\n\nAfter some time, the CAS server can be found at this url : <\/p>\n\n\n\n
https://$DOMAIN_NAME:8444\/cas\/login <\/code><\/pre>\n\n\n\nso in our example it would be:<\/p>\n\n\n\n
https://castest.datafari.com:8444\/cas\/login<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/www.francelabs.com\/blog\/wp-content\/uploads\/2023\/09\/Capture-de\u0301cran-2023-09-05-a\u0300-15.05.46-1024x410.jpg\")
<\/a>CAS login UI<\/figcaption><\/figure>\n\n\n\nThe default credentials are : <\/p>\n\n\n\n
user : casuser<\/code><\/pre>\n\n\n\npassword: Mellon<\/code><\/pre>\n\n\n\nWe can now install the CAS management webapp.<\/p>\n\n\n\n
2. Installation of the CAS management webapp<\/strong><\/p>\n\n\n\nClone the code from the Github project CAS Management Overlay<\/p>\n\n\n\n
Here we clone it into \/var\/work\/cas : <\/p>\n\n\n\n
cd \/var\/work\/cas\ngit clone https:\/\/github.com\/apereo\/cas-management-overlay.git\n\n<\/code><\/pre>\n\n\n\nWe want to checkout the code with the 6.5 version : <\/p>\n\n\n\n
cd cas-management-overylay\ngit checkout 6.5<\/code><\/pre>\n\n\n\nCopy the keystore into the project : <\/p>\n\n\n\n
cp \/var\/work\/cas\/thekeystore \/var\/work\/cas\/cas-management-overlay\/etc\/cas\/thekeystore\n<\/code><\/pre>\n\n\n\nEdit the management.properties located into cas\/config : <\/p>\n\n\n\n
nano \/var\/work\/cas\/cas-management-overlay\/etc\/cas\/config\/management.properties<\/code><\/pre>\n\n\n\ncas.server.name=https:\/\/$DOMAIN_NAME:8444\ncas.server.prefix=${cas.server.name}\/cas\n\nmgmt.server-name=https:\/\/$DOMAIN_NAME:8443\nmgmt.admin-roles[0]=ROLE_ADMIN\nmgmt.user-properties-file=file:\/etc\/cas\/config\/users.json\n\nlogging.config=file:\/etc\/cas\/config\/log4j2-management.xml\n\n<\/code><\/pre>\n\n\n\nEdit the properties cas.server.name and mgmt.server-name by replacing by your domain name. Here it is the file with our domain example : <\/p>\n\n\n\n
cas.server.name=https:\/\/castest.datafari.com:8444\ncas.server.prefix=${cas.server.name}\/cas\n\nmgmt.server-name=https:\/\/castest.datafari.com:8443\nmgmt.admin-roles[0]=ROLE_ADMIN\nmgmt.user-properties-file=file:\/etc\/cas\/config\/users.json\n\nlogging.config=file:\/etc\/cas\/config\/log4j2-management.xml\n\n<\/code><\/pre>\n\n\n\nBuild the project with Docker : <\/p>\n\n\n\n
cd \/var\/work\/cas\/cas-management\nchmod +x *.sh\n.\/docker-build.sh\n<\/code><\/pre>\n\n\n\nWhen it is over, you can launch the container : <\/p>\n\n\n\n
.\/docker-run.sh<\/code><\/pre>\n\n\n\nThe CAS management page can be found at this URL : <\/p>\n\n\n\n
https://$DOMAIN_NAME:8443\/cas-management<\/code><\/pre>\n\n\n\nIn our example the URL is : <\/p>\n\n\n\n
https://castest.datafari.com:8443\/cas-management<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/www.francelabs.com\/blog\/wp-content\/uploads\/2023\/09\/Capture-de\u0301cran-2023-09-05-a\u0300-15.37.40-1024x386.jpg\")
<\/a>CAS management UI<\/figcaption><\/figure>\n\n\n\nWith this test configuration our CAS server will authorize all applications.<\/p>\n\n\n\n
ANNEXES<\/strong><\/p>\n\n\n\n- Java installation<\/li><\/ul>\n\n\n\n
apt-get install -y wget apt-transport-https gnupg\nwget -O - https:\/\/packages.adoptium.net\/artifactory\/api\/gpg\/key\/public | apt-key add -\necho \"deb https:\/\/packages.adoptium.net\/artifactory\/deb $(awk -F= '\/^VERSION_CODENAME\/{print$2}' \/etc\/os-release) main\" | tee \/etc\/apt\/sources.list.d\/adoptium.list\napt-get update\napt-get install temurin-11-jdk\n<\/code><\/pre>\n\n\n\n- Docker<\/li><\/ul>\n\n\n\n
curl -fsSL https:\/\/get.docker.com -o get-docker.sh\nsudo sh .\/get-docker.sh --dry-run<\/code><\/pre>\n\n\n\n- jq<\/li><\/ul>\n\n\n\n
apt-get install jq<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"The task of setting up a CAS server on Docker is not very smooth. The official documentation is not very explicit about it. We decided to write a post on this subject in order to help others to quickly configure … Continue reading