I am developing a portal to Liferay and want to apply there a Single Sign On mechanism (SSO). I am using Jasig CAS for centralized authentication of my multiple web applications. Until now I know that I am able to use CAS as an authentication method but the next step would be to add some more intelligence and ask the authentication from an Active Directory server.
This should be possible by using AD as a "database" towards which the authentication is made, but I am new on these things and do not know how to make this with Jasig CAS.
Any clue how to accomplish this task?
Best Answer
I'm making a few assumptions here, so please let me know if I'm off target:
Prerequisite
Summary
Within your CAS source tree, you'll need to make changes to the following files:
Details
pom.xml:
Add the following within
<dependencies>
:deployerConfigContext.xml:
Reconfigure your Authentication Handers:
<property name="authenticationHandlers">
. Inside this is a<list>
, and inside this are (probably) two<bean ...>
elementsKeep this one:
The other
<bean>
(again, probably) corresponds to the current method of authentication you're using. (I'm not clear based upon the question, as there are several ways CAS can do this without using external services. The default is SimpleTestUsernamePasswordAuthenticationHandler, this authenticates as long as username is equal to password). Replace that<bean>
with:Modify the "searchBase" property according to your AD configuration.
Create a Context Source for LDAP:
Add this somewhere within the root
<beans>
element:Modify "urls", "userDn" and "password" accordingly.
Rebuild cas-server-webapp and try it.
References: