[Deprecated] Gazelle CAS (SSO) - Installation

Warning: This documentation is out-dated, newest version of the documentation is available at https://gazelle.ihe.net/gazelle-documentation 

If you'd like more information about the use of the CAS by the gazelle tools, please visit the following page : link to CAS page information

Tomcat7

  • You need to download tomcat7 :
sudo apt-get install tomcat7
sudo chgrp -R tomcat7 /etc/tomcat7 sudo chmod -R g+w /etc/tomcat7

  • You need to configure server.xml from tomcat7
    • Change the http port number from 8080 to 8180
 <Connector port="8180" protocol="HTTP/1.1" 
               connectionTimeout="20000" 
               URIEncoding="UTF-8"
               redirectPort="8443" />  
  • Uncomment the ssl part
  • Don't forget to add paths for keystoreFile and truststoreFile (replace keyPass and truststorePass by your password)
 <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               allowUnsafeLegacyRenegotiation="true"
               keystoreFile="/etc/tomcat7/keystore.jks" keystorePass="gazelle" keyAlias="tomcat" keyPass="***"
               truststoreFile="/etc/tomcat7/truststore.jks" truststorePass="***"/
  • Make sure AJP is enabled on the tomcat6 server.xml file 
 <Connector port="8109" protocol="AJP/1.3" redirectPort="8443" />
  • Create a new certificate on Gazelle PKI with the role "Client and Server"
  • Once the request is signed by the CA
  • Download files corresponding to your certificate : 
     Type your code in the box. To create a new line within the box use SHIFT + ENTER. 
    • PEM : used by the apache2 frontend
    • KEY : used by the apache2 frontend
    • JKS : used by tomcat
  • Now you can generate a truststore :
 keytool -import -alias tomcat -file ***.pem -keystore .truststore.jks 
  • Verify the configuration in your .bashrc file for JAVA_HOME.
  • Start tomcat with sudo su
 sudo service tomcat7 restart 

 

Apache2

You need to activate https with the following command :

sudo a2enmod ssl

You need to make redirection for login, logout, cas, image, favicon and serviceValidate.

  • Open the default-ssl file in /etc/apache2/sites-enabled
<Location /serviceValidate>
  ProxyPass ajp://localhost:8109/serviceValidate
  ProxyPassReverse ajp://localhost:8109/serviceValidate
</Location>
<Location /login>
  ProxyPass ajp://localhost:8109/login
  ProxyPassReverse ajp://localhost:8109/login
</Location>
<Location /css>
  ProxyPass ajp://localhost:8109/css
  ProxyPassReverse ajp://localhost:8109/css
</Location>
<Location /js>
  ProxyPass ajp://localhost:8109/js
  ProxyPassReverse ajp://localhost:8109/js
</Location>
<Location /logout>
  ProxyPass ajp://localhost:8109/logout
  ProxyPassReverse ajp://localhost:8109/logout
</Location>
<Location /images>
  ProxyPass ajp://localhost:8109/images
  ProxyPassReverse ajp://localhost:8109/images
</Location>
<Location /favicon.ico>
  ProxyPass ajp://localhost:8109/favicon.ico
  ProxyPassReverse ajp://localhost:8109/favicon.ico
</Location>
  • In the same file you need to provide paths to SSL certificate file et key file
 SSLCertificateFile    /etc/ssl/certs/***.pem
 SSLCertificateKeyFile /etc/ssl/private/***.key 
  • Check the apache2 configuration is ok and then restart apache
sudo apache2ctl configtest
sudo apache2ctl restart

  Postgresql 

The CAS server application is accessing the Gazelle Test Management database in order to know the username and the credentials of the user. It is necessary that the system that runs the CAS application cas access the postgresql server hosting the Gazelle Test Manager database. 

Check it by trying to access the database from the server hosting the CAS : 

psql -U gazelle -h localhost gazelle 

You may have to edit the the postgresql.conf file and make sure that postgresql is listening on incoming TCP/IP connexions. If the CAS and TM are running on the same machine then you just need to make sure the file postgresql.conf contains the followings: 

 #------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------

# - Connection Settings -

listen_addresses = 'localhost'          # what IP address(es) to listen on;
                                        # comma-separated list of addresses;
                                        # defaults to 'localhost', '*' = all
                                        # (change requires restart)
port = 5432                             # (change requires restart)

If you have to change the postgresql.conf file, then you need to restart postgresql and the jboss application server. 

War deployment 

  • Rename your cas.war in ROOT.war
  • Copy ROOT.war in /var/lib/tomcat6/webapps/
  • Edit /var/lib/tomcat6/webapps/ROOT/WEB-INF/view/jsp/default/ui/casLoginView.jsp and replace gazelleUrl by yours 
  • Edit /var/lib/tomcat7/webapps/ROOT/WEB-INF/deployerConfigContext.xml and replace  <value>jdbc:postgresql://kujira.irisa.fr/ihe-europe-2010</value> by your databse name.
  •  
  • Stop tomcat
  • Remove ROOT.war
  • Start tomcat

 

Your CAS is now activated !