Brad, Sounds like you are looking for mod_auth_cas for tomcat. It could be useful but I have not heard of anything like this (though my exposure is limited).
Ray On 2016-08-17 09:48, Brad wrote: > Given the lack of any coverage on this in the documentation, and void > of any reply here, is it a reasonable conclusion that there is no > configuration to secure the entire Tomcat 8 container with CAS, and > that the only option is securing each individual deployed app WAR via > configuration within that WAR? > > Any confirmation on this would be great. Of course, lack of any doc on > configuration or general knowledge about it presents its own pragmatic > support barrier to use even if it is possible, but it would be helpful > to confirm whether it is possible or not regardless. > > Thanks in advance for any help. > > Brad > > On Monday, August 15, 2016 at 4:19:17 PM UTC-7, Brad wrote: > > As a first exercise, I configured CAS 4.2.1 on Tomcat 8 / Java 8 > using the Maven overlay, configuring the resulting cas.war and the > sample Java client webapp (cas-sample-java-webapp) to authenticate > against LDAP. I was able to get this working successfully. > > Now that I have this initial configuration working -- which > essentially requires every new webapp to be individually > configured to use CAS, I would like to transition to secure the > entire Tomcat container to use CAS to authenticate against LDAP, > such that all deployed webapps are secured with SSO, without > requiring any specific configuration in the deployed webapps. I > have seen references to this in older versions of the CAS / client > documentation, but nothing that really shows definitively how to > configure this, or to hit LDAP. I tried throwing a valve in the > server's context.xml file as follows: > > <Valve > className="org.jasig.cas.client.tomcat.v8.Cas20CasAuthenticator" > encoding="UTF-8" > casServerLoginUrl="https://localhost:8443/cas/login > <https://localhost:8443/cas/login>" > casServerUrlPrefix="https://localhost:8443/cas > <https://localhost:8443/cas>" > serverName="localhost" > /> > > But this just blows up Tomcat on startup -- every webapp startup > fails. So I have two questions: > > 1. At this point, is it even possible to set up CAS 4.2.1 on Java > 8/Tomcat 8 to authenticate against LDAP using server-wide > configuration (i.e. no deployed web-apps need CAS-specific > configuration, in other words, any app deployed to that Tomcat > instance will be secured behind LDAP-authenticated SSO)? > 2. If the answer to #1 is that yes, it is possible, how is this > accomplished in Tomcat config? > > Thanks in advance for your help. > > Brad > > -- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/68122a6f-b951-45c9-b38c-42c0448bbfdb%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/68122a6f-b951-45c9-b38c-42c0448bbfdb%40apereo.org?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/305955dc-a0cb-3a3a-bb82-3ae8a9dcdbe5%40uvic.ca. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
