3/13/2014
How to Install a JaSig CAS on RHEL5
Install RHEL5 x86_64
Subscribe to Red Hat Network for updates
Subscribe to "Supplementary" software channel through RHN
# subscribe to epel
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
# install sun java
yum install java-1.6.0-sun java-1.6.0-sun-devel java-1.6.0-sun-jdbc java-1.6.0-sun-src
# config for x86_64 versions
alternatives --config java
alternatives --config javac
# install tomcat5
yum install tomcat5 tomcat-native tomcat5-jsp-2.0-api tomcat5-server-lib tomcat5-common-lib tomcat5-servlet-2.4-api tomcast5-webapps tomcat5-admin-webapps
# generate a self-signed certificate
cd /usr/share/tomcat5
keytool -genkey -alias tomcat -keystore ./keystore -keyalg RSA
<What is your first and last name? use "localhost.localdomain" >
<use the password "changeit" twice, and set the passphrase to "changeit">
# configure tomcat5 to listen on port 8443 for an https protocol connection
cd /usr/share/tomcat5/conf
vi server.xml
# uncomment this section <!-- -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
# change it to this
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="keystore"
keystorePass="changeit" />
# add an exception for the self-signed certificate, to view the tomcat admin page
https://localhost:8443/admin
# install the maven build tool
cd ~
wget http://mirrors.gigenet.com/apache/maven/maven-3/3.0.5/binaries/apache-maven-3.0.5-bin.tar.gz
su -c "tar -zxvf apache-maven-3.0.5-bin.tar.gz -C /opt/"
su -c "vi /etc/profile.d/maven.sh"
# add the following lines to maven.sh
export M2_HOME=/opt/apache-maven-3.0.5
export M2=$M2_HOME/bin
PATH=$M2:$PATH
# maven often runs out of resources while compiling, make them larger
su -c "vi /etc/mavenrc"
# add the following line to mavenrc
MAVEN_OPTS="-Xms256m -Xmx1024m -Xss1024k"
# [ exit the current shell or start a new shell to use the new profile settings ]
# compile the jasig cas-server webapp, disabling the tests during compile
cd ~
wget http://downloads.jasig.org/cas/cas-server-3.4.11-release.tar.gz
su -c "tar -zxvf cas-server-3.4.11-release.tar.gz -C /opt/"
cd /opt/cas-server-3.4.11
mvn -Dmaven.test.skip=true package install
# [ if it fails to compile, run "mvn install" again, it often completes without error ]
# copy the webapp (war) file into place
cp /opt/cas-server-3.4.11/cas-server-webapp/target/cas.war /usr/share/tomcat5/webapps
chown root.tomcat cas.war
service tomcat5 restart
# the demo validates a username, using the username, as its password
https://localhost:8443/cas/
admin
admin
Log In Successful
# other considerations
/usr/share/tomcat5/webapps/cas/WEB-INF/classes/log4j.xml
# or consider this before compiling the cas server
/opt/cas-server-3.5.2.1/cas-server-webapp/src/main/webapp/WEB-INF/classes/log5j.xml
the default location for creating cas.log and perfStats.log would be /usr/share/tomcat5
if not directed to the /usr/share/tomcat5/logs directory
[ catalina.out will log permission denied errors ]
# change this
<appender name="cas" class="org.apache.log4j.RollingFileAppender">
<param name="File" value="cas.log" />
<param name="MaxFileSize" value="512KB" />
<param name="MaxBackupIndex" value="3" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %p [%c] - %m%n"/>
</layout>
</appender>
# change to this
<appender name="cas" class="org.apache.log4j.RollingFileAppender">
<param name="File" value="logs/cas.log" />
<param name="MaxFileSize" value="512KB" />
<param name="MaxBackupIndex" value="3" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %p [%c] - %m%n"/>
</layout>
</appender>
# change this
<!-- This file appender is used to output aggregated performance statistics -->
<appender name="fileAppender" class="org.apache.log4j.FileAppender">
<param name="File" value="perfStats.log"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%m%n"/>
</layout>
</appender>
# change to this
<!-- This file appender is used to output aggregated performance statistics -->
<appender name="fileAppender" class="org.apache.log4j.FileAppender">
<param name="File" value="logs/perfStats.log"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%m%n"/>
</layout>
</appender>
# consider deploying apache as a front end
# configure iptables to permit port 80, 443
yum install httpd mod_ssl
vi /etc/httpd/conf/http.conf
# insert this at the bottom
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^/.*$ https://localhost/cas [L,R]
</VirtualHost>
vi /etc/httpd/conf.d/proxy_ajp.conf
# insert this at the bottom
ProxyPass /cas ajp://localhost:8009/cas