3/13/2014

How to Install a JaSig CAS on RHEL5



Install RHEL5 x86_64
Subscribe to Red Hat Network for updates
Subscribe to "Supplementary" software channel through RHN

# subscribe to epel
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

# install sun java
yum install java-1.6.0-sun java-1.6.0-sun-devel java-1.6.0-sun-jdbc java-1.6.0-sun-src

# config for x86_64 versions
alternatives --config java
alternatives --config javac

# install tomcat5
yum install tomcat5 tomcat-native tomcat5-jsp-2.0-api tomcat5-server-lib tomcat5-common-lib tomcat5-servlet-2.4-api tomcast5-webapps tomcat5-admin-webapps

# generate a self-signed certificate
cd /usr/share/tomcat5
keytool -genkey -alias tomcat -keystore ./keystore -keyalg RSA
<What is your first and last name? use "localhost.localdomain" >
<use the password "changeit" twice, and set the passphrase to "changeit">

# configure tomcat5 to listen on port 8443 for an https protocol connection
cd /usr/share/tomcat5/conf
vi server.xml

# uncomment this section <!--  -->
<Connector port="8443" maxHttpHeaderSize="8192"
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" /> 

# change it to this
<Connector port="8443" maxHttpHeaderSize="8192"
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="keystore"
           keystorePass="changeit" />

# add an exception for the self-signed certificate, to view the tomcat admin page
https://localhost:8443/admin

# install the maven build tool
cd ~
wget http://mirrors.gigenet.com/apache/maven/maven-3/3.0.5/binaries/apache-maven-3.0.5-bin.tar.gz
su -c "tar -zxvf apache-maven-3.0.5-bin.tar.gz -C /opt/"
su -c "vi /etc/profile.d/maven.sh"

# add the following lines to maven.sh
export M2_HOME=/opt/apache-maven-3.0.5
export M2=$M2_HOME/bin
PATH=$M2:$PATH

# maven often runs out of resources while compiling, make them larger
su -c "vi /etc/mavenrc"

# add the following line to mavenrc
MAVEN_OPTS="-Xms256m -Xmx1024m -Xss1024k"

# [ exit the current shell or start a new shell to use the new profile settings ]

# compile the jasig cas-server webapp, disabling the tests during compile
cd ~
wget http://downloads.jasig.org/cas/cas-server-3.4.11-release.tar.gz
su -c "tar -zxvf cas-server-3.4.11-release.tar.gz  -C /opt/"
cd /opt/cas-server-3.4.11
mvn -Dmaven.test.skip=true package install

# [ if it fails to compile, run "mvn install" again, it often completes without error ]

# copy the webapp (war) file into place
cp /opt/cas-server-3.4.11/cas-server-webapp/target/cas.war /usr/share/tomcat5/webapps
chown root.tomcat cas.war
service tomcat5 restart

# the demo validates a username, using the username, as its password
https://localhost:8443/cas/
admin
admin

Log In Successful



# other considerations
/usr/share/tomcat5/webapps/cas/WEB-INF/classes/log4j.xml

# or consider this before compiling the cas server
/opt/cas-server-3.5.2.1/cas-server-webapp/src/main/webapp/WEB-INF/classes/log5j.xml

the default location for creating cas.log and perfStats.log would be /usr/share/tomcat5

if not directed to the /usr/share/tomcat5/logs directory

[ catalina.out will log permission denied errors ]

# change this
     <appender name="cas" class="org.apache.log4j.RollingFileAppender">
        <param name="File" value="cas.log" />
        <param name="MaxFileSize" value="512KB" />
        <param name="MaxBackupIndex" value="3" />
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern" value="%d %p [%c] - %m%n"/>
        </layout>
    </appender>

# change to this
    <appender name="cas" class="org.apache.log4j.RollingFileAppender">
        <param name="File" value="logs/cas.log" />
        <param name="MaxFileSize" value="512KB" />
        <param name="MaxBackupIndex" value="3" />
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern" value="%d %p [%c] - %m%n"/>
        </layout>
    </appender>


# change this
    <!-- This file appender is used to output aggregated performance statistics -->
    <appender name="fileAppender" class="org.apache.log4j.FileAppender">
        <param name="File" value="perfStats.log"/>
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern" value="%m%n"/>
        </layout>
    </appender>

# change to this
    <!-- This file appender is used to output aggregated performance statistics -->
    <appender name="fileAppender" class="org.apache.log4j.FileAppender">
        <param name="File" value="logs/perfStats.log"/>
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern" value="%m%n"/>
        </layout>
    </appender>

# consider deploying apache as a front end
# configure iptables to permit port 80, 443

yum install httpd mod_ssl

vi /etc/httpd/conf/http.conf

# insert this at the bottom

<VirtualHost *:80>
RewriteEngine On
RewriteRule ^/.*$ https://localhost/cas [L,R]
</VirtualHost>

vi /etc/httpd/conf.d/proxy_ajp.conf

# insert this at the bottom
ProxyPass /cas ajp://localhost:8009/cas