Authentication with CAS
This tutorial introduces GeoServer CAS support and walks through the process of setting up authentication against a CAS server. It is recommended that the Authentication chain section be read before proceeding. Reference information on cas setup is also available CAS integration.
CAS server certificates
A running CAS server is needed.
The first step is to import the server certificates into the GeoServer JVM.
If you need to export the CRT
from the CAS server, you must execute the following command on the server JVM:
keytool -export -alias <server_name> -keystore <cas_jvm_keystore_path> -file server.crt
Once you have the server.crt
file, the procedure to import the certificate into the JVM is the following one:
keytool -import -trustcacerts -alias <server_name> -file server.crt -keystore <path_to_JRE_cacerts>
Enter the keystore password and confirm the certificate to be trustable.
Configure the CAS authentication provider
-
Start GeoServer and login to the web admin interface as the
admin
user. -
Click the
Authentication
link located under theSecurity
section of the navigation sidebar. -
Scroll down to the
Authentication Filters
panel and click theAdd new
link. -
Click the
CAS
link. -
Fill in the fields of the settings form as follows:
-
Update the filter chains by adding the new CAS filter.
-
Select the CAS Filter for each filter chain you want to protect with CAS.
Be sure to select and order correctly the CAS Filter.
-
Save.
Test a CAS login
-
Navigate to the GeoServer home page and log out of the admin account.
-
Try to login again, you should be able now to see the external CAS login form.