Versions Compared

Old Version 14

changes.mady.by.user Glen Mazza

Saved on

compared with

New Version 15

changes.mady.by.user Glen Mazza

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page is designed to show how to integrate Roller 45.0 1 with either LDAP (Apache DS) and optionally JA-SIG Central Authentication Service. To begin, you will need to download the following. The below instructions have been tested on Ubuntu, Tomcat 7.x and JDK 7 with the following Apache DS releases:

...

Install Roller and Test

If

...

you're

...

new to

...

Install Roller and Test

The first step is to install Roller and ensure it works on your application server.

...

Create a roller-custom.properties file and put it in your server's classpath ($CATALINA_HOME/lib for Tomcat 6).

Code Block
installation.type=auto 
database.configurationType=jdbc 
database.jdbc.driverClass=com.mysql.jdbc.Driver 
database.jdbc.connectionURL=jdbc:mysql://localhost:3306/rollerdb?createDatabaseIfNotExist=true 
database.jdbc.username=root 
database.jdbc.password= 
mail.configurationType=properties 
mail.hostName=localhost

...

...

installing Roller, it's best to first install using normal username/password security following the Roller Install Guide available from the Roller home page.  This will make sure that your JDK, database, mail server, etc., are all properly configured and running, providing a good foundation prior to bringing in LDAP authentication.  After confirming you can create a user, a blog for that user, and a blog entry, proceed onward for linking in LDAP.

Activating Apache Directory Server

Install LDAP and Test

Now that you have Roller installed and working, configure it to authenticate against LDAP instead of the "rollerdb" database.

...

  • LDAP_URL = ldap://localhost:1389/dc=example,dc=com
  • LDAP_USERNAME = cn=Directory Manager
  • LDAP_PASSWORD = password

Install CAS and Test

  1. Install CAS by copying its modules/cas.war to $CATALINA_HOME/webapps.
  2. Navigate to http://localhost:8080/cas and login with admin/admin.
  3. Configure Roller to talk to CAS by making the following modifications to security.xml:
    • In the filterChainProxy bean definition, replace "authenticationProcessingFilter,rememberMeProcessingFilter" with "casProcessingFilter".
    • In the authenticationManager bean, comment out the "ldapAuthProvider" and add <ref local="casAuthenticationProvider"/>.
    • Change the exceptionTranslationFilter to use "casProcessingFilterEntryPoint" for its "authenticationEntryPoint".
    • Look for the "CAS" beans near the bottom of the file) and uncomment the bean definitions to enable CAS integration.
    • Copy casclient.jar from the cas-client-java-2.1.1/dist directory to $CATALINA_HOME/webapps/roller/WEB-INF/lib.

    • Modify $CATALINA_HOME/conf/server.xml to enable https support. Below is an example.

      Code Block
          <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="/Users/mraible/.keystore" keystorePass="changeit"
               truststoreFile="/System/Library/Frameworks/JavaVM.framework/Home/lib/security/cacerts"/>
    • Use the CAS SSL Guide to generate, export and import a certificate.
    • At this point, you should be able to start Tomcat and login to your blog. The login page should be from CAS rather than Roller and admin/admin should log you in successfully.

Integrate CAS with Roller's Database

By default CAS ships with a SimpleTestUsernamePasswordAuthenticationHandler that has a hard-coded username and password. To change this to authenticate against Roller's database, complete the following steps:

  1. Edit $CATALINA_HOME/webapps/cas/WEB-INF/deployerConfigContext.xml in your favorite XML editor.

  2. Find the SimpleTestUsernamePasswordAuthenticationHandler bean towards the bottom and comment it out. Replace it with the following:

    Code Block
    <bean class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler">
    <property name="tableUsers" value="rolleruser"/>
    <property name="fieldUser" value="username"/>
    <property name="fieldPassword" value="passphrase"/>
    <property name="dataSource" ref="dataSource"/>
</bean>

  3. At the very end of the file (before the ending </beans> element), add a "dataSource" bean definition:

    Code Block
    <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
    <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
    <property name="url" value="jdbc:mysql://localhost:3306/rollerdb"/>
    <property name="username" value="root"/>
    <property name="password" value=""/>
    <property name="maxActive" value="100"/>
    <property name="maxWait" value="1000"/>
    <property name="poolPreparedStatements" value="true"/>
    <property name="defaultAutoCommit" value="true"/>
</bean>
  4. Download the following JARs and put them into $CATALINA_HOME/webapps/cas/WEB-INF/lib.
  5. Copy cas-server-support-jdbc-3.1.jar from $CAS_DOWNLOAD/modules to $CATALINA_HOME/webapps/cas/WEB-INF/lib.
  6. Modify the password in the "rollerdb" database so the "admin" user's password is in plain text.
  7. Start Tomcat. You should be able to login with the password you set in the previous step.

Integrate CAS with Apache Directory Server

By default CAS ships with a SimpleTestUsernamePasswordAuthenticationHandler that has a hard-coded username and password. To change this to authenticate against your previously installed Apache Directory Server, complete the following steps:

...

Find the SimpleTestUsernamePasswordAuthenticationHandler bean towards the bottom and comment it out. Replace it with the following:

Code Block
<bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" >
    <property name="filter" value="uid=%u,ou=People,dc=example,dc=com" />
    <property name="contextSource" ref="contextSource" />
</bean>

...

At the very end of the file (before the ending </beans> element), add a "contextSource" bean definition:

Code Block
<bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
    <property name="pooled" value="true"/>
    <property name="urls">
        <list>
            <value>ldap://localhost:10389</value>
        </list>
    </property>
    <property name="userName" value="uid=admin,ou=system"/>
    <property name="password" value="secret"/>
    <property name="baseEnvironmentProperties">
        <map>
            <entry>
                <key>
                    <value>java.naming.security.authentication</value>
                </key>
                <value>simple</value>
            </entry>
        </map>
    </property>
</bean>

...