Submit a ticketCall us

Training Class Getting Started with SolarWinds Backup - February 28

This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup.
Register for class.

Home > Success Center > Archive > 2017December12 - Deletes > Web Help Desk authentication with CAS 2.0

Web Help Desk authentication with CAS 2.0

Created by Interspire Import, last modified by Kevin.Swinson on Dec 12, 2017

Views: 164 Votes: 0 Revisions: 18

CAS 2.0 is a protocol that supports SSO. CAS server is deployed into Tomcat and endpoints to this service are set in Web Help Desk (WHD). WHD uses these endpoints to authenticate the client according to the user’s Windows login credentials.

You can deploy your CAS server into Apache Tomcat on Web Help Desk (see Section A) or your own server (see Section C).

A. Install CAS2.0 server in the Web Help Desk server

  1. Download the ZIP file at
  2. Extract the files.
  3. Stop the Web Help Desk server.
  4. From the /module directory, copy cas-server-webapp-3.5.2.war into your Tomcat deployment.<whd>/bin/webapps"</whd>
  5. Rename cas-server-webapp-3.5.2.war to cas.war.
  6. Start the Web Help Desk server. 

    CAS2.0 is now accessible from https://webhelpdesk:port/cas.

You should have the HTTPS port enabled on Tomcat. If SSL is enabled, skip section B and go on to section C.

B. Enable SSL on Web Help Desk

  1. Uncomment HTTPS_PORT=443.
  2. Using Portecle, create a new certificate and insert it into <whd>/conf/keystore.jks.
  3. Make sure that the certificate CN is set to FQDN of WHD server.
  4. Restart Web Help Desk. 

C. Open the https://webhelpdesk: port

  1. Go to Setup > General > Authentication.
  2. Select Authentication Method: CAS2.0.
  3. Set the following endpoints and certificate (ask your local administrator for details).
    • CAS login URL: https://fqdn:port/cas/login
    • CAS validate URL: https://fqdn:port/cas/serviceValidate
    • Verification certificate: use certificate which uses CAS for signing the responses (in case of using WHD's Tomcat, its certificate from keystore.jks).
    • Logout URL: https://fqdn:port/cas/logout
  4. Save your changes.

    You can now log in using CAS 2.0.

(Optional) Configure a GPO to Push Internet Explorer settings

  1. Log on to the domain with a Domain Administrator account.
  2. Click Start and select Run.
  3. Type mmc, and then click OK.
  4. In the File menu, click Add/Remove Snap-In, and then click Add.

    The Add or Remove Snap-Ins dialog box opens.

  5. In Available snap-ins, scroll down to and double-click Group Policy Management Editor, and then click OK.

    The Group Policy Wizard opens.

  6. In Select Group Policy Object, click Browse.

    The Browse for a Group Policy Object dialog box opens.

  7. In Domains, OUs, and linked Group Policy Objects, click Default Domain Policy, and then click OK.
  8. Click Finish, and then click OK.
  9. In the Default Domain [] Policy console tree, expand the following path:

    User Configuration > Policies > Windows Settings > Internet Explorer Maintenance > Connection

  10. Double-click Automatic Browser Configuration, clear the Automatically Detect Configuration Settings check box, and then click OK.
  11. In the Default Domain [] Policy console tree, expand the following path:

    User Configuration > Policies > Windows Settings > Internet Explorer Maintenance, Security

  12. Double-click Security Zones and Content Ratings,
  13. Click Import the current security zones and privacy settings.
  14. When prompted, click Continue.
  15. Click Modify Settings.
  16. In the Internet Properties dialog box, click the Security tab, click Local Intranet icon, and then click Sites.
  17. In the Local Internet dialog box, in Add this website to the zone type*, click Add.
  18. Select the Require server verification (https) for all sites in this zone.
  19. Click Close, and then click OK.
Last modified