Submit a ticketCall us

Quickly Address Software Vulnerabilities
Patch Manager is an intuitive patch management software which extends the capabilities of WSUS and SCCM to not only patch Windows® servers and workstations, and Microsoft® applications, but also other 3rd-party applications which are commonly exploited by hackers. Learn More.

 

Home > Success Center > Web Help Desk (WHD) > Web Help Desk Administrator Guide > Configure and manage authentication > Deploy SSO with CAS 2.0

Deploy SSO with CAS 2.0

Created by Steve.Hawkins, last modified by Anthony.Rinaldi on Jul 18, 2016

Views: 21 Votes: 0 Revisions: 4

The Central Authentication Service (CAS) is a single sign-on protocol that enables a user to access multiple applications using one set of credentials. This protocol works in conjunction with the CAS server, which handles all the user connections to your Microsoft Exchange and LDAP servers.

You can deploy your Central Authentication Service (CAS) server into Web Help Desk's Tomcat or your own Web Help Desk server.

Deploy CAS Server on Apache Tomcat

Before you deploy single sign-on (SSO) with CAS 2.0 in your Web Help Desk deployment, configure the CAS module for LDAP and Active Directory communications.

You can deploy your Central Authentication Service (CAS) server into Apache Tomcat or your own Web Help Desk server.

To deploy CAS server on your Apache Tomcat server:

  1. Download the Jasiq CAS server web application file.
  2. Update the file using the text files located in Configure the CAS module for LDAP and Active Directory. When completed, set it up based on your system configuration. 
  3. Download and apply the dependencies.
  4. Deploy CAS server on your Apache Tomcat server. 
  5. Complete your CAS server deployment.

Download the Jasiq CAS Server web application file

  1. Download the cas-server-webapp-3.5.2.zip file from the Apero website. 
  2. Open the ZIP file and navigate to cas-server-3.5.2\modules.
  3. Extract cas-server-webapp-3.5.2.war from the modules directory. 

Update the file

  1. Rename the cas-server-webapp-3.5.2.war file to cas.zip
  2. Open the ZIP file as an archive. 
  3. Open the WEB-INF directory.
  4. Open the deployerConfigContext file in Notepad.
  5. Navigate to Configure the CAS module for LDAP and Active Directory and download the following files attached to the article:
    • deployerconfigcontext.txt
    • casproperties.tx
  6. Open the deployerconfigcontext.txt file. 
  7. Copy the file contents to the deployerConfigContext file, overwriting the existing content.
  8. In the updated deployerConfigContext file, update the file variables for your deployment. 
    1. Locate the following argument:

      <property name="url" value="ldap://127.0.0.1:389" /> 
      <!-- use ‘ldaps://’ for ssl connection -->
    2. Replace the value variable with the IP address of your LDAP server. 
    3. Locate the following argument:
      <property name="userDn" value="ldap_admin@yourdomain.com" />
    4. Replace the value variable with the email address of your LDAP administrator.
    5. Locate the following argument:
      <property name="password" value="ldap_admin_password" />
    6. Replace the value variable with your LDAP admin password.
    7. Locate the following argument:
      p:filter="sAMAccountName=%u" p:searchBase="DC=yourdomain,DC=com"
    8. Ensure that the LDAP p:filter search filter matches your LDAP configuration settings. 
    9. Replace the p:searchBase variables with your domain information.  
    10. Close the file. 
  9. Open the cas.properties file in Notepad.
  10. Open the casproperties.txt file. 
  11. Copy and paste the file contents to the cas.properties file.
  12. In the updated cas.properties file, update the file variables for your deployment. 
    1. Locate the following argument:
      server.name=http://localhost:8080
    2. Replace the server.hame variable with a WHD server address. For example:
      http://whd.yourdomain.com
    3. Locate the following argument:
      host.name=cas01.yourdomain.com
    4. Replace the host.name variable with the provided prefix and your domain name.
    5. Close the file. 

Download and apply the dependencies

  1. Download the following dependencies in JAR format:
  2. Open the cas.zip file and navigate to the WEB-INF/lib/ directory.
  3. Copy all dependencies to the directory.
  4. Rename the cas.zip file to cas.war

Deploy CAS server on Apache Tomcat

  1. Stop the Web Help Desk Service.
    1. Open File Explorer and navigate to the <WebHelpDesk> directory.
    2. Double-click whd_stop.bat.

      The Web Help Desk service is stopped.

  2. Copy the cas.war file to the /bin/webapps directory on your Apache Tomcat deployment.
  3. Start the Web Help Desk Service.
    1. Open the <WebHelpDesk> directory.
    2. Double-click whd_start.bat.

      The Web Help Desk Service is started. 

      CAS 2.0 is now accessible from the following URL:

      https://webhelpdesk:port/cas
  4. Verify that the HTTPS port is enabled on Apache Tomcat.

    If the HTTPS port is not enabled, go to Enable SSL on Web Help Desk.

    If the HTTPS port is enabled, go to Deploy CAS 2.0 on the Web Help Desk Server.

Complete your CAS server deployment

Configure a Group Policy Object (GPO) to push the appropriate Windows login credentials to your Internet Explorer settings. This process allows authenticated users to access the Web Help Desk server without having to log in. GPOs define the settings for your Windows server configuration, and Group Policies apply these settings.

See Configure a GPO to push Internet Explorer settings for more information. 

Enable SSL on Web Help Desk

  1. On your Web Help Desk system, open File Explorer and navigate to:

    <WebHelpDesk>/conf

  2. In the conf directory, open the whd.conf file using a text editor.
  3. In the file, comment out the following entry:

    HTTPS_PORT=443

  4. Save and close the file.
  5. Using Portecle, create a new certificate (as described in Generating a New Certificate in Portecle).
  6. Insert the certificate to the following location:

    /conf/keystore.jks

  7. Restart Web Help Desk.

Deploy CAS 2.0 on the Web Help Desk server

  1. Log in to Web Help Desk as an administrator.
  2. Click Setup and select General > Authentication.
  3. Click the Authentication Method drop-down menu and select CAS 2.0. 
  4. In the CAS login URL field, enter:
    https://fqdn:port/cas/login
  5. In the CAS validate URL field, enter:
    https://fqdn:port/cas/serviceValidate
  6. Under Verification certificate, click Upload and select a certificate that uses CAS for signing the responses.

    The Web Help Desk Tomcat certificate is from keystore.jks.

  7. In the Logout URL field, enter:
    https://fqdn:port/cas/logout
  8. Click Save.

    You can now log in using CAS 2.0.

Configure a GPO to push Internet Explorer settings

To complete your CAS server deployment, configure a Group Policy Object (GPO) to push the appropriate Windows login credentials to your Internet Explorer settings. This process allows authenticated users to access the Web Help Desk server without having to log in. GPOs define the settings for your Windows server configuration, and Group Policies apply these settings.

  1. Log on to the Web Help Desk domain using the Domain Administrator account.
  2. Click Start and select Run. 
  3. In the Run field, enter the following command and then click OK:

    mmc

    The Microsoft Management Console appears.

  4. In the File menu, click Add/Remove Snap-In > Add. 
  5. In Available snap-ins, double-click Group Policy Management Editor, and click OK. 
  6. In Select Group Policy Object, click Browse. 
  7. In Domains, OUs, and linked Group Policy Objects, click Default Domain Policy, and click OK.
  8. Click Finish, and then click OK. 
  9. In the Default Domain [yourdomain.com] Policy console tree, expand the following path:

    User Configuration > Policies > Windows Settings > Internet Explorer Maintenance > Connection 

  10. Double-click Automatic Browser Configuration, clear the Automatically Detect Configuration Settings check box, and then click OK. 
  11. In the Default Domain [yourdomain.com] Policy console tree, expand the following path:

    User Configuration > Policies > Windows Settings > Internet Explorer Maintenance > Security 

  12. Double-click Security Zones and Content Ratings. 
  13. Click Import the current security zones and privacy settings.
  14. Click Continue when prompted, and click Modify Settings. 
  15. In the Internet Properties dialog box, click the Security tab. 
  16. Click Local Intranet, and click Sites. 
  17. In the Add this website to the zone field, enter:

    *.yourdomain.com

  18. Click Add. 
  19. Select the Require server verification (https) for all sites in this zone check box. 
  20. Click Close. 
  21. Click OK. 
 
Last modified
15:51, 18 Jul 2016

Tags

Classifications

Public