Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Web Help Desk (WHD) > Web Help Desk authentication with CAS 2.0

Web Help Desk authentication with CAS 2.0

Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 14 Votes: 0 Revisions: 17

CAS 2.0 is a protocol that supports SSO. CAS server is deployed into Tomcat and endpoints to this service are set in Web Help Desk (WHD). WHD uses these endpoints to authenticate the client according to the user’s Windows login credentials.

You can deploy your CAS server into Apache Tomcat on Web Help Desk (see Section A) or your own server (see Section C).

A. Install CAS2.0 server in the Web Help Desk server

  1. Download the ZIP file at http://www.jasig.org/cas/download.
  2. Extract the files.
  3. Stop the Web Help Desk server.
  4. From the /module directory, copy cas-server-webapp-3.5.2.war into your Tomcat deployment.<whd>/bin/webapps"</whd>
  5. Rename cas-server-webapp-3.5.2.war to cas.war.
  6. Start the Web Help Desk server. 

    CAS2.0 is now accessible from https://webhelpdesk:port/cas.

You should have the HTTPS port enabled on Tomcat. If SSL is enabled, skip section B and go on to section C.

B. Enable SSL on Web Help Desk

  1. Uncomment HTTPS_PORT=443.
  2. Using Portecle, create a new certificate and insert it into <whd>/conf/keystore.jks.
  3. Make sure that the certificate CN is set to FQDN of WHD server.
  4. Restart Web Help Desk. 

C. Open the https://webhelpdesk: port

  1. Go to Setup > General > Authentication.
  2. Select Authentication Method: CAS2.0.
  3. Set the following endpoints and certificate (ask your local administrator for details).
    • CAS login URL: https://fqdn:port/cas/login
    • CAS validate URL: https://fqdn:port/cas/serviceValidate
    • Verification certificate: use certificate which uses CAS for signing the responses (in case of using WHD's Tomcat, its certificate from keystore.jks).
    • Logout URL: https://fqdn:port/cas/logout
  4. Save your changes.

    You can now log in using CAS 2.0.

(Optional) Configure a GPO to Push Internet Explorer settings

  1. Log on to the domain with a Domain Administrator account.
  2. Click Start and select Run.
  3. Type mmc, and then click OK.
  4. In the File menu, click Add/Remove Snap-In, and then click Add.

    The Add or Remove Snap-Ins dialog box opens.

  5. In Available snap-ins, scroll down to and double-click Group Policy Management Editor, and then click OK.

    The Group Policy Wizard opens.

  6. In Select Group Policy Object, click Browse.

    The Browse for a Group Policy Object dialog box opens.

  7. In Domains, OUs, and linked Group Policy Objects, click Default Domain Policy, and then click OK.
  8. Click Finish, and then click OK.
  9. In the Default Domain [yourdomain.com] Policy console tree, expand the following path:

    User Configuration > Policies > Windows Settings > Internet Explorer Maintenance > Connection

  10. Double-click Automatic Browser Configuration, clear the Automatically Detect Configuration Settings check box, and then click OK.
  11. In the Default Domain [yourdomain.com] Policy console tree, expand the following path:

    User Configuration > Policies > Windows Settings > Internet Explorer Maintenance, Security

  12. Double-click Security Zones and Content Ratings,
  13. Click Import the current security zones and privacy settings.
  14. When prompted, click Continue.
  15. Click Modify Settings.
  16. In the Internet Properties dialog box, click the Security tab, click Local Intranet icon, and then click Sites.
  17. In the Local Internet dialog box, in Add this website to the zone type*.yourdomain.com, click Add.
  18. Select the Require server verification (https) for all sites in this zone.
  19. Click Close, and then click OK.
Last modified

Tags

Classifications

Public