Tutorial: https://www.baeldung.com/spring-security-cas-sso
Cloning repo with submodule:
git clone --recursive [URL]If you already have the repo but not its submodule (--recursive is for all the sub-submodule):
git submodule update --init --recursiveYou can download multiple ones at the same time by adding --jobs 8 or -j 8 (8 being the number of repos pulled at the same time) flag to the previous command.
Pulling for repo plus submodule:
git pull --recursive-submodulesPulling all changes for the submodules:
git submodule update --remoteExecuting a command on every submodule:
git submodule foreach 'git reset --hard'
# With nested submodules:
git submodule foreach --recursive 'git reset --hard'You can move the configurations with this command (by default it gets it from cas-server/etc/cas/config):
./gradlew copyCasConfigurationNote: The specifics of the build are controlled using the
gradle.propertiesfile.
This is the code that is run (cas-server/gradle/tasks.gradle):
task copyCasConfiguration(type: Copy, group: "CAS",
description: "Copy the CAS configuration from this project to /etc/cas/config") {
from "etc/cas/config"
into new File('/etc/cas/config').absolutePath
doFirst {
new File('/etc/cas/config').mkdirs()
}
}Add the CAS server:
git submodule add https://github.com/apereo/cas-overlay-template.git cas-serverIn build.gradle add in dependencies:
implementation "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"In cas-server/src/main/resources add:
server.port=8443
spring.main.allow-bean-definition-overriding=true
server.ssl.key-store=classpath:/etc/cas/thekeystore
server.ssl.key-store-password=changeitIn cas-server/src/main/resources:
mkdir -p /etc/cas/configIn this new created directory cas-server/src/main/resources/etc/cas/config (for each question put in localhost to avoid SSL handshake error,):
keytool -genkey -keyalg RSA -alias thekeystore -keystore thekeystore -storepass changeit -validity 360 -keysize 2048Make sure echo $JAVA11_HOME is not empty if it is then to this:
export JAVA11_HOME=$(dirname $(dirname $(readlink -f $(which javac))))The next step here is to import thekeystore that was just generated (in the tutorial the destination is $JAVA11_HOME/jre/lib/security/cacerts but for me there is no jre... you might need to verify. The security/cacerts directories should already exist) (FYI: the password it asking is: changeit):
keytool -importkeystore -srckeystore thekeystore -destkeystore $JAVA11_HOME/lib/security/cacertsThen you can run it:
./gradlew run -Dorg.gradle.java.home=$JAVA11_HOMEOnce it says READY you can then go to: https://localhost:8443/ WARNING! By default they are no username or password. You will need to continue to the next section to set that up.
In cas-server/etc/cas/ add the directory config.
mkdir -p cas-server/etc/cas/configInside that new directory create: cas.property file
In cas.property add (this will be a username and password because by default they are none):
cas.authn.accept.users=casuser::Mellon./gradlew run -Dorg.gradle.java.home=$JAVA11_HOME -Pargs="-Dcas.standalone.configurationDirectory=/cas-server/src/main/resources/etc/cas/config"Once READY go to : https://localhost:8443
And login with:
- username: casuser
- password: Mellon
Note: You can find some interesting details about CAS settings in the
config-metadata.propertiesthat you can generate:./gradlew exportConfigMetadata(Warning! The file is pretty big).
You may need to adjust the total number of {@code inotify} instances. On Linux, you may need to add the
following line to /etc/sysctl.conf: fs.inotify.max_user_instances = 256.
You can check the current value via
cat /proc/sys/fs/inotify/max_user_instancessudo sysctl -n fs.inotify.max_user_instances
Change it:
vim /etc/sysctl.confsudo sysctl -w fs.inotify.max_user_instances=256
To reload after you modified in the config file:
sudo sysctl -p