Switch to Central Authentication Service (CAS)
Pentaho integrates with Central Authentication Service (CAS). You must have a CAS server installed and running before you continue.
- Stop the BA Server.
- Download the cas-client-core-3.1.5.jar and copy it to biserver-ee/tomcat/webapps/pentaho/WEB-INF/lib folder.
- Download the spring-security-cas-client-2.0.5.RELEASE.jar and copy it to biserver-ee/tomcat/webapps/pentaho/WEB-INF/lib folder.
- Open the pentaho-spring-beans.xml file with any file editor and update it as follows.
- Add <import resource="applicationContext-spring-security-cas.xml" /> to the list of imports after all other applicationContext*.xml files.
- Open the applicationContext-spring-security-cas.xml file with any file editor and update it as follows.
- Change all the references of this URL https://localhost:8443/cas to your working CAS server URL if you are using SSL.
- If you are not using Pentaho with SSL, then update references to this URL: http://localhost:8080/pentaho.
- Find the bean for casAuthenticationProvider.
<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider"> <property name="userDetailsService"> <ref bean="userDetailsService" /> </property>
Change it based on your configuration to the appropriate one as shown below. You must use the publicly available IP address for all URLs in this file.casAuthenticationProvider.MemoryUserDetailsService
casAuthenticationProvider.hibernateUserDetailsService
casAuthenticationProvider.jdbcUserDetailsService
casAuthenticationProvider.ldapUserDetailsService
- Add the following in their respective sections to the web.xml.
<servlet> <servlet-name>casFailed</servlet-name> <jsp-file>/jsp/casFailed.jsp</jsp-file> </servlet>
<servlet-mapping> <servlet-name>casFailed</servlet-name> <url-pattern>/public/casFailed</url-pattern> </servlet-mapping>
<!-- <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> -->
- If you are using a self-signed certificate, you must do these steps. If not, follow the instructions in step 8.
- For memory only, open the applicationContext-spring-security-memory.xml with a file editor and search for the DaoAuthenticationProvider bean. Add id=authenticationProvider to the bean.
- Make sure that SSL is enabled on CAS.
- Start the BA Server.
The BA Server is now configured to authenticate users against your central authentication server.