Skip to main content
Version Pentaho
Hitachi Vantara Lumada and Pentaho Documentation

Switch to Central Authentication Service (CAS)

  1. Last updated
  2. Save as PDF

Pentaho integrates with Central Authentication Service (CAS). You must have a CAS server installed and running before you continue.

  1. Stop the BA Server.
  2. Download the cas-client-core-3.1.5.jar and copy it to biserver-ee/tomcat/webapps/pentaho/WEB-INF/lib folder.
  3. Download the spring-security-cas-client-2.0.5.RELEASE.jar and copy it to biserver-ee/tomcat/webapps/pentaho/WEB-INF/lib folder.
  4. Open the pentaho-spring-beans.xml file with any file editor and update it as follows.
    1. Add <import resource="applicationContext-spring-security-cas.xml" /> to the list of imports after all other applicationContext*.xml files.
  5. Open the applicationContext-spring-security-cas.xml file with any file editor and update it as follows.
    1. Change all the references of this URL https://localhost:8443/cas to your working CAS server URL if you are using SSL.
    2. If you are not using Pentaho with SSL, then update references to this URL: http://localhost:8080/pentaho.
    3. Find the bean for casAuthenticationProvider. 
      <bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<property name="userDetailsService">
 <ref bean="userDetailsService" />
</property>
      Change it based on your configuration to the appropriate one as shown below. You must use the publicly available IP address for all URLs in this file. 
      casAuthenticationProvider.MemoryUserDetailsService

      casAuthenticationProvider.hibernateUserDetailsService

      casAuthenticationProvider.jdbcUserDetailsService

      casAuthenticationProvider.ldapUserDetailsService
  6. Add the following in their respective sections to the web.xml. 
    <servlet>
  <servlet-name>casFailed</servlet-name>
  <jsp-file>/jsp/casFailed.jsp</jsp-file>
</servlet>

    <servlet-mapping>
  <servlet-name>casFailed</servlet-name>
  <url-pattern>/public/casFailed</url-pattern>
</servlet-mapping>

    <!--
<listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>  
</listener>
-->
  7. If you are using a self-signed certificate, you must do these steps. If not, follow the instructions in step 8.
    1. For memory only, open the applicationContext-spring-security-memory.xml with a file editor and search for the DaoAuthenticationProvider bean. Add id=authenticationProvider to the bean.
    2. Make sure that SSL is enabled on CAS.
  8. Start the BA Server.

The BA Server is now configured to authenticate users against your central authentication server.