Skip to main content
Hitachi Vantara Lumada and Pentaho Documentation

Switch to Central Authentication Service (CAS)

Pentaho integrates with Central Authentication Service (CAS). You must have a CAS server installed and running before you continue.

  1. Stop the BA Server.
  2. Download the cas-client-core-3.1.5.jar and copy it to biserver-ee/tomcat/webapps/pentaho/WEB-INF/lib folder.
  3. Download the spring-security-cas-client-2.0.5.RELEASE.jar and copy it to biserver-ee/tomcat/webapps/pentaho/WEB-INF/lib folder.
  4. Open the pentaho-spring-beans.xml file with any file editor and update it as follows.
    1. Add <import resource="applicationContext-spring-security-cas.xml" /> to the list of imports after all other applicationContext*.xml files.
  5. Open the applicationContext-spring-security-cas.xml file with any file editor and update it as follows.
    1. Change all the references of this URL https://localhost:8443/cas to your working CAS server URL if you are using SSL.
    2. If you are not using Pentaho with SSL, then update references to this URL: http://localhost:8080/pentaho.
    3. Find the bean for casAuthenticationProvider and change the ref bean for userDetailService to match your configuration.
      <bean id="casAuthenticationProvider"
      <property name="userDetailsService">
       <ref bean="userDetailsService" />
      You must use the publicly available IP address for all URLs in this file.
      Configuration Examples:
  6. Add the following in their respective sections to the web.xml file located at:  C:\Pentaho\server\biserver-ee\tomcat\webapps\pentaho\WEB-INF\web.xml:
  7. If you are using a self-signed certificate, you must do these steps. If not, follow the instructions in step 8.
    1. For memory only, open the applicationContext-spring-security-memory.xml with a file editor and search for the DaoAuthenticationProvider bean. Add id=authenticationProvider to the bean.
    2. Make sure that SSL is enabled on CAS.
  8. Start the BA Server.

The BA Server is now configured to authenticate users against your central authentication server.