Configuración

Configuración del filtro

/opt/jdk1.5/bin/keytool -import -keystore /opt/jdk1.5/jre/lib/security/cacerts -file sslCASTesting.crt -alias sslCAS

Agregar en /opt/tomcat/webapps/pentaho/WEB-INF/web.xml

<filter>
        <filter-name>CASFilter</filter-name>
        <filter-class>
                edu.yale.its.tp.cas.client.filter.ValidateTicketsCASFilter
        </filter-class>
        <init-param>
                <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
                <param-value>https://cas.customer.com.ar/cas/login</param-value>
        </init-param>
        <init-param>
                <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
                <param-value>
                        https://cas.customer.com.ar/cas/proxyValidate
                </param-value>
        </init-param>
        <init-param>
                <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
                <param-value>
                       pentaho.customer.com.ar/pentaho/
                </param-value>
        </init-param>
        <init-param>
                <param-name>
                        edu.yale.its.tp.cas.client.filter.authorizedProxy
                </param-name>
                <param-value>https://cas.customer.com.ar/cas/</param-value>
        </init-param>
        <init-param>
                <param-name>
                        edu.yale.its.tp.cas.client.filter.wrapRequest
                </param-name>
                <param-value>true</param-value>
        </init-param>
        <init-param>
                <param-name>edu.yale.its.tp.cas.proxyUrl</param-name>
                <param-value>
                        https://cas.customer.com.ar/cas/proxy
                </param-value>
        </init-param>
        <init-param>
                <param-name>edu.yale.its.tp.cas.client.filter.casCase</param-name>
                <param-value>false</param-value>
        </init-param>
        <init-param>
                <param-name>
                        edu.yale.its.tp.cas.client.filter.aplicationLoginUrl
                </param-name>
                <param-value>
                        https://cas.customer.com.ar/cas/aplicationLogin
                </param-value>
        </init-param>
</filter>

  <filter-mapping>
        <filter-name>CASFilter</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

Cambiar

  <filter>
    <filter-name>Acegi Filter Chain Proxy</filter-name>
    <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
    <init-param>
      <param-name>targetClass</param-name>
      <param-value>org.acegisecurity.ui.cas.CasProcessingFilter</param-value>
    <!--
      <param-name>targetBean</param-name>
      <param-value>filterChainProxy</param-value>
    -->
    </init-param>
  </filter>

Agregar

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-acegi.xml
</param-value>
</context-param>

Crear /opt/tomcat/webapps/pentaho/WEB-INF/spring-acegi.xml

#Pegar

Configuración del Pentaho

ATENCION: The SSO enable script is a feature of Management Services, included in a Pentaho subscription. http://forums.pentaho.org/showthread.php?t=57983

Referencias

CAS

• JA-SIG Central Authentication Service
  • CAS User Manual
  • Server Deployment
  • Proxy CAS Walkthrough
• Spring Security

Pentaho

• Pentaho Security
• Authentication from Third-Party Applications
• What does the login process look like? On the servlet side? On the portlet side?

• Single Sign-On
• Security Wiki page
• Running Single Sign-on enable script for tomcat-liferay bundle

Tomcat / CAS

Forum

• Single sign on help?
• Enabling Single Sign On with CAS and ACEGI Feature Requests

Misc

Howto para hacerlo con portal

• Enabling Single Sign On with CAS and JBoss Portal (first step)
• Enabling Single Sign On with CAS and JBoss Portal (second step)
• Enabling Single Sign On with CAS and JBoss Portal (last step)