Before the SAML client application can be used, the the updated CAS server configuration files must be installed. Then everything can be tested by accessing the “public” part of the client application web site and then clicking on the link to the “secure” section. At that point, the browser should be redirected to the CAS server, where upon successful authentication the secure content, including the values of the attributes, will be displayed.
Because both the load balancer and the CAS server use cookies, it’s usually best to perform testing with an “incognito” or “private browsing” instance of the web browser that deletes all cookies each time it is closed.
Install and test on the master build server
Use the scripts created earlier (or repeat the commands) to install the updated CAS configuration files on the master build server (casdev-master):
casdev-master# sh /opt/scripts/cassrv-tarball.sh
casdev-master# sh /opt/scripts/cassrv-install.sh
---Installing on casdev-master.newschool.edu
Installation complete.
casdev-master#
Review the contents of the log files (/var/log/tomcat/catalina.yyyy-mm-dd.out
and /var/log/cas/cas.log
) for errors.
Install on the CAS servers
Once everything is running correctly on the master build server, it can be copied to the CAS servers using the scripts created earlier:
casdev-master# sh /opt/scripts/cassrv-tarball.sh
casdev-master# for host in srv01 srv02 srv03
> do
> scp -p /tmp/cassrv-files.tgz casdev-${host}:/tmp/cassrv-files.tgz
> scp -p /opt/scripts/cassrv-install.sh casdev-${host}:/tmp/cassrv-install.sh
> ssh casdev-${host} sh /tmp/cassrv-install.sh
> done
casdev-master#
Shut down all but one of the pool servers
Operating CAS with a pool of servers instead of a single server requires special configuration. Because that configuration hasn’t been completed yet, testing must be performed against a single server. Therefore, the other servers in the pool should be shut down so that the load balancer will direct all traffic to that single server. Run the command
# systemctl stop tomcat
on all but one of the CAS servers (casdev-srvXX) to temporarily take those servers out of the pool.
Access the public site
Open up a web browser (in “incognito” or “private browsing” mode) and enter the URL of the SAML-enabled web site:
https://casdev-samlsp.newschool.edu/
The contents of /var/www/html/index.php
should be displayed, looking something like this:
Access the secure area
Click on the “here” link to access the secure content, and you will be redirected to the CAS server login page, as shown below:
Note that the contents of the name
field from the service registry are displayed at the top of the right-hand column; make sure that Apache Secured by SAML
is displayed here. Enter a valid username and password (Active Directory or LDAP) that is also registered with Duo and, upon successful authentication, the contents of /var/www/html/secured-by-saml/index.php
will be displayed:
Restart the pool servers
One testing is complete, run the command
# systemctl start tomcat
on each of the pool servers shut down previously.