CAS is an authentication system that was originally created at Yale University. It is a widely-used open source single sign-on solution, and was the first SSO product to  be supported by Liferay.

The CAS Server application requires a properly configured Secure Socket Layer certificate on your server in order to work.

If you wish to generate one yourself, you will need to use the keytool utility that comes with the JDK. Your first step is to generate the key. Next, you export the key into a file. Finally, you import the key into your local Java key store.

Setting up CAS server

Step 1:

1. Download cas-web.war

   ( copy from http://www.liferay.com/web/guest/downloads or

   http://www.ja-sig.org/products/cas/downloads/index.html )

2. Download cas-client.jar ( cas-client-2.0.11)

( copy from http://www.ja-sig.org/products/cas/downloads/index.html )

Step 2:

1. Copy cas-web.war file into tomcat\webapps

2. Copy cas-client.jar file into tomcat\webapps\ROOT\WEB-INF\lib

Step 3:

1. Edit server.xml ( tomcat/conf/server.xml)

2. uncomment this part :

 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

maxThreads="150" scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS" />

Generate the SSL cert with Java keytool

Step 1 :

Go to tomcat/webapps/Root in command prompt, enter the command:

 keytool -genkey -alias tomcat -keypass changeit -keyalg RSA

Note: Be sure to use the keytool that comes with the Java VM (%JAVA_HOME%/jre/bin/keytool), as on some systems the default points to the GNU version of keytool, where the two seem incompatible.

Step 2:

Answer the questions in command prompt : (note that your firstname and lastname MUST be hostname of your server and cannot be a IP address; this is very important as an IP address will fail client hostname verification even if it is correct)

 Enter keystore password:  changeit
 What is your first and last name?
 [Unknown]:  localhost
 What is the name of your organizational unit?
 [Unknown]:
 What is the name of your organization?
 [Unknown]:
 What is the name of your City or Locality?
 [Unknown]:
 What is the name of your State or Province?
 [Unknown]:
 What is the two-letter country code for this unit?
 [Unknown]:
 Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
 [no]: yes 

Step 3: Then enter the command:

 keytool -export -alias tomcat -keypass changeit -file %FILE_NAME% 

I use server.cert for %FILE_NAME%. This command exports the cert you generated from your personal keystore (In windows your personal keystore is in C:\Documents and Settings\<username>\.keystore)

Step 4: Then enter the command:

Finally import the cert into Java's keystore with this command. Tomcat uses the keystore in your JRE (%JAVA_HOME%/jre/lib/security/cacerts)

 keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit -keystore "C:/Program Files/ Java/jdk1.6/jre/lib/security/cacerts"

SETUP in properties File

 system-ext.properties

    #
    # The CAS filter will redirect the user to the CAS login page for SSO. See
    # [http://www.ja-sig.org/products/cas] for more information.
    #
    com.liferay.filters.sso.cas.CASFilter=true

  portal-ext.properties

Put this in portal-ext.properties.

 ##
 ## Auto Login
 ##
  #auto.login.hooks=com.liferay.portal.security.auth.BasicAutoLogin
 auto.login.hooks=com.liferay.portal.security.auth.BasicAutoLogin,com.liferay.portal.security.auth.CASAutoLogin

Comment the first auto.login.hooks property and uncomment the second to add CASAutoLogin to the list of AutoLogin implementations.

Startup the CAS server

Start tomcat and click Sign-In from Dock Menu . It will redirect to CAS server page as follows:

(Access CAS with https://localhost:8443/cas-web/login You should see the CAS login screen and no errors in your catalina logs. )