Skip to main content
Pentaho Documentation

Switch to Central Authentication Service (CAS)

You can integrate Pentaho with Central Authentication Service (CAS). You must have a CAS server installed and running before you continue.

Perform the following steps to integrate Pentaho with CAS.

  1. Stop the Pentaho Server.
  2. Download the following files and copy them to the  pentaho-server/tomcat/webapps/pentaho/WEB-INF/lib directory.
  3. Navigate to the pentaho-server/pentaho-solutions/system directory and open the pentaho-spring-beans.xml file with any text editor. 
    1. Add the  <import resource="applicationContext-spring-security-cas.xml"/> to the list of imports after all the other applicationContext*.xml files.
    2. Save and close the file.
  4. Navigate to the pentaho-server/pentaho-solutions/system directory and open the applicationContext-spring-security-cas.xml file with any text editor. Update the file as follows:

    You must use the publicly available IP address for all URLs in this file.

    1. If you are using Pentaho with SSL, then update the references for  https://localhost:8443/cas to your working CAS server URL. If you are not using Pentaho with SSL, then update the references for http://localhost:8080/pentaho to your working CAS server URL.
    2. Locate the bean containing the ID for casAuthenticationProvider.
      <bean id="casAuthenticationProvider"
      class="org.springframework.security.providers.cas.CasAuthenticationProvider">
      <property name="userDetailsService">
       <ref bean="userDetailsService" />
      </property>
      
    3. Change the bean ID based on your configuration to the appropriate one as shown below.
casAuthenticationProvider.MemoryUserDetailsService
casAuthenticationProvider.hibernateUserDetailsService
casAuthenticationProvider.jdbcUserDetailsService
casAuthenticationProvider.ldapUserDetailsService
  1. Save and close the file.
  1. Navigate to the pentaho-server/tomcat/webapps/pentaho/WEB-INF directory and open the web.xml file.
    1. Add the following lines to their respective sections in the file:  
      <servlet>
        <servlet-name>casFailed</servlet-name>
        <jsp-file>/jsp/casFailed.jsp</jsp-file>
      </servlet>
      
      <servlet-mapping>
        <servlet-name>casFailed</servlet-name>
        <url-pattern>/public/casFailed</url-pattern>
      </servlet-mapping>
      
      <listener>
          <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>  
      </listener>
      
    2. Save and close the file.
  2. If you are using a self-signed certificate, perform the following steps. If you are not using a self-signed certificate, start the Pentaho Server now.
    1. For CAS authentication providers using memory-based methods only, open the applicationContext-spring-security-memory.xml file with a text editor.
    2. Search for the DaoAuthenticationProvider bean and add the id=authenticationProvider to the bean, as follows:  
<bean class="org.springframework.security.authentication.dao.DaoAuthenticationProvider" id=authenticationProvider >
  1.  Make sure that SSL is enabled on CAS. 
  1. Start the Pentaho Server.

The Pentaho Server is now configured to authenticate users against your central authentication server.