Skip to main content
Pentaho Documentation

Switch to Central Authentication Service (CAS)

Pentaho integrates with Central Authentication Service (CAS). You must have a CAS server installed and running before you continue.

  1. Stop the Pentaho Server.
  2. Download the cas-client-core-3.1.10.jar and copy it to pentaho-server/tomcat/webapps/pentaho/WEB-INF/lib folder.
  3. Download the spring-security-cas-client-3.0.8.RELEASE.jar and copy it to pentaho-server/tomcat/webapps/pentaho/WEB-INF/lib folder.
  4. Open the pentaho-spring-beans.xml file with any file editor and update it as follows.
    1. Add <import resource="applicationContext-spring-security-cas.xml" /> to the list of imports after all other applicationContext*.xml files.
  5. Open the applicationContext-spring-security-cas.xml file with any file editor and update it as follows.
    1. Change all the references of this URL https://localhost:8443/cas to your working CAS server URL if you are using SSL.
    2. If you are not using Pentaho with SSL, then update references to this URL: http://localhost:8080/pentaho.
    3. Find the bean for casAuthenticationProvider.
      <bean id="casAuthenticationProvider"
      class="org.springframework.security.providers.cas.CasAuthenticationProvider">
      <property name="userDetailsService">
       <ref bean="userDetailsService" />
      </property>
      
      Change it based on your configuration to the appropriate one as shown below. You must use the publicly available IP address for all URLs in this file.
      casAuthenticationProvider.MemoryUserDetailsService
      
      casAuthenticationProvider.hibernateUserDetailsService
      
      casAuthenticationProvider.jdbcUserDetailsService
      
      casAuthenticationProvider.ldapUserDetailsService
  6. Add the following in their respective sections to the web.xml file located at:  C:\Pentaho\server\pentaho-server\tomcat\webapps\pentaho\WEB-INF\web.xml 
    <servlet>
      <servlet-name>casFailed</servlet-name>
      <jsp-file>/jsp/casFailed.jsp</jsp-file>
    </servlet>
    
    <servlet-mapping>
      <servlet-name>casFailed</servlet-name>
      <url-pattern>/public/casFailed</url-pattern>
    </servlet-mapping>
    
    <!--
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>  
    </listener>
    -->
    
  7. If you are using a self-signed certificate, you must do these steps. If not, follow the instructions in step 8.
    1. For memory only, open the applicationContext-spring-security-memory.xml with a file editor and search for the DaoAuthenticationProvider bean. Add id=authenticationProvider to the bean.
    2. Make sure that SSL is enabled on CAS.
  8. Start the Pentaho Server.

The Pentaho Server is now configured to authenticate users against your central authentication server.