Step-by-Step Guide to Setting Up CAS Single Sign-On (SSO) with Java Backend
This tutorial explains what SSO and CAS are, outlines the required development environment, walks through downloading, building, and deploying the CAS Server, shows how to configure the server and client (including disabling HTTPS for testing), and demonstrates successful cross‑application authentication with code examples.
1. Overview: Single Sign‑On (SSO) allows users to log in once and access multiple trusted applications. CAS (Central Authentication Service) is an open‑source SSO solution originally created by Yale.
2. Features of CAS: open‑source enterprise‑grade SSO, separate CAS Server for deployment, CAS Client supports many languages (Java, .Net, PHP, Ruby, etc.).
3. Architecture: CAS consists of a Server component handling authentication and a Client component protecting resources, redirecting unauthenticated requests to the Server.
4. Development environment: JDK 1.8+, Maven 3.6, IntelliJ IDEA, Tomcat 9+, Windows 10.
5. CAS Server setup: download the overlay package cas-overlay-template-5.3.zip from the GitHub repository, unzip and run build.cmd package to generate the WAR file, then deploy the WAR to Tomcat’s webapps directory and start Tomcat. Access http://localhost:8080/cas or http://localhost:8080/cas/login. Default credentials are casuser / Mellon (found in \webapps\cas\WEB-INF\classes\application.properties).
6. Disable HTTPS for development: edit \cas\WEB-INF\classes\application.properties to set cas.tgc.secure=false and cas.serviceRegistry.initFromJson=true. Modify the service definition JSON ( HTTPSandIMAPS-10000001.json) to allow http URLs.
7. CAS Client configuration: add the dependency
<dependency>
<groupId>net.unicon.cas</groupId>
<artifactId>cas-client-autoconfig-support</artifactId>
<version>2.1.0-GA</version>
</dependency>and configure application.yml with server ports and CAS URLs for each client (e.g., ports 9010 and 9011). Annotate the Spring Boot main class with @EnableCasClient. Create simple test controllers returning strings.
8. Testing: start the CAS Server, then start both client applications. Access http://localhost:9010/test1 and http://localhost:9011/test2. After logging in through one client, the other client is automatically authenticated without additional login, demonstrating successful SSO.
9. The article concludes with screenshots of the login flow and a note encouraging readers to like the post if they found it helpful.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Architecture Digest
Focusing on Java backend development, covering application architecture from top-tier internet companies (high availability, high performance, high stability), big data, machine learning, Java architecture, and other popular fields.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.