I suppose the majority of CAS deployments today sit behind some sort of proxy or load balancer, especially with high-availability requirements in mind. F5, HAProxy, etc. In most setups, the proxy upfront terminates SSL and then hands off the request over to CAS on a secured connection typically on port
8080. While doing this sort of thing with an external servlet container such as Apache Tomcat is perfectly doable and folks have been doing that for ages, this guide aims to demonstrate how one might go about achieving the same result using the embedded Apache Tomcat container that ships with CAS.
We are using the embedded Apache Tomcat container provided by CAS automatically. This is the recommended approach in almost all cases (The embedded bit; not the Apache Tomcat bit) as the container configuration is entirely automated by CAS and its version is guaranteed to be compatible with the running CAS deployment. Furthermore, updates and maintenance of the servlet container are handled at the CAS project level where you as the adopter are only tasked with making sure your deployment is running the latest available release to take advantage of such updates.
So, in order to open up a communication channel between the proxy and the CAS embedded Apache Tomcat server, we want to do the following:
8080, assuming that’s what the proxy uses to talk to CAS.
The above tasklist translates to the following properties expected to be found in your
server.port=8080 server.ssl.enabled=false cas.server.http.enabled=false cas.server.httpProxy.enabled=true cas.server.httpProxy.secure=true cas.server.httpProxy.scheme=https cas.server.httpProxy.protocol=HTTP/1.1
I hope this review was of some help to you. As you have been reading, I can guess that you have come up with a number of missing bits and pieces that would satisfy your use cases more comprehensively with CAS. In a way, that is exactly what this tutorial intends to inspire. Please feel free to engage and contribute as best as you can.