Apereo CAS publishes Docker images typically for every release. The docker images that are hosted on Docker Hub are mostly meant to be used as quickstarts and demos and might be paticularly useful for integration tests, application developers, or those who wish to build client libraries for a given framework. You may also be able to use them as base images to add your customizations into the image. In this post, we will take a brief look at how one might be able to pull and run such containers and configure them for appropriate use.
Our starting position is based on the following:
6.5.x
A dockerized CAS deployment is an existing CAS overlay project that is wrapped by Docker. Similar to the overlay project, the Docker image also ships with an embedded Apache Tomcat container that would host CAS, and expects to run on a secure port backed by a configured keystore. Prior to running the Docker image, you need to create and configure keystore first.
This can be done using the following docker.sh
script:
#!/bin/bash
if [[ -z "${CAS_KEYSTORE}" ]] ; then
keystore="$PWD"/thekeystore
echo -e "Generating keystore for CAS Server at ${keystore}"
dname="${dname:-CN=localhost,OU=Example,OU=Org,C=US}"
subjectAltName="${subjectAltName:-dns:example.org,dns:localhost,ip:127.0.0.1}"
[ -f "${keystore}" ] && rm "${keystore}"
keytool -genkey -noprompt -alias cas -keyalg RSA \
-keypass changeit -storepass changeit \
-keystore "${keystore}" -dname "${dname}"
[ -f "${keystore}" ] && echo "Created ${keystore}"
export CAS_KEYSTORE="${keystore}"
else
echo -e "Found existing CAS keystore at ${CAS_KEYSTORE}"
fi
docker stop casserver || true && docker rm casserver || true
echo -e "Mapping CAS keystore in Docker container to ${CAS_KEYSTORE}"
docker run --rm -d \
--mount type=bind,source="${CAS_KEYSTORE}",target=/etc/cas/thekeystore \
-p 8444:8443 --name casserver apereo/cas:6.5.4
docker logs -f casserver &
echo -e "Waiting for CAS..."
until curl -k -L --output /dev/null --silent --fail https://localhost:8444/cas/login; do
echo -n .
sleep 1
done
echo -e "\nCAS Server is running on port 8444"
echo -e "\n\nReady!"
The script attempts to execute the following tasks:
8443
to the host port 8444
.docker logs
command.https://localhost:8444/cas/login
6.5.4
, you may be able to use any other CAS version as the base Docker image for your tests. Previous release lines and CAS versions should continue to work in exactly the same way.The running CAS instance inside the container can pick up its own settings using a variety of ways, one of which would be using the SPRING_APPLICATION_JSON
environment variable that is parsed and understood by Spring Boot. This environment variable may contain an inlined JSON document to pass properties and settings to the application.
We can define the contents of SPRING_APPLICATION_JSON
to handle the following:
debug
so we can get more details from the running CAS web application.SSO_COOKIE
.These options translate to the following structure:
properties='{
"logging": {
"level": {
"org.apereo.cas": "debug"
}
},
"cas": {
"tgc": {
"name": "SSO_COOKIE"
},
"service-registry": {
"core": {
"init-from-json": true
},
"schedule": {
"enabled": false
}
}
}
}'
properties=$(echo "$properties" | tr -d '[:space:]')
echo -e "***************************\nCAS properties\n***************************"
echo "${properties}" | jq
At this stage, we can pass the SPRING_APPLICATION_JSON
environment variable to the running Docker container and have it pick up our properties:
docker run --rm -d \
--mount type=bind,source="${CAS_KEYSTORE}",target=/etc/cas/thekeystore \
-e SPRING_APPLICATION_JSON="${properties}" \
-p 8444:8443 --name casserver apereo/cas:6.5.4
If you have questions about the contents and the topic of this blog post, or if you need additional guidance and support, feel free to send us a note and ask about consulting and support services.
I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please feel free to engage and contribute as best as you can.
Monday-Friday
9am-6pm, Central European Time
7am-1pm, U.S. Eastern Time
Monday-Friday
9am-6pm, Central European Time