Running the Single Sign-On Enable Script
Note: This script was tested on CAS 3.3.3, Spring Security 2.0.5, and CAS client 3.1.5.
While enabling single sign-on (SSO) via CAS in the platform is quite involved, Pentaho has created a script that handles most of the task of enabling SSO via CAS for you.
Warning: The SSO enable script modifies various files within a your Pentaho BI Platform installation. There is no "undo" script. Make backups first!
Requirements
Enterprise Edition only: This feature is not included in the Community Edition release.
Manual deployments only: You can only enable single sign-on by building the pentaho.war from the manual deployments package. SSO is not available through the BI Suite graphical installation utility, or through the pre-configured zip and tar.gz archive packages.
Apache Ant
The SSO enable script is an Apache Ant script. You will need to download and install Ant.
Locating the script
In your Pentaho download, you should have a directory called pentaho-sso
. In this directory, you will find the main SSO enable script, along with support files. Below is a overview of those directories and files.
Name |
Description |
---|---|
|
Various new resources required by the Pentaho BI Platform. |
|
New JARs required by the Pentaho BI Platform. |
|
JARs used during the SSO enable process. |
|
A properties file containing settings which affect the script behavior. |
|
The SSO enable script. |
Configuring the script
CAS Settings
Most of these are CAS server URLs used by clients ("services" in CAS terminology) of the CAS server.
Property |
Description |
Required |
Sample Value |
---|---|---|---|
|
Security back-end that CAS should use. Valid values are |
|
|
|
CAS login URL. |
|
|
|
CAS ticket validator URL. |
|
|
|
CAS logout URL. A |
|
|
|
URL under which all CAS services reside. |
 |
{{ https://localhost:8443/cas}} |
* This is default security back-end for the Pentaho BI Server.
Pentaho Settings
These are "service" URLs that serve as callbacks from CAS server into Pentaho.
Property |
Description |
Required |
Sample Value |
---|---|---|---|
|
Processes CAS callback. |
|
|
|
URL to go to after CAS logout. |
|
|
|
Path to pentaho-solutions/system. |
 |
 |
|
Path to webapp lib directory. |
 |
 |
|
Path (including filename) of webapp's web.xml. |
 |
 |
|
Path (including filename) of new applicationContext-spring-security-cas.xml. |
 |
 |
|
Path to directory containing webapp's JSPs. |
 |
 |
|
Path (including filename) of pentaho-spring-beans.xml. |
 |
 |
|
Service base URL. |
 |
{{ http://localhost:8080/pentaho}} |
|
Webapp exploded WAR directory. |
 |
 |
|
Path to webapp's WEB-INF directory. |
 |
 |
Running the script
Warning: The SSO enable script modifies various files within a your Pentaho BI Platform installation. There is no "undo" script. Make backups first!
There are plenty of Ant targets available in the SSO enable script. However, only a couple are appropriate to run directly. The table below outlines the callable targets.
Ant Target |
Description |
---|---|
|
Default target. Displays help information. |
|
Modifies the Pentaho BI Platform to use CAS for authentication. |
To run the script:
ant -f sso-replacements.xml sso-pentaho