CAS with Pentaho Community Edition

-
In this week I integrate one of the most useful feature i.e. CAS (Single Sign on) with the help my collegue and online user community.

So with my boss’ blessing, I decided to document what I had to do to make this work in the spirit of giving back to the community. Plus with the rising awareness of the benefits of BI even for small to medium corporations, I have no doubt that this information would be useful for someone somewhere.

The need

1) CAS Server
2) Pentaho BI 3.x server (Community Edition)
3) Install certificate

IMPLEMENTATION OF CAS CLIENT IN PENTAHO BI SERVER

1) \biserver-ce\pentaho-solutions\system\applicationContext-spring-security.xml

make changes in applicationContext file for CAS Client.

and add following jars in biserver-ce\tomcat\webapps\pentaho\WEB-INF\lib folder

1) spring-security-cas-client-2.0.5.RELEASE.jar
2) cas-client-core-3.1.10.jar

After added jars and configuration in applicationContext file then install certificate

step-1) download and copy InstallCert.java file in PC where Pentaho BI server install
step-2) compile InstallCert.java
step-3) run InstallCert.java (java InstallCert casservername(e.g. cas.abccompany.com/login) )


Well, this tutorial has already taken several hours to write and edit.
I hope I pointed out some of the things that made integration with BI more clear for you. Have fun !

reference :- http://wiki.pentaho.com/display/ServerDoc2x/Authentication+2.x-3.0.x
http://infocenter.pentaho.com/help/index.jsp?topic=%2Fsecurity_guide%2Ftask_auth_cas_sso.html

http://blog.datamensional.com/2011/07/pentaho-sso-setup-using-cas-and-ldap/

http://forums.pentaho.com/showthread.php?144226-Single-Sign-Out-with-CAS

https://vienergie.wordpress.com/2014/07/27/pentaho-sso-setup-using-cas-and-ldap/

Comments

  1. Fausto BuscemaMay 2, 2011 at 9:27 AM

    Really intresting, can you add others details, in order to perform 8443 web deploy and cas reading LDAP auth.
    Thanks.

    ReplyDelete
  2. JavierJune 29, 2011 at 12:55 PM

    thanks for the howto.
    I have cas configured with liferay and now wanted to add it to pentaho. I followed steps 1 and 2 and when I go to the pentaho addess I get the CAS login.
    But after I login I get this error:

    java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

    I'm guessing it has to do that I didn't do step 3 of your howto; but I don't understand those instructions. Could you help me here?
    (During CAS installation I did the cert part with keytool)

    Thanks!!

    ReplyDelete
  3. Nilesh PatilJuly 31, 2011 at 10:05 PM

    Sorry for late reply..

    Please go through following link

    http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java

    ReplyDelete
  4. Nilesh PatilAugust 3, 2011 at 12:11 AM

    Dear Fausto,

    for ldap please go through the following blog

    http://blog.datamensional.com/2011/07/pentaho-sso-setup-using-cas-and-ldap/

    ReplyDelete
  5. HarshOctober 5, 2011 at 4:55 AM

    Hi,
    I did starting 2 steps but confused about the third step. I have this structure of my BiServer

    /home/letsbut071/Desktop/pentaho_new/biserver-ce-3.8.0-stable/biserver-ce

    1. now i am not able to undestand where to put the Installcert.java

    2. what is the run command exactly..means how to give arguments

    i am trying java InstallCert http://localhost:8080/cas/login

    since i am runing this on local machine ..so cas url must be
    http://localhost:8080/cas/login
    when type this url on screen it gives the login screen .. so waht is the netId and pass for this.

    now in applicationContext.xml we do have urls





















    so waht is this url.

    Please help me for this i am stuck over here.

    Thanks,
    harsh

    ReplyDelete
  6. Nilesh PatilOctober 6, 2011 at 11:07 PM

    Dear Harsh,

    Please add your InstallCert.java file in C:\Program Files\Java\jdk1.5.0_07\bin where Java installed.

    Compile and run InstallCert through CMD...
    e.g.
    C:\Program Files\Java\jdk1.5.0_07\bin\java InstallCert casservername(e.g. cas.abccompany.com/login

    ReplyDelete
  7. HarshOctober 9, 2011 at 11:16 PM

    Hi Nilesh,

    Thanks for the reply..but i am still stuck here..
    I am running and testing cas on local machine for pentaho sso. For tat i did these steps:

    1. download cas ..build dist .put the war in tomcat folder on pentaho.
    2. downloaded the appliactionContext file according of ur blob. Here i have one doubt in that file
    there are two entries













    and







    so what is this url?????????? is it the url for cas for exampel i m running on local so i should put it as http://localhost:8080/cas/

    3. Since i m working on ubuntu
    so i put InstallCert.java file in /usr/lib/jvm/java-6-sun/bin.

    now next doubt is as i just explained i am runnign cas on local so what would be the commdn to run
    InstallCert.java

    what i am runnign is java InstallCert http://localhost:8080/cas/login

    and it is giving error...

    please help me out to get it resolved..

    Thanks
    Harsh

    ReplyDelete
  8. HarshOctober 10, 2011 at 12:03 AM

    hi,
    when i run this commad it gives the error

    cMD :- java InstallCert localhost:8080 cas/login

    Exception in thread "main" java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at InstallCert.main(InstallCert.java:81)
    Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
    ... 3 more


    and

    ReplyDelete
    Replies
    1. AnonymousJune 14, 2013 at 11:23 AM

      use the same pass always in the proccess to generate the certificate with keytool.

      Delete
  9. HarshOctober 10, 2011 at 12:05 AM

    hi Nilesh,

    and when i statrt pentaho adding the given applicationContext-spring.xml
    i face one more problem:-
    Caused by: org.springframework.beans.factory.CannotLoadBeanClassException: Error loading class [org.springframework.security.ui.cas.CasProcessingFilter] for bean with name 'casProcessingFilter' defined in file [/home/letsbut071/Desktop/pentaho_new/biserver-ce-3.8.0-stable/biserver-ce/pentaho-solutions/system/applicationContext-spring-security.xml]: problem with class file or dependent class; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/ui/AbstractProcessingFilter

    please provide me the step by step solution for all the road blocks..

    Thanks in anticipation.


    Harsh

    ReplyDelete
  10. Nilesh PatilOctober 10, 2011 at 1:47 AM

    Hi Harsh,

    Yet I have not try for BI server 3.8.0. I have tried for version 3.5.0 & 3.6.0

    did u added following two jars in biserver-ce\tomcat\webapps\pentaho\WEB-INF\lib folder

    1) spring-security-cas-client-2.0.5.RELEASE.jar
    2) cas-client-core-3.1.10.jar

    ReplyDelete
  11. Nilesh PatilOctober 10, 2011 at 1:52 AM

    did u changed following properties in applicationContext-spring-security.xml



    Please send me your applicationContext-spring-security.xml and CAS Server url and Pentaho BI server URL

    ReplyDelete
  12. RirisJanuary 9, 2013 at 7:40 PM

    This comment has been removed by the author.

    ReplyDelete
  13. RirisJanuary 9, 2013 at 7:45 PM

    Hi Nilesh,

    I use Pentaho 3.10. I followed the steps. CAS server started but Pentaho not started. There's an error:

    HTTP Status-404
    type Status report
    message
    The description Requested resource () is not available.
    Apache Tomcat/6.0.29

    Please help me with a solution.
    Thank you.

    ReplyDelete
  14. UnknownJuly 5, 2013 at 4:41 AM

    Hi Nilesh,

    Thanks for your reply to my post on Pentaho Forum.

    I have few questions.
    I am using Pentaho Enterprise Edition version 4.8.1.GA.51480. And User COnsole for Dashboard creation.
    There are around 150-300 users who will access this dashboard.

    Is your post on CAS and LDAP applicable for my requirement as directory structure would be different for Enterprise and Community Edition?
    Pls suggest how can I achieve LDAP authentication in my scenario.

    Your help is appreciated.

    Regards,
    Sneha

    ReplyDelete

Post a Comment

Popular posts from this blog

Changing the Java VM Memory Limits in Pentaho BI

-
You can find docs biserver-ce\tomcat\webapps\pentaho\docs\ Changing the Java VM Memory Limits If you are running out of memory even though your server has a lot of RAM, you probably need to increase the resources allocated to the JRE instance that runs the Pentaho software you're trying to improve performance on. Adjusting the memory limit is an easy configuration change to make, but the instructions differ depending on the client tool or Web application server you're using. Refer only to the sections below that apply to your situation. Note: If you are running multiple Pentaho programs concurrently, the sum of their JVM maximum memory limits must not exceed the available RAM minus system overhead. Increasing Memory Limits on Microsoft Windows with a Graphical Installation By default, Tomcat has a relatively low memory allotment. This can cause out-of-memory errors in the BA Server fromtime to time. The below instructions will explain how to increase the mem
Read more

utf8_general_ci VS utf8_unicode_ci what should we use?

-
These two collations are both for the UTF-8 character encoding. The differences are in how text is sorted and compared. Note: in new versions of MySQL use utf8mb4 , rather than utf8 , which is the same UTF-8 data format with same performance but previously only accepted the first 65,536 Unicode characters. Accuracy utf8mb4_unicode_ci is based on the Unicode standard for sorting and comparison, which sorts accurately in a very wide range of languages. utf8mb4_general_ci fails to implement all of the Unicode sorting rules, which will result in undesirable sorting in some situations, such as when using particular languages or characters. Performance utf8mb4_general_ci is faster at comparisons and sorting, because it takes a bunch of performance-related shortcuts. On modern servers, this performance boost will be all but negligible. It was devised in a time when servers had a tiny fraction of the CPU performance of today's computers. utf8mb4_unicode_c
Read more