CAS with Pentaho Community Edition

In this week I integrate one of the most useful feature i.e. CAS (Single Sign on) with the help my collegue and online user community.

So with my boss’ blessing, I decided to document what I had to do to make this work in the spirit of giving back to the community. Plus with the rising awareness of the benefits of BI even for small to medium corporations, I have no doubt that this information would be useful for someone somewhere.

The need

1) CAS Server
2) Pentaho BI 3.x server (Community Edition)
3) Install certificate

IMPLEMENTATION OF CAS CLIENT IN PENTAHO BI SERVER

1) \biserver-ce\pentaho-solutions\system\applicationContext-spring-security.xml

make changes in applicationContext file for CAS Client.

and add following jars in biserver-ce\tomcat\webapps\pentaho\WEB-INF\lib folder

1) spring-security-cas-client-2.0.5.RELEASE.jar
2) cas-client-core-3.1.10.jar

After added jars and configuration in applicationContext file then install certificate

step-1) download and copy InstallCert.java file in PC where Pentaho BI server install
step-2) compile InstallCert.java
step-3) run InstallCert.java (java InstallCert casservername(e.g. cas.abccompany.com/login) )


Well, this tutorial has already taken several hours to write and edit.
I hope I pointed out some of the things that made integration with BI more clear for you. Have fun !

reference :- http://wiki.pentaho.com/display/ServerDoc2x/Authentication+2.x-3.0.x
http://infocenter.pentaho.com/help/index.jsp?topic=%2Fsecurity_guide%2Ftask_auth_cas_sso.html

http://blog.datamensional.com/2011/07/pentaho-sso-setup-using-cas-and-ldap/

http://forums.pentaho.com/showthread.php?144226-Single-Sign-Out-with-CAS

https://vienergie.wordpress.com/2014/07/27/pentaho-sso-setup-using-cas-and-ldap/

Comments

  1. Really intresting, can you add others details, in order to perform 8443 web deploy and cas reading LDAP auth.
    Thanks.

    ReplyDelete
  2. thanks for the howto.
    I have cas configured with liferay and now wanted to add it to pentaho. I followed steps 1 and 2 and when I go to the pentaho addess I get the CAS login.
    But after I login I get this error:

    java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

    I'm guessing it has to do that I didn't do step 3 of your howto; but I don't understand those instructions. Could you help me here?
    (During CAS installation I did the cert part with keytool)

    Thanks!!

    ReplyDelete
  3. Sorry for late reply..

    Please go through following link

    http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java

    ReplyDelete
  4. Dear Fausto,

    for ldap please go through the following blog

    http://blog.datamensional.com/2011/07/pentaho-sso-setup-using-cas-and-ldap/

    ReplyDelete
  5. Hi,
    I did starting 2 steps but confused about the third step. I have this structure of my BiServer

    /home/letsbut071/Desktop/pentaho_new/biserver-ce-3.8.0-stable/biserver-ce

    1. now i am not able to undestand where to put the Installcert.java

    2. what is the run command exactly..means how to give arguments

    i am trying java InstallCert http://localhost:8080/cas/login

    since i am runing this on local machine ..so cas url must be
    http://localhost:8080/cas/login
    when type this url on screen it gives the login screen .. so waht is the netId and pass for this.

    now in applicationContext.xml we do have urls





















    so waht is this url.

    Please help me for this i am stuck over here.

    Thanks,
    harsh

    ReplyDelete
  6. Dear Harsh,

    Please add your InstallCert.java file in C:\Program Files\Java\jdk1.5.0_07\bin where Java installed.

    Compile and run InstallCert through CMD...
    e.g.
    C:\Program Files\Java\jdk1.5.0_07\bin\java InstallCert casservername(e.g. cas.abccompany.com/login

    ReplyDelete
  7. Hi Nilesh,

    Thanks for the reply..but i am still stuck here..
    I am running and testing cas on local machine for pentaho sso. For tat i did these steps:

    1. download cas ..build dist .put the war in tomcat folder on pentaho.
    2. downloaded the appliactionContext file according of ur blob. Here i have one doubt in that file
    there are two entries













    and







    so what is this url?????????? is it the url for cas for exampel i m running on local so i should put it as http://localhost:8080/cas/

    3. Since i m working on ubuntu
    so i put InstallCert.java file in /usr/lib/jvm/java-6-sun/bin.

    now next doubt is as i just explained i am runnign cas on local so what would be the commdn to run
    InstallCert.java

    what i am runnign is java InstallCert http://localhost:8080/cas/login

    and it is giving error...

    please help me out to get it resolved..

    Thanks
    Harsh

    ReplyDelete
  8. hi,
    when i run this commad it gives the error

    cMD :- java InstallCert localhost:8080 cas/login

    Exception in thread "main" java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at InstallCert.main(InstallCert.java:81)
    Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
    ... 3 more


    and

    ReplyDelete
    Replies
    1. use the same pass always in the proccess to generate the certificate with keytool.

      Delete
  9. hi Nilesh,

    and when i statrt pentaho adding the given applicationContext-spring.xml
    i face one more problem:-
    Caused by: org.springframework.beans.factory.CannotLoadBeanClassException: Error loading class [org.springframework.security.ui.cas.CasProcessingFilter] for bean with name 'casProcessingFilter' defined in file [/home/letsbut071/Desktop/pentaho_new/biserver-ce-3.8.0-stable/biserver-ce/pentaho-solutions/system/applicationContext-spring-security.xml]: problem with class file or dependent class; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/ui/AbstractProcessingFilter

    please provide me the step by step solution for all the road blocks..

    Thanks in anticipation.


    Harsh

    ReplyDelete
  10. Hi Harsh,

    Yet I have not try for BI server 3.8.0. I have tried for version 3.5.0 & 3.6.0

    did u added following two jars in biserver-ce\tomcat\webapps\pentaho\WEB-INF\lib folder

    1) spring-security-cas-client-2.0.5.RELEASE.jar
    2) cas-client-core-3.1.10.jar

    ReplyDelete
  11. did u changed following properties in applicationContext-spring-security.xml



    Please send me your applicationContext-spring-security.xml and CAS Server url and Pentaho BI server URL

    ReplyDelete
  12. This comment has been removed by the author.

    ReplyDelete
  13. Hi Nilesh,

    I use Pentaho 3.10. I followed the steps. CAS server started but Pentaho not started. There's an error:

    HTTP Status-404
    type Status report
    message
    The description Requested resource () is not available.
    Apache Tomcat/6.0.29

    Please help me with a solution.
    Thank you.

    ReplyDelete
  14. Hi Nilesh,

    Thanks for your reply to my post on Pentaho Forum.

    I have few questions.
    I am using Pentaho Enterprise Edition version 4.8.1.GA.51480. And User COnsole for Dashboard creation.
    There are around 150-300 users who will access this dashboard.

    Is your post on CAS and LDAP applicable for my requirement as directory structure would be different for Enterprise and Community Edition?
    Pls suggest how can I achieve LDAP authentication in my scenario.

    Your help is appreciated.

    Regards,
    Sneha

    ReplyDelete

Post a Comment

Popular posts from this blog

Changing the Java VM Memory Limits in Pentaho BI

error in pentaho 5.0.1 - authentication via url parameters for iframe