Pentaho BI Server integration with Jasig
CAS
Quick Installation Guide
Stratebi Business Solutions. (2016)
www.stratebi.com
Pentaho BI Server integration with Jasig CAS
Index
1 - Introduction.................................................................................................................................................. 3
2 - License........................................................................................................................................................ 3
3 - Requirements.............................................................................................................................................. 3
3.1 - Software.............................................................................................................................................. 3
3.2 - Environment........................................................................................................................................ 3
4 - Environment Characteristics........................................................................................................................ 4
5 - Installation Steps......................................................................................................................................... 4
5.1 - Create a X.509 certificate.................................................................................................................... 4
5.2 - Install CAS Server............................................................................................................................... 5
5.3 - Install BISERVER................................................................................................................................ 5
5.4 - Install CAS Support for BISERVER..................................................................................................... 6
5.5 - Test...................................................................................................................................................... 8
6 - Extras.......................................................................................................................................................... 9
6.1 - Files modified during installation.......................................................................................................... 9
6.2 - Logs................................................................................................................................................... 13
7 - About Stratebi............................................................................................................................................ 16
Stratebi Business Solutions. 2016 Página 2 de 17
Pentaho BI Server integration with Jasig CAS
1 Introduction
This quick installation guide aims to deploy a Pentaho Business Intelligence Server (BISERVER), version
5.4.0.1 Community Edition, in a local environment configured to use Central Authentication Service (CAS)
protocol.
CAS provides access to a user to multiple systems with a single log-in process (Single sign-on, SSO). It re-
quires that all established communications are conducted through Secure Sockets Layer (SSL), by which an
X.509 certificate will be also also needed for this deployment.
2 License
© 2016, Stratebi Business Solutions. Pentaho BI Server integration with Jasig CAS. Quick
Installation Guide
This quick installation guide work is made available under a Creative Commons Attribution-ShareAlike
4.0 International License. To view a copy of this license, visit:
http://creativecommons.org/licenses/by-sa/4.0/.
3 Requirements
3.1 Software
Software Version File size Download Link
Pentaho Business
Intelligence Server
(BISERVER)
5.4.0.1-130 814,8 MB
biserver-ce-5.4.0.1-130.zip
https://sourceforge.net/projects/pentaho/files/Business
%20Intelligence%20Server/5.4/biserver-ce-5.4.0.1-
130.zip/download
Apache Tomcat 6.0.45 7,0 MB
apache-tomcat-6.0.45.zip
http://ftp.cixug.es/apache/tomcat/tomcat-
6/v6.0.45/bin/apache-tomcat-6.0.45.zip
Jasig Central
Authentication
Service (JCAS)
3.5.3 32,3 MB
cas-server-webapp-3.5.3.war
http://central.maven.org/maven2/org/jasig/cas/cas-server-
webapp/3.5.3/cas-server-webapp-3.5.3.war
Jasig CAS Client
(JCASC) For Java
Core
3.1.12 85 KB
cas-client-core-3.1.12.jar
http://central.maven.org/maven2/org/jasig/cas/client/cas-
client-core/3.1.12/cas-client-core-3.1.12.jar
Spring Security CAS
Support (SSCASS)
2.0.8 16 KB
spring-security-cas-client-2.0.8.RELEASE.jar
http://central.maven.org/maven2/org/springframework/secur
ity/spring-security-cas-client/2.0.8.RELEASE/spring-
security-cas-client-2.0.8.RELEASE.jar
OpenJDK 1.7 - Depends on the operating system used.
3.2 Environment
Hardware - 64 bit Operating System - 64 bit
Processor
• Apple Macintosh Pro Quad-Core or Macintosh Mini
Quad-Core.
• Intel EM64T or AMD64 Dual-Core.
RAM
• 8 GB with 4 GB dedicated to Pentaho servers
Disk Space
• 20 GB free after installation
• Apple Macintosh OS X Server 10.9 & 10.10.
• CentOS Linux 5 & 6.
• Microsoft Windows 2008 Server R2, 2012 Server
R2.
• Red Hat Enterprise Linux 5 & 6.
• Solaris 10.
• Ubuntu Server 12.04 LTS & 14.04 LTS.
Stratebi Business Solutions. 2016 Página 3 de 17
Pentaho BI Server integration with Jasig CAS
4 Environment Characteristics
This guide assumes the environment used has the following characteristics:
• The system account that will be use for this deployment does not have administrator rights and its
name is stratebi.
• The host name is pentaho.
• The directory structure that will be use is as follows:
1 BASE. Root directory. It may have any name.
1.1 APP. Directory where application servers will be deployed.
1.1 ARCHIVE. Backup directory. It might be needed.
1.1 TMP. Temporal/trash directory.
1.2 SOURCE. Directory where all the source files needed are located.
• Any command described here will use relative paths taking the BASE directory as the starting point.
• All references to files, will be described with relative paths using BASE directory as the starting
point.
• All required ports used by the applications servers must be available and accessible:
1 BISERVER: 8005, 8080, 8443, 8009.
2 CAS Server: 80056 8088, 8444, 8010.
5 Installation Steps
In general, the sections to go through are the following:
1. Create a self-signed certificate to encrypt communications between the BISERVER and CAS Server.
This certificate is needed for both servers.
2. Install Apache Tomcat with JCAS. A new Connector element will be created, which will be responsi-
ble for handling encrypted requests using the previously created self-signed certificate. Also,
Tomcat's default ports need to be changed so it does not collide with BISERVER ports
3. Install BISERVER.
4. Install all components required to support CAS protocol on BISERVER.
Note that sections 1, 2 and 3 are used for a CAS Server deployment in a local environment, so if you already
have a CAS Server installed, you might skip this part. Be aware that some of the configurations files present
in this guide, will be pointing to a local CAS Server.
5.1 Create a X.509 certificate
The CAS implementation used in this guide, works only if it can be establish a secure connection with the
client making the request. Therefore, an X.509 certificate is required to enable such connections in Apache
Tomcat. That being established, we will create a self-signed certificate that will be stored in a Java KeyStore
(JKS) file type named cas-certificate.jks, an encrypted container used for certificate store. This container
will be used by both, a CAS Server and a BISERVER..
5.1.1 Requirements
• Java Runtime Environment or Java Development Kit to create the self-signed certificate.
5.1.2 Creation Steps
1. Create the certificate and its container using the keytool provided by Java.
[stratebi@pentaho base]$ Terminal
[stratebi@pentaho base]$ keytool -genkeypair -alias cas -keyalg RSA -dname "CN=localhost,OU=Quality &
Assurance,O=Stratebi,L=Madrid,S=MA,C=ES" -keypass password -keystore cas-certificate.jks -storepass
password
[invitado@CentOS casguide]$
2. Copy the file cas-certificate.jks in the base > app directory, where servers will be deployed.
Stratebi Business Solutions. 2016 Página 4 de 17
Pentaho BI Server integration with Jasig CAS
5.2 Install CAS Server
Jasig Central Authentication Service (JCAS), is an implementation of the CAS protocol developed by
Apereo's community. It is distributed as a web application in a WAR file (Web Application Archive), so we will
use Apache Tomcat as web server for its installation.
5.2.1 Requirements
• Java Runtime Environment or Java Development Kit to run Apache Tomcat server.
• Location of the container with the certificate that will be use to set up the secure connection to the
CAS server where the JCAS reside.
5.2.2 Installation Steps
1. Download Apache Tomcat in the source folder.
2. Unzipm the source > apache-tomcat-{version}.zip file in the app folder. This creates a new direc-
tory named apache-tomcat-{version}.
3. Open Apache Tomcat configuration file, app > apache-tomcat-{version} > conf > server.xml, to
change the default connection ports. This is necessary so that CAS server ports does not match with
the biserver ones as this is deployed within its own Tomcat.
(a) Modify the port attribute of the Server element, from 8005 to 8006 (line 22 approx.).
22. <Server port="8006" shutdown="SHUTDOWN"> Text
23. <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
(b) Modify the port and redirectPort attribute of the Connector element, from 8080 to 8088 and
from 8443 to 8444 respectively (between lines 71 -. 73 approx).
71. <Connector port="8088" protocol="HTTP/1.1" Text
72. connectionTimeout="20000"
73. redirectPort="8444" />
(c) Configure the secure connection, by removing the tags <!-- --> surrounding the Connector el-
ement (between lines 83 -. 87 approx). Then, modify the port attribute of the Connector
element, from 8443 to 8444 and add the following attributes: keystoreFile="../cas-certifi-
cate.jks" keystorePass="password" keyAlias="cas". Note that the path used in the
keystoreFile attribute is relative to the directory where Apache Tomcat has been deployed.
83. Text
84. <Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true"
85. keystoreFile="../cas-certificate.jks" keystorePass="password" keyAlias="cas"
86. maxThreads="150" scheme="https" secure="true"
87. clientAuth="false" sslProtocol="TLS" />
(d) Modify the port and redirectPort attribute of the Connector element from 8009 to 8010 and
from 8443 to 8444 respectively to modify the port connection to the server through the AJP pro-
tocol (line 90 approx.).
89. <!-- Define an AJP 1.3 Connector on port 8009 --> Text
90. <Connector port="8010" protocol="AJP/1.3" redirectPort="8444" />
4. Save your changes and close the document.
5. Download JCAS, cas-server-webapp-{versión}.war, in app > apache-tomcat-{version} > we-
bapps of Apache Tomcat. In the same moment you execute the Tomcat server, this will start to
unzip the cas-server-webapp-{versión}.war file in the same directory where it was placed under
the name of cas-server-webapp-{versión}, so not further steps are needed.
5.3 Install BISERVER
5.3.1 Requirements
• Java Runtime Environment or Java Development Kit to run BISERVER.
Stratebi Business Solutions. 2016 Página 5 de 17