Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Configure mod-jk

Create a file in /etc/apache2

Code Block
sudo vi /etc/apache2/
Add the following


No Format

Configure apache2 sites


Code Block
sudo vi /etc/apache2/sites-available/default-ssl.conf


Add the following below the first default DocumentRoot /var/www/html


No Format
<Location ~ "/midpoint*">  AuthType CAS
  AuthName "CAS"
  require valid-user
  CasAuthNHeader Cas-User

JkMount /midpoint* worker1 

 Configure auth-cas


Code Block
sudo vi /etc/apache2/mods-available/auth_cas.conf


Add the following


No Format
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://SERVERURL/cas/login
CASValidateURL https://SERVERURL/cas/serviceValidate
CASDebug Off
CASValidateServer On
CASVersion 2
CASSSOEnabled On
 is needed, auth-cas will use the server hostname in the service URL 
redirect so we will override that, do not add a trailing / or add 


Restart Apache2


Code Block
sudo service apache2 restart


Tomcat Configuration

Confgure tomcat to use the AJP connector


Code Block
sudo vi /var/lib/tomcat7/conf/server.xml


Uncomment the following so that it reads


No Format
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /

Midpoint Configuration

Edit ctx-web-security.xml


Code Block
sudo vi /var/lib/tomcat7/webapps/ctx-web-security.xml


Uncomment the following so that reads


No Format
<!-- For SSO integration use the following: -->        
<custom-filter position="PRE_AUTH_FILTER" ref="requestHeaderAuthenticationFilter" />


Edit the following value "principalRequestHeader" in the bean "requestHeaderAuthenticationFilter" so that it reads


No Format
    <!-- Following bean is used with pre-authentication based on HTTP headers (e.g. for SSO integration) -->
     <beans:property name="principalRequestHeader" value="Cas-User"/>
     <beans:property name="authenticationManager" ref="authenticationManager" />
 <beans:bean id="logoutHandler" class="">        <beans:property name="defaultTargetUrl" value="https://SERVERURL/cas/logout"/>


Finally restart tomcat7


Code Block
sudo service tomcat7 restart


User can now login to midPoint using CAS

See Also