Linux | TFM official technical blog

Searching for Central Authentication Service

We are searching for CAS (Central Authentication Service) for a project .

The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user’s security credentials, such as a password

We are evaluating CAS solution from:

jasig

Shibboleth

In this post I’ll try to explain how to get jasig CAS up and running.I’m assuming that all CAS related programs will be in /opt/CAS , if you need them in other location you will have to slightly adjust the paths.

To get it up and running you will need:

Apache maven (http://maven.apache.org/). I used version 3.0.5 ( latest at the time of the post writing ) . Instalation of apache maven is straight forward .

mkdir -p /opt/CAS
cd /opt/CAS
wget http://mirrors.hostingromania.ro/apache.org/maven/maven-3/3.0.5/binaries/apache-maven-3.0.5-bin.tar.gz
tar xf apache-maven-3.0.5-bin.tar.gz
export PATH=$PATH:/opt/CAS/apache-maven-3.0.5/bin

Apache tomcat(http://tomcat.apache.org/). Again I used version 7.0.41

cd /opt/CAS
wget http://mirrors.hostingromania.ro/apache.org/tomcat/tomcat-7/v7.0.41/bin/apache-tomcat-7.0.41.tar.gz
tar xf apache-tomcat-7.0.41.tar.gz

jasig CAS software (http://www.jasig.org/cas) . We used 3.5.2 release of the software.

cd /opt/CAS
wget http://downloads.jasig.org/cas/cas-server-3.5.2-release.tar.gz
tar xf cas-server-3.5.2-release.tar.gz

Mysql Java Connector software (http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.25.tar.gz/from/http://cdn.mysql.com/) . We used 5.1.25 release of the software.

cd /opt/CAS
wget http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.25.tar.gz
tar xf mysql-connector-java-5.1.25.tar.gz

Now we have everything we need for the build. Let’s start configure it

Edit the file: cas-server-3.5.2/cas-server-webapp/pom.xml

And change commons-dbcp version from 1.2.2 to 1.4 . Otherwise the CAS will give some obscure null errors after startup. After athat add the following:

<dependency>
 <groupId>mysql</groupId>
 <artifactId>mysql-connector-java</artifactId>
 <version>5.1.25-bin</version>
 <scope>provided</scope>
 </dependency>

Edit the file cas-server-3.5.2/cas-server-webapp/target/cas-server-webapp-3.5.2/WEB-INF/deployerConfigContext.xml and add the following ( required for mysql support and changed default demo authentication to mysql auth)

<!--                <bean
 class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
 -->

<bean class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler">
 <property  name="tableUsers">
 <value>users</value>
 </property>
 <property name="fieldUser">
 <value>username</value>
 </property>
 <property name="fieldPassword">
 <value>password</value>
 </property>
 <property name="passwordEncoder">
 <bean class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
 <constructor-arg value="MD5" />
 </bean>
 </property>
 <property name="dataSource" ref="dataSource" />
 </bean>

And at the end of file before /beans add the mysql configuration:

<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
 <property name="driverClassName">
 <value>com.mysql.jdbc.Driver</value>
 </property>
 <property name="url">
 <value>jdbc:mysql://localhost:3306/cas</value> <!-- Replace this line with the database containing the users table -->
 </property>
 <property name="username">
 <value>REPLACE_ME</value> <!-- Replace this line with the MySQL username -->
 </property>
 <property name="password">
 <value>REPLACE_ME</value> <!-- Replace this line with the actual MySQL password -->
 </property>
 </bean>

On your mysql server create the database and table where the users will be kept and insert a test user :

create database cas;
 grant all on cas.* to REPLACE_ME@127.0.0.1 identified by 'REPLACE_ME';
 CREATE TABLE users (username char(20) PRIMARY KEY NOT NULL, password char(64));
 INSERT INTO users(username, password) VALUES ('Test44',MD5('passTest'));

Now the building part:

1. First install mysql connector

mvn install:install-file -DgroupId=mysql -DartifactId=mysql-connector-java -Dversion=5.1.25-bin -Dpackaging=jar -Dfile=../../mysql-connector-java-5.1.25/mysql-connector-java-5.1.25-bin.jar

2. Next build the war file

mvn package install

Install the package into tomcat directoy:

cp cas-server-3.5.2/cas-server-webapp/target/cas.war /opt/CAS/apache-tomcat-7.0.41/webapps

And after this restart your tomcat and point a browser to http://localhost:8080/cas and you should have a CAS instance up and running.

Things to test from this point forward:

Test custom table structure
Configure tomcat for SSL
How to add custom password encryption
How to add custom SQL auth string
Attribute releasing from database
Integration with a website
Facebook login , oAuth login

JAVA implementation of mysql password() function

Here is a quick JAVA implementation of mysql password() function:

public static String MySQLPassword(String plainText)
                  throws UnsupportedEncodingException
{
    byte[] utf8 = plainText.getBytes("UTF-8");
    byte[] test = DigestUtils.sha(DigestUtils.sha(utf8));
    return "*" + convertToHex(test).toUpperCase();
}

This is usefull when you have a table with a user password that is updated with mysql password and needs to be changed to JAVA implementantion. I needed it when i started looking at jasig CAS .

Work in progress. Getting TFM Workstation up to date . Part 1

For a long time we didn’t got time to get TFM Workstation up to date. The old version served it’s purpose but now some packages are simply too old and new features are now missing. This is a tedious work since we have to maintain certain level of compatibility with Fedora core.

At this point we are working on KDE and we are here:

— The following external packages were located on your system.
— This installation will have the extra features provided by these packages.
—————————————————————————–
* Perl – Needed for building kdelibs
* ZLib – Support for gzip compressed files and data streams
* X Rendering Extension (libXrender) – Support for compositing, rendering operations, and alpha-blending
* X Screensaver Extension (libXss) – Support for KIdleTime (fallback mode)
* X Sync Extension (libXext) – Efficient operation of KIdleTime
* OpenSSL – Support for secure network communications (SSL and TLS)
* Libintl – Support for multiple languages
* LibACL – Support for manipulating access control lists
* BZip2 – Support for BZip2 compressed files and data streams
* LZMA/XZ – Support for xz compressed files and data streams
* PCRE – Perl-compatible regular expressions in KJS
* UDev – UDev support for Solid
* Flex – Allows the Solid predicate parser to be updated
* Bison – Allows the Solid predicate parser to be updated
* LibXSLT – Required by the KDE help system to process DocBook XML
* LibXML2 – Required by the KDE help system to process DocBook XML
* xmllint – Required by the KDE help system to process DocBook XML
* DocBook XML – Required by the KDE help system to process DocBook XML
* DocBook XSL – Required by the KDE help system to process DocBook XML
* GSSAPI – Allows KIO to make use of certain HTTP authentication services
* shared-mime-info – Allows KDE applications to determine file types
* libjpeg – JPEG image format support
* libpng – PNG image format support
* JasPer – Support for JPEG-2000 images
* OpenEXR – Support for OpenEXR images

—————————————————————————–
— The following OPTIONAL packages could NOT be located on your system.
— Consider installing them to enable more features from this software.
—————————————————————————–
* Soprano (2.7.56 or higher) <http://soprano.sourceforge.net>
Support for the Nepomuk semantic desktop system
* Soprano Raptor Parser <http://soprano.sourceforge.net>
Support for the Nepomuk semantic desktop system
* Soprano Redland Backend <http://soprano.sourceforge.net>
Support for the Nepomuk semantic desktop system
* Shared desktop ontologies (0.10 or higher) <http://oscaf.sourceforge.net>
Support for the Nepomuk semantic desktop system
* QCA2 (2.0.0 or higher) <http://delta.affinix.com/qca>
Support for remote plasma widgets
* PolkitQt-1 <http://techbase.kde.org/Polkit-Qt-1>
Support for executing priviledged actions in a controlled way (KAuth)
STRONGLY RECOMMENDED: Required to make KAuth work, and hence enable certain workspace functionalities
* FAM <http://oss.sgi.com/projects/fam>
File alteration notification support via a separate service
Provides file alteration notification facilities using a separate service.
* Grantlee (0.1.0 or higher) <http://www.grantlee.org>
ModelEventLogger code generation (part of the ProxyModel test suite)
Grantlee is used for generating compilable code by the ModelEventLogger. Without Grantlee, the logger will do nothing.
* HUPnP <http://www.herqq.org>
UPnP support for Solid
Allows Solid to provide information about UPnP devices on the network
* media-player-info <http://www.freedesktop.org/wiki/Software/media-player-info>
Enables identification and querying of portable media players
Runtime-only dependency of the udev solid backend. Support for m-p-i is included even if not found during build
* Aspell <http://aspell.net/>
Spell checking support via Aspell
This is not needed for spell checking if Enchant is provided or only Hebrew spell checking is required
* HSpell <http://ivrix.org.il/projects/spell-checker/>
Spell checking support for Hebrew
Hebrew support can also be provided via Enchant, providing the correct Enchant backends are installed
* Enchant <http://www.abisource.com/projects/enchant/>
Spell checking support via Enchant
* Avahi <http://avahi.org>
Facilities for service discovery on a local network (DNSSD)
Either Avahi or DNSSD is required for KDE applications to make use of multicast DNS/DNS-SD service discovery
* DNSSD <http://avahi.org>
Facilities for service discovery on a local network
Either Avahi or DNSSD is required for KDE applications to make use of multicast DNS/DNS-SD service discovery

—————————————————————————–
— The following REQUIRED packages could NOT be located on your system.
— You must install these packages before continuing.
—————————————————————————–
* Strigi (0.6.3 or higher) <http://strigi.sourceforge.net>
Desktop indexing and search support
Required by some critical kioslaves
* libattica (0.1.90 or higher) <git://anongit.kde.org/attica>
Support for Get Hot New Stuff
* DBusMenuQt <https://launchpad.net/libdbusmenu-qt>
Support for notification area menus via the DBusMenu protocol
* giflib <http://sourceforge.net/projects/giflib>
GIF image format support
Required by khtml.

—————————————————————————–

Upgrading LibreOffice on TFM Linux

Download libreoffice main installer from here. Then unpack the archive intro a directory.
First of all you should get rid of the old LibreOffice and install the new rpms.

rpm -e `rpm -qa | grep liboba` `rpm -qa | grep libreoff`
rpm -Uvh *.rpm

That should be all.

Compiling HandBrake on TFM

Get the handbrake from official web site
untar into a temp dir
configure it and change dir to build dir
export HASDOCBOOK=no (this is needed because we don’t need fontconfig documentation to be rebuilt)
edit contrib/libvorbis/module.defs and change LIBVORBIS.CONFIGURE.bootstrap to LIBVORBIS.CONFIGURE.bootstrap = rm -fr aclocal.m4 autom4te.cache ; chmod a+x autogen.sh ; ./autogen.sh ;
change dir to build dir. run make

That’s all to have HandBrakeCLI compiled.

The GUI version still requires some work. I will update the post then.