\nEnter keystore password:<\/p>\n Re-enter\u00a0new\u00a0password:<\/p>\n What is your first and last name?<\/p>\n [Unknown]:\u00a0 $REPLACE_WITH_FULL_MACHINE_NAME<\/p>\n What is the name of your organizational unit?<\/p>\n [Unknown]:\u00a0 Test<\/p>\n What is the name of your organization?<\/p>\n [Unknown]:\u00a0 Test<\/p>\n What is the name of your City or Locality?<\/p>\n [Unknown]:\u00a0 Test<\/p>\n What is the name of your State or Province?<\/p>\n [Unknown]:\u00a0 Test<\/p>\n What is the two-letter country code\u00a0for\u00a0this\u00a0unit?<\/p>\n [Unknown]:\u00a0 US<\/p>\n Is CN=$FULL_MACHINE_NAME, OU=Test, O=Test, L=Test, ST=Test, C=US correct?<\/p>\n [no]:\u00a0 yes<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n For the keystore password, you should enter “changeit” without the quotation marks. When prompted for the first and last name, you should enter your machine name during development. Enter the rest of the information specific to your organization. After confirming the information you have provided, a keystore will be created and a private key will be added to that keystore.<\/p>\n Any application that wishes to securely connect to this CAS server would need to import the certificate. You can export a certificate that’s compatible with other JVM keystores by executing the following command:<\/p>\n \n\n\nkeytool -export -alias tomcat -file server.crt<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n You’ll get output that looks like this:<\/p>\n \n\n\nEnter keystore password:<\/p>\n Certificate stored in file <server.crt><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n You can then import the\u00a0server.crt<\/strong>\u00a0into the Ephesoft Transact JVM keystore by executing the following command:<\/p>\n\n\n\nkeytool -import\u00a0-file server.crt -keystore $JAVA_HOME\/jre\/lib\/security\/cacerts -alias tomcat<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n The path of this newly created keystore will be used in configuring the CAS server using Tomcat.<\/p>\n Note: <\/strong>For using CAS with proxy support, perform the following procedure in Ephesoft Transact to create a keystore and import Transact\u2019s certificate into the CAS server truststore.<\/p>\nCreating Private Key<\/strong><\/p>\n\n- Open a command line or terminal window and make sure you’re in your home directory.<\/li>\n
- Execute the following command:<\/li>\n<\/ol>\n
\n\n\nkeytool -genkey -alias tomcat -keyalg RSA -validity\u00a0365<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n The response will look something like this:<\/p>\n \n\n\nEnter keystore password:<\/p>\n Re-enter\u00a0new\u00a0password:<\/p>\n What is your first and last name?<\/p>\n [Unknown]:\u00a0 $REPLACE_WITH_FULL_MACHINE_NAME<\/p>\n What is the name of your organizational unit?<\/p>\n [Unknown]:\u00a0 Test<\/p>\n What is the name of your organization?<\/p>\n [Unknown]:\u00a0 Test<\/p>\n What is the name of your City or Locality?<\/p>\n [Unknown]:\u00a0 Test<\/p>\n What is the name of your State or Province?<\/p>\n [Unknown]:\u00a0 Test<\/p>\n What is the two-letter country code\u00a0for\u00a0this\u00a0unit?<\/p>\n [Unknown]:\u00a0 US<\/p>\n Is CN=$FULL_MACHINE_NAME, OU=Test, O=Test, L=Test, ST=Test, C=US correct?<\/p>\n [no]:\u00a0 yes<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n For the keystore password, you should enter “changeit” without the quotation marks. When prompted for the first and last name, you should enter your machine name during development. Enter the rest of the information as it applies to your organization. After confirming all the entries, a keystore will be created and a private key will be added to that keystore.<\/p>\n Any application that wishes to securely connect to Ephesoft Transact would need to import the certificate. You can export a certificate that’s compatible with other JVM keystores by executing the following command:<\/p>\n \n\n\nkeytool -export -alias tomcat -file server.crt<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n You’ll get output that looks like this:<\/p>\n \n\n\nEnter keystore password:<\/p>\n Certificate stored in file <server.crt><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n You can then import the\u00a0server.crt<\/strong>\u00a0into the CAS JVM keystores by executing a command like this:<\/p>\n\n\n\nkeytool -import\u00a0-file server.crt -keystore $JAVA_HOME\/jre\/lib\/security\/cacerts -alias tomcat<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n After completing all the above-mentioned configurations, restart the Ephesoft Transact server.<\/p>\n Suggestions for CAS server setup<\/strong><\/h1>\nTo use CAS with proxy support, the CAS server must have the \u201callowedToProxy\u201d attribute of the Ephesoft Transact service set to \u201ctrue\u201d. By default, the \u201callowedToProxy\u201d attribute is set to \u201cfalse\u201d.<\/p>\n Setting the allowedToProxy attribute to true<\/strong><\/h4>\nPerform the following steps for CAS server versions 3.4.x, 3.5.x, 3.6.x, or 4.0.x.<\/p>\n \n- Open the \u201cdeployerConfigContext.xml\u201d file.<\/li>\n
- Add the \u201callowedToProxy\u201d attribute in the registeredServicesList section and set its value to \u201ctrue\u201d.<\/li>\n<\/ol>\n
<\/p>\n Perform the following steps for CAS server versions 4.1.x and 4.2.x.<\/p>\n \n- Open the \u201cHTTPSandIMAPS\u201d file corresponding to the Ephesoft Transact service.<\/li>\n
- Add a regex pattern for the \u201cproxyPolicy\u201d attribute as given below:<\/li>\n<\/ol>\n
“proxyPolicy” : {<\/em><\/p>\n “@class” : “org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy”,<\/em><\/p>\n “pattern” : “^https?:\/\/.*”<\/em><\/p>\n }<\/em><\/p>\n<\/p>\n Note<\/em><\/strong>: Use a proper regex pattern instead of the default pattern to further restrict access to services within your domain (including subdomains). You can find the available regex patterns using the following path: <\/em>CAS installation Directory -> WEB-INF -> classes -> services<\/em><\/strong>.<\/em><\/p>\n","protected":false},"featured_media":0,"parent":47681,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","doc_tag":[],"yoast_head":"\nSSO | CAS-Based SSO Framework | Ephesoft Docs<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\t\n | | | | | | | | |