wiki:RubyCASServer

Version 1 (modified by brose, 10 years ago) (diff)

--

RUBYCAS SERVER USING MOD_PASSENGER, LOCAL MYSQL DATABASE, AND LDAP AUTH ON PUIAS

[root@localhost ~]# yum install puias-{addons,unsupported}
[root@localhost ~]# yum install rubygem-rubycas-server ruby-mysql mod_ssl mod_passenger mysql-server rubygem-net-ldap

Open /etc/sysconfig/iptables and allow port 443 (https) traffic:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

Create the file /usr/lib/ruby/gems/1.8/gems/rubycas-server-1.0/config.ru
See the example in this folder.

Configure httpd:
[root@localhost ~]# chkconfig httpd on
[root@localhost ~]# rm -f /etc/httpd/conf.d/welcome.conf
Configure /etc/httpd/conf.d/ssl.conf as per the given example

Create a test cert and key for httpd - BE SURE TO REPLACE THESE IN PRODUCTION:
[root@localhost ~]# cd /etc/pki/tls/certs
[root@localhost ~]# make httpd.pem
[Fill out the questionaire]

Configure MySQL:
[root@localhost ~]# chkconfig mysqld on
[root@localhost ~]# service mysqld start
[root@localhost ~]# /usr/bin/mysql_secure_installation
Fill out the questions, be sure to set a new root password and remove all test accounts/dbs.
[root@localhost ~]# mysql -u root -p
mysql> create database casserver;
mysql> use casserver;
mysql> source /path/to/create_rubycas_mysql_db.sql

Create and configure the file /etc/rubycas-server/config.yml
See example in this folder.

At this point, you can test your implementation:
[root@localhost ~]# setenforce 0
[root@localhost ~]# service httpd start

Note that I disabled SELinux. This should be used only for testing purposes, to generate policy files.
Please see rubycas-server.te in this directory for an example SELinux policy file that worked for me.