Open CAS_HOME/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties. It should look something like this:
You will need to change those URLs (most likely only by changing the hostname and port) to your CAS application's URLs.
ServicesRegistry and Database Connection
In the default deployment, you'll see (volatile data, cleared upon application restart):
This needs to be replaced, if you want the data to be persistent, with something such as the following procedures:
Notes on the availability of Services Management Application Database
If the Services Management Application database happens to be unavailable you will still be able to perform service authorization. CAS maintains an in-memory collection of services that is periodically refreshed from the database. If the database is down, the periodic refresh process will fail. But the in-memory data will continue to be available to support service authorization.
ServicesRegistry and MongoDb Integration
As an alternative to traditional RDBMS implementations of the service registry, a MongoDb implementation is available that is read-write, enabling fuller use of the CAS service registry management administrative UI web application and is transactional, while lower-ceremony and "lighter" than dealing with a traditional RDBMS.
There exists a JSON-file based implementation of service registry, where service definitions may be defined in a flat JSON file and are loaded by CAS. The registry has the ability to auto-reload changes that are made to the file ad-hoc without requiring server restarts. Variations in the registry allow full use of the services management interface, to be able to write changes back out to the file.
Securing the Services Management Application
In-Memory managed list of static users
The first step is to modify the cas.properties as above in order to actually authenticate via CAS (you can also replace the mechanism with another entry).
where 'username' is the user you want to grant access. You can also replace the in-memory implementation with any of the provided Acegi choices. More information can be found on them at the Acegi Security web site.
Ldap-server managed list of users
If you wish allow access to the services management application via an LDAP group/server, replace the above configuration with the following:
Replace the samle attribute values with those that match your environment.
You will also need to ensure that the "spring-security-ldap" dependency is available to your build at runtime. Replace "spring.security.ldap.version" with the appropriate spring-security-ldap release version number.
Your First Entry
If you're using CAS to authenticate against the Services Management application (as opposed to using some form-based mechanism, etc.) then your first entry in the Services Management application needs to be the Services Management application itself!