CAS Single sign-on server Setup

The principle of CAs single sign-on and its introduction here do not explain, direct start:

1. War Pack Download

Go to official website (https://www.apereo.org/projects/cas/download-cas) Download Cas_server-webapp_ Xxx.war file is used in Cas-server-webapp-4.0.0.war. (Here spit trough, because the CAS source code and war packages have been put on GitHub above, resulting in slow download or unable to download, finally helpless under the CSDN download ... ）

2. Create a certificate

The certificate is an important key in the single sign-on authentication system, the client's mutual security on the server is the certificate; since it is a personal learning test, it is directly generated with the Keytool tool from the JDK, and if it is used in the product environment, it must go to the certificate provider to buy it. Certificate certification is generally certified by VeriSign, Chinese official website: http://www.verisign.com/cn/

Generate the certificate with the Keytool tool that comes with the JDK:

Keytool-genkey-alias Cas-keyalg Rsa-keystore E:/keys/cas

Enter the relevant data according to the prompt information (note here to remember the password at the time of creation).

3. Export the certificate

Keytool-export-file E:/keys/cas.crt-alias Cas-keystore E:/keys/cas

If prompted:

Keytool Error:java.io.IOException:Keystore was tampered with, or password was incorrect

Then please enter the password: Changeit

Now that the export certificate is complete, you can distribute it to the application's JDK.

4. Import the certificate for the JVM of the client

Keytool-Import -keystore "C:\Program files\java\jdk1.8.0_101\jre\lib\security\cacerts"-file e:/keys/ Cas.crt-alias CAs

As with the 3rd step, if you are prompted for a password, enter Changeit, so that the certificate is created, exported, imported to the client JVM is complete, the following start using the certificate to the Web server, here I am using the TOMCAT7 server.

5. Apply certificate to Web server

Open the Conf/server.xml file for the Tomcat directory, set the following:

<connector port= "8443" protocol= "Org.apache.coyote.http11.Http11Protocol"               maxthreads= "150" Sslenabled= "true" scheme= "https" secure= "true"               clientauth= "false" sslprotocol= "TLS" keystorefile= "e:/ Keys/cas "                 keystorepass=" 111111 "/>

Parameter description:

• Keystorefile: Key storage location created in the first step
• Keystorepass: password when creating a certificate

6. Start the Tomcat server

Put the 1th step download a good war package into the Tomcat WebApp directory, start Tomcat, access the Https://localhost:8443/cas/login page, enter the Casuser/mellon can successfully login to indicate that the server has been built.

Viewing the profile Deployerconfigcontext.xml can obtain the default user name and password information, which is described in detail later in this configuration file.

Login successful

CAS Single sign-on server Setup