Configure Yale CAS server for single-point login (SSO)

In this configuration document, refer to Argan's blog... use Yale CAS server to achieve single point of login (SSO)
Argan's blog... Address: http://blog.matrix.org.cn/page/cas

Configure java_home as follows:
Java_home = D:/Java/jdk1.5.0 _ 06

CAS (Central Authentication Service) is an open-source Java implementation developed by its of Yale University.
SSO (Single Sign-On) service.

Here is a simple example to illustrate how to use CAs to achieve single point of login (SSO ).

Configuration process of Yale CAS Server

CAS (Central Authentication Service) is an open-source Java implementation developed by its of Yale University.
SSO (Single Sign-On) service. This service is implemented by a Java Web app (eg: Cas. War,
Cas. war must be published to a server compatible with servlet2.3, and the server must support SSL,
In other servers (customers) that need to use the service, SSO can be implemented by simple configuration.

CAS clients can have many types, because the verification results are returned in XML format, CAS clients have
There are several client examples packaged in: Java, Perl, Python, ASP, Apache module, etc.
You need to implement your own client, which is very simple !~

Next we use Tomcat 5.0 as the CAS server (server1), and the other tomcat5.0 is the client (Client1)
For example.

1. Download cas-server and CAS-client (optional)
Http://www.ja-sig.org/downloads/cas/cas-server-3.0.zip
Http://www.yale.edu/tp/cas/cas-client-2.0.11.zip

2.decompress cas-server-3.0.zip and copy lib/CAS. War to webapps of server1.

3. Generate the server certificate
Keytool-genkey-alias my-alias-name-keyalg RSA-keystore. keystore

4. Configure tomcat to Use https in server1
$ Catalina_home/CONF/server. xml
<Connection Port = "8443"
Maxthreads = "150" minsparethreads = "25" maxsparethreads = "75"
Enablelookups = "false" disableuploadtimeout = "true"
Acceptcount = "100" DEBUG = "0" Scheme = "HTTPS" secure = "true"
Clientauth = "false" sslprotocol = "TLS"
Keystorefile = "C:/Documents and Settings/New/keystore. keystore"
Keystorepass = "changeit"/>

5. Set in client Client1 of the CAS client (take the app servlets-examples as an example ).
Servletfilter (provided in CAS client) to check SSO.

Modify servlets-examples/WEB-INF/Web. xml

<Filter>
<Filter-Name> casfilter </filter-Name>
<Filter-class> edu. Yale. Its. Tp. Cas. Client. Filter. casfilter </filter-class>
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. loginurl </param-Name>
<Param-value> https: /localhost: 8443/CAS/login </param-value>
</Init-param>
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. validateurl </param-Name>
<Param-value> https: // localhost: 8443/CAS/proxyvalidate </param-value>
</Init-param>

<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. servername </param-Name>
<Param-value> localhost: 8080 </param-value>
</Init-param>

</Filter>

<Filter-mapping>
<Filter-Name> casfilter </filter-Name>
<URL-pattern>/servlet/* </url-pattern>
</Filter-mapping>

6.decompress cas-client-2.0.11.zip and copy Java/lib/CasClient. jar to
Webapps/Servlets-examples/WEB-INF/lib directory (if not, create one)

7. Export the server certificate to import the certificate to all clients
Keytool-export-file myserver. cert-alias my-alias-name-keystore. keystore

8. Import the trusted server certificate in the client's JVM (administrator privilege may be required as appropriate)

# Keytool-import-keystore $ java_home/JRE/lib/security/cacerts-file myserver. cert-alias my-alias-name
Keytool-import-keystore D:/Java/jdk1.5.0 _ 06/JRE/lib/security/cacerts-file myserver. cert-alias localhost

9. Test & done.
Separate server1 and Client1, and check whether the started log is normal. If everything is OK, access
Http: // Client1: 8080/Servlets-examples/servlet/helloworldexample
The system will automatically jump to a verification page and enter the same account and password.
To the real helloworldexample Servlet

For more information, see
Http://www.yale.edu/tp/cas/
Http://www-106.ibm.com/developerworks/web/library/wa-singlesign/