Go Yale CAS +. NET Client implementation SSO (1)

As a result of information system integration needs, recently studied CAs. From the Internet to find a lot of information, many are for the Java platform, a few articles for. NET client often one-sided introduction of a certain aspect, according to do will encounter a lot of problems, especially the "redirect cycle" problem, online solutions are diverse, and can not completely solve the problem. Through the recent days of groping, and finally debugging success, to this end, this series of essays will be detailed in the ASP. NET, how to achieve single sign-on with CAs, and for some information on the web to discuss, and provide my "redirect cycle" problem solution.

• Part I: Installing the configuration Tomcat
• Part II: Installing the configuration CAS
• Part III: Implementing the ASP. NET WebForm Client
• Part IV: Implementing Database-based authentication
• Part V: Extending Database-based authentication
• Part VI: Customizing the login page

Hardware and Software Environment

	Server	Client
IP Address	192.168.0.123	192.168.0.153
Operating system	Windows x64	Windows 7 x64
Software	JDK 7u11 Windows x64 Apache Tomcat 7.0.35 CAS 3.5.1	Visual Studio 2012 IIS 7 (optional)

Part I: Installing the configuration tomcat

1. Install the JDK on the server.

Click Next.

Click Next.

Click Next.

Click Close.

2. Install Tomcat on the server.

Click "Next".

Click "I Agree".

Select the "full" installation type and click "Next".

Click "Next".

Click "Next".

Click Install.

Click "Finish".

3. Configure SSL on Tomcat.

(1) Generate certificate

Under the C packing directory, create a subfolder "Keys" for storing certificates.

Click Start, run, enter cmd, and click OK to start the Command Prompt window.

Enter "CD" C:\Program Files\java\jre7\bin "" Into the Jre7 bin directory.

Execute the command "Keytool-genkey-alias tomcat-keyalg rsa-storepass changeit-keystore c:\keys\.keystore-validity 3600" to create the certificate.

(2) Import the certificate into the certificate Truststore of the JDK

First step: Export the certificate.

Execute command "Keytool-export-trustcacerts-alias tomcat-file c:\keys\tomcat.cer-keystore C:\keys\.keystore-storepass Changeit "Export the certificate to the Keys folder.

Step Two: Import the certificate into the JDK certificate Truststore.

Execute command "Keytool-import-trustcacerts-alias tomcat-file c:\keys\tomcat.cer-keystore" C:\Program files\java\jre7\lib\ Security\cacerts "-storepass Changeit". The system asks if you trust this certificate and answers "Y".

Other useful Keytool commands (list all existing certificates in the trust certificate store and delete a certificate in the library):

Keytool-list-v-keystore "C:\Program files\java\jre7\lib\security\cacerts"

Keytool-delete-trustcacerts-alias tomcat-keystore "C:\Program files\java\jre7\lib\security\cacerts"-storepass Changeit

4. Configure the Server.xml file.

Run the text editor as an administrator and open%tomcat_home%\conf\server.xml. Look for the SSL configuration and insert the following.

<connector port= "8443" protocol= "Org.apache.coyote.http11.Http11Protocol" sslenabled= "true"                maxthreads= " "Scheme=" https "secure=" true "                clientauth=" false "sslprotocol=" TLS "                keystorefile=" C:/keys/.keystore "                keystorepass= "Changeit"/>

As shown in the following:

4. Test that the SSL on Tomcat is configured successfully.

(1) Restart the Tomcat service. , click Stop, and then click Start.

(2) Open IE browser, test "http://localhost:8080" and "https://localhost:8443/" respectively

Because the security certificate issued by this website is not issued by a trusted certificate authority, IE will have a warning message, here we click "continue to visit this website (not recommended)." ”。

If you see the above interface, it indicates that Tomcat's SSL configuration was successful.

Go Yale CAS +. NET Client implementation SSO (1)