Cas enables single-point logon and logout (java and php clients)

Cas implements single-point logon and logout (java and php clients) (transfer). in recent projects, single-point logon is required. the client includes java and php, and java has several applications, php is discuz + supesite + ucenter, required? To enable single-point logon and logout for these clients, I found a lot of relevant information on the Internet and finally configured it successfully today. The steps are as follows :? 1. cas enables single-point logon and logout (for java and php clients) (for conversion)

In recent projects, SPOF is required. the client includes java and php. java has several applications. php is discuz + supesite + ucenter.

?

To enable single-point logon and logout for these clients, I found a lot of relevant information on the Internet and finally configured it successfully. The steps are as follows:

?

1. cas server ::Http://downloads.jasig.org/cas/,Cas servers and clients have many versions, the latest version and the old version.

?

There is a big difference, the latest version of the current server is: cas-server-3.4.4-release.zip

?

Decompress cas-server-3.4.4-release.zip and rename the cas-server-webapp-3.4.4.war under the modules Directory cas. war to copy

?

Start tomcat under webapps of tomcat and access: http: // localhost: 8080/cas/login to see the logon interface:

By default, the cas server uses user name = password verification and https verification. you must configure a certificate for tomact. The system does not use https verification. for https verification, see:

?

Http://blog.csdn.net/haydenwang8287/archive/2010/07/26/5765941.aspx.

?

1.1 If https authentication is not used, the server needs to be configured

(1) cas \ WEB-INF \ deployerConfigContext. xml

P: httpClient-ref = "httpClient"/>

?

? Add the parameter p: requireSecure = "false", whether security verification is required, that is, HTTPS. if false is not used, add the parameter as follows:

?

? P: httpClient-ref = "httpClient "? P: requireSecure = "false"/>

?

2. cas \ WEB-INF \ spring-configuration \

TicketGrantingTicketCookieGenerator. xml

????? P: cookieSecure = "true"

????? P: cookieMaxAge = "-1"

????? P: cookieName = "CASTGC"

????? P: cookiePath = "/cas"/>

?

Parameter p: cookieSecure = "true". Similarly, it is related to HTTPS verification. TRUE indicates HTTPS verification and FALSE indicates that https verification is not used.

Parameter p: cookieMaxAge = "-1", which is simply the maximum life cycle of a COOKIE.-1 indicates no life cycle, which is valid only in the currently opened IE window, IE closes or re-opens other windows, verification is still required. You can change it to a number greater than 0 as needed, such as 3600. This means that any IE window opened within 3600 seconds does not require verification.

?

1.2 Server exit access: http: // localhost: 8080/cas/logout,

?

?

If you want to return after exiting, you need to configure

Server cas-servlet.xml configuration

Add property p: followServiceRedirects = "true"

?

The exit link is http: // localhost: 8080/cas/logout? Service = http: // localhost: 8080/Casclient/index. jsp

?

1.3 modify the server-side verification method and adopt database verification:

Modify the configuration file deployerConfigContext. xml and add the dbcp connection pool: (oracle is used as an example)

?

????
????????? Oracle. jdbc. driver. OracleDriver
????
????
????????? Jdbc: oracle: thin: @ 192.168.18.26: 1521: orcl
????
????
????????? Test
????
????
????????? Test
????
??

?

The jar package is required: (see Attachment: cas-server-support-jdbc-3.4.4.jar, commons-dbcp-1.2.1.jar, commons-pool-1.3.jar, ojdbc14_g.jar)

?

Configure the encryption method. cas has built-in MD5 encryption. you can also write your own encryption class to implement the org. jasig. cas. authentication. handler. PasswordEncoder interface:

? ? ??? Class = "org. jasig. cas. authentication. handler. DefaultPasswordEncoder" autowire = "byName"> ?????
??? ?
??

?

Comment out the default verification method and use database query verification:

?????
?????
????

?

?????
?????
????? ???????? Value = "select password from userinfo where lower (username) = lower (?) "/>
?????
?????
???
??

?

--------------- Here, the configuration of the cas server is complete.

?

?

2. configure the java client and download the client:Http://downloads.jasig.org/cas-clients/, The latest version is: cas-client-3.2.0

?

Copy the jar files under modules to the lib of the java client Casclient1 and configure the filter in web. xml as follows (see the attachment for details ):

? Xmlns = "http://java.sun.com/xml/ns/j2ee"
? Xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance"
? Xsi: schemaLocation = "http://java.sun.com/xml/ns/j2ee
? Http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd>
?
?
?

?
???????? Org. jasig. cas. client. session. SingleSignOutHttpSessionListener
?

?

?
???????? CAS Single Sign Out Filter
???????? Org. jasig. cas. client. session. SingleSignOutFilter
?
?
???????? CAS Single Sign Out Filter
???????? /*
?

?
?
?
???????? CASFilter
???????? Org. jasig. cas. client. authentication. AuthenticationFilter
????????
???????????????? CasServerLoginUrl
???????????????? Http: // 192.168.18.8: 8080/cas/login
????????????????
????????
????????
???????????????? ServerName
???????????????? Http: // 192.168.18.8: 8989
????????
?
?
???????? CASFilter
???????? /*
?
?
?
?
???????? CAS Validation Filter
????????
???????????????? Org. jasig. cas. client. validation. cas20proxyconfiguringticketvalidationfilter
????????
???????????????? CasServerUrlPrefix
???????????????? Http: /// 192.168.18.8: 8080/cas
????????
????????
???????????????? ServerName
???????????????? Http: // 192.168.18.8: 8989
????????
?
?
???????? CAS Validation Filter
???????? /*
?
?
?
?
???????? CAS HttpServletRequest Wrapper Filter
????????
???????????????? Org. jasig. cas. client. util. HttpServletRequestWrapperFilter
?
?
???????? CAS HttpServletRequest Wrapper Filter
???????? /*
?

??????? CAS Assertion Thread Local Filter
??????? Org. jasig. cas. client. util. AssertionThreadLocalFilter


??????? CAS Assertion Thread Local Filter
??????? /*

?
?
?
??? Index. jsp
?

?

The page is:

<%
AttributePrincipal principal = (AttributePrincipal) request. getUserPrincipal ();???
String username = principal. getName ();
%>

----------------------------------------------------------

Login successful. this is client 1.

Username: <% = username %>

Http: // localhost: 8989/Casclient2/index. jsp "> Enter Client 2

Http: // localhost: 8080/cas/logout? Service = http: // localhost: 8989/Casclient1/index. jsp "> exit

?

----------- The java client is successfully configured, published to tomcat, copied Casclient1 to Casclient2, started tomcat,

?

Access Casclient1 and go to the logon page. after successful logon, the logon success page is displayed. If no logon is required, the logon success page is displayed. java single-point logon is successful.

?

?

3, configure the php client, download the php client: http://downloads.jasig.org/cas-clients/php ?, The latest version is: CAS-1.2.0RC2

?

Create a php Project: Phpcasclient1, copy the CAS folder and CAS. php to the project, modify CAS/client. php, change https to http, and change docs/examples/example_simple.php

?

Copy to project, modify as follows:

//
// PhpCAS simple client
//

// Import phpCAS lib
Include_once ('Cas. php ');

PhpCAS: setDebug ();

// Initialize phpCAS
PhpCAS: client (CAS_VERSION_2_0, '192. 168.18.8 ', 192, 'Cas ');

// No SSL validation for the CAS server
PhpCAS: setNoCasServerValidation ();

// Force CAS authentication
PhpCAS: forceAuthentication ();

// At this step, the user has been authenticated by the CAS server
// And the user's login name can be read with phpCAS: getUser ().

// Logout if desired
If (isset ($ _ REQUEST ['logout']) {

?

? $ Param = array ("service" => "http: // localhost/Phpcasclient1/example_simple.php"); // return after logging out

? PhpCAS: logout ($ param );

}

// For this test, simply print that the authentication was successfull
?>

?
???PhpCAS simple client
?
?
??? Successfull Authentication! This is client 1
???

The user's login is .

???

PhpCAS version is .

?????

Http: // 192.168.18.8: 8989/Casclient1/index. jsp "> Go to java client 1

?????

Exit

?

?

Php_curl must be enabled for php configuration. you can copy Phpcasclient1 to Phpcasclient2.

?

Access: http: // localhost/Phpcasclient1/example_simple.php. go to the logon page. after successful logon, access Phpcasclient2 without logon,

?

The php single-point logon is successful. if you access the java client again, you do not need to log on. the single-point logon between php and java applications is successful.

?

Note: php phpCAS: client (CAS_VERSION_2_0, '2017. 168.18.8 ', 8080, 'Cas'); address and java web. the cas server address in xml is the same. I started to write an ip address: 192.168.18.8, a written localhost,

Php and java cannot log on synchronously. it has been depressing for a long time.

?

---------------- The java and php clients have been configured here. now you will find that the php and java clients cannot log out at a single point, and the php client also exits after exiting the java client, on the contrary, java exits, but php does not exit synchronously.

?

Here we need to make a configuration, in

PhpCAS: setNoCasServerValidation ();

// Force CAS authentication
PhpCAS: forceAuthentication ();

Add

?

PhpCAS: setNoCasServerValidation ();

// Force CAS authentication

PhpCAS: handleLogoutRequests ();? Here, we will check the server-side java exit notification to enable synchronous logout between php and java.

PhpCAS: forceAuthentication ();

?

?

?

As for the single-point login of discuz + supesite, after learning about the principle of php single-point login, we need to modify the login code of discuz + supesite. the discuz is logging. php

?

The supersite is batch. login. php is developed in java and is not very familiar with php. Therefore, the transformation is not very reliable. it is generally to allow discuz to log on to the console and obtain the user name based on the user name.

?

Obtain the password in the database and send it to the discuz system to log on to the system. Discuz uses cookie authentication. Therefore, discuz will not exit after the java end exits.

?

If anyone has a successful transformation, they can talk about it.

?

Reference URL:

Http://blog.csdn.net/DL88250/archive/2008/08/20/2799522.aspx

Http://www.wsria.com/archives/1349

Http://tonrenyuye.blog.163.com/blog/static/30012576200922925820471/

Http://www.discuz.net/thread-1416206-1-1.html