CAS-based SSO single sign-on

1. Scene Restore

There is always a single sign on the wood to hear. But I do not know the principle of it; Single Sign-On (SSO) is a popular business integration scheme, and users can access mutual trust application system only once. Today I am based on CAs to achieve single sign-on, hoping to give everyone inspiration. 2. precautions

In this instance project, contains 3 Tomcat:tomcat-main,tomcat-1,tomcat-2;tomcat-main to implement HTTPS access; Tomcat-1 and tomcat-2 represent two subsystems. 3.tomcat-main Settings

① Create java,tomcat-main,tomcat-1,tomcat-2 Four directories under the Usr/local directory in the Linux environment

② upload the corresponding tar package, and unzip, remember the JDK to configure the environment in/etc/profile (add at the end of profile)

③ here does not set HTTPS, because the domain name audit Strict, HTTPS settings can see the author of the HTTPS settings and HTTP automatic jump HTTPS

④ download Cas-server, Link: https://www.apereo.org/projects/cas/download-cas, I download here is 4.0.0, extract extraction modules/ Cas-server-webapp.war, will change the file name Cas.war, upload to Tomcat-main WebApps

⑤ Modify Deployerconfigcontext.xml (Cas/web-inf) to increase the parameter p:requiresecure= "false", whether security authentication is required, that is, Https,false is not adopted.

⑥ Modify Ticketgrantingticketcookiegenerator.xml (cas/web-inf/spring-configuration/ Ticketgrantingticketcookiegenerator.xml) Ticketgrantingticketcookiegenerator P:cookiesecure property modified to False

I use the Ngrok intranet forwarding, domain name configuration information screenshot:

Main application:

Client 1:

Client 2:

⑦ assign a Linux virtual host to three different domain names,

The three domain IDs are then copied to the Ngrok client for forwarding, accessing the Http://dajiu.ngrok.cc/cas/login

⑧vim Deployerconfigcontext.xml (cas/web-inf), view password

Then landing, Effect diagram

4. Settings for client Tomcat

① Edit Modify Tomcat-1/conf/server.xml,

Change 8005 to 18005

Change 8080 to 18080,8443 to 18443

Change 8009 to 18009,8443 to 18443

A total of 5 port number modification;

②tomcat-2 in the 5 ports as on the way to 2 start, 28005,28080,28009,28443, here will not repeat the

③ download cas-client, Link: http://developer.jasig.org/cas-clients/, Here the author downloads the version 3.2.1, extract the Client-core-3.2.1.jar and Commoms-logging.jar under modules and upload the two to Tomcat1/webspps/examples/web_ Inf/lib under

And then access the http://client1.ngrok.cc/examples/servlets/, the effect is

This indicates that the TOMCAT-1 environment is basically set up;

④ then add the following in the Tomcat-1\webapps\examples\web-inf\web.xml file

<!--======================== Single Sign-on starts ========================-<!--for single-point logout, which allows for single-point logout, optional configuration- <listener> <listener-class> Org.jasig.cas.client.session.SingleSignOutHttpSessionListener </ Listener-class> </listener>   <!--This filter is used for single-point logout, optional configuration. -<filter> <filter-name> CAS Single Sign out filter </filter-name> <filter-class> Org.jasig . cas.client.session.SingleSignOutFilter </filter-class> </filter> <filter-mapping> < Filter-name> CAS Single Sign out Filter </filter-name> <url-pattern>/* </url-pattern> </ filter-mapping>   <filter> <filter-name> CAS filter </filter-name> <filter-class> Org.jasig.cas.client.authentication.AuthenticationFilter </filter-class> <init-param> <param-name > Casserverloginurl </param-name> <param-value> http://dajiu.ngrok.cc/cas/login </param-value>