CAS for SSO Single sign-on

Environment
cas-server-4.1.8,cas-client-3.4.0,java-8,maven-3,tomcat-7.0.72

CAS Server Installation
Click here to enter the CAS download list and select Download Cas-4.1.8.zip.

Unzip the Cas-4.1.8.zip and enter the Cas-server-webapp directory, open cmd in the current directory, and execute the install command.

MVN-E-ff Clean Install-dmaven.test.skip=true
After personal testing (self-pulling of the telecom 12M Network), the installation process is very long, mainly because the mirror causes the dependent package download is very slow, this process needs to wait. or download the Cas.war file (note: The dependent package version of the file has been modified slightly, this does not affect the normal use).

After the installation is complete, you can see the Cas.war file in the Cas-server-webapp/target directory, which is the war package for the CAS Server app service.

CAS server security authentication is based on HTTPS, where a digital certificate is generated using the Keytool tool that comes with the JDK, and the application of the production environment system needs to purchase the certificate from the certificate provider. Certificate generation and Tomcat configuration

First make sure that Tomcat has normal access to HTTPS, copy the Cas.war file to Apache-tomcat-7.0.72/webapps for publishing, launch Tomcat, Access https://www.fanlychie.com : 8443/cas.

is the link opened with Firefox, select Advanced, add exception, confirm security exception.

User name and password in the Apache-tomcat-7.0.72/webapps/cas/web-inf/deployerconfigcontext.xml configuration file, locate and open the file, approximately 105 lines

<bean id= "Primaryauthenticationhandler"
class= "Org.jasig.cas.authentication.AcceptUsersAuthenticationHandler" >
<property name= "Users" >
<map>
<entry key= "Casuser" value= "Mellon"/>
</map>
</property>
</bean>

You can see that the default user name is Casuser, and the password is Mellon.

The page that you see indicates that CAS server has been deployed successfully.

CAS Server configuration based on database user authentication

Go back to the Cas-4.1.8.zip directory and go to the CAS-SERVER-SUPPORT-JDBC directory, open cmd in the current directory and execute the install command

1
MVN-E-ff Clean Install-dmaven.test.skip=true
After the installation is complete, get the Cas-server-support-jdbc-4.1.8.jar file in the target directory.

Copy the file to the Apache-tomcat-7.0.72/webapps/cas/web-inf/lib directory and add C3p0-0.9.1.2.jar,mysql-connector-java-5.1.17.jar to this directory Two files. If you have trouble, click here to download the package files for these three jar packages.

Open the Apache-tomcat-7.0.72/webapps/cas/web-inf/deployerconfigcontext.xml file again, probably on line 54th.

<bean id= "AuthenticationManager" class= "Org.jasig.cas.authentication.PolicyBasedAuthenticationManager" >
???? <constructor-arg>
???????? <map>
???????????? <!--
???????????????| IMPORTANT
???????????????| Every handler requires a unique name.
???????????????| If more than one instance of the same handler class are configured, you must explicitly
???????????????| Set its name to something and than its default name (typically, the simple class name).
??????????????? -
???????????? <entry key-ref= "Proxyauthenticationhandler" value-ref= "Proxyprincipalresolver"/>
???????????? <!--unregister this entry
???????????? <entry key-ref= "Primaryauthenticationhandler" value-ref= "Primaryprincipalresolver"/>
???????????? -
???????????? <!--Add this item--
???????????? <entry key-ref= "Myauthenticationhandler" value-ref= "Primaryprincipalresolver"/>
???????? </map>
???? </constructor-arg>
???? <!--uncomment the metadata populator to capture the password.
???? <property name= "Authenticationmetadatapopulators" >
??????? <util:list>
??????????? <bean class= "Org.jasig.cas.authentication.CacheCredentialsMetaDataPopulator"/>
??????? </util:list>
???? </property>
???? -
???? <!--
???????| Defines the security policy around authentication. Some alternative policies. Ship with CAS:
???????|
???????|Notpreventedauthenticationpolicy-all credential must either pass or fail authentication
???????| Allauthenticationpolicy-all presented credential must be authenticated successfully
???????| * Requiredhandlerauthenticationpolicy-specifies a handler that must authenticate it credential to pass
??????? -
???? <property name= "Authenticationpolicy" >
???????? <bean class= "Org.jasig.cas.authentication.AnyAuthenticationPolicy"/>
???? </property>
</bean>

Write off the second entry and add a entry, as configured above. Then add two bean configurations later.

<bean id= "DataSource" class= "Com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method= "Close" >
<property name= "Jdbcurl" value= "jdbc:mysql://127.0.0.1:3306/cas_test_db?autoreconnect=true&useunicode= True&characterencoding=utf-8 "/>
<property name= "User" value= "root"/>
<property name= "Password" value= "root"/>
<property name= "Driverclass" value= "Com.mysql.jdbc.Driver"/>
<property name= "Initialpoolsize" value= "ten"/>
<property name= "MaxIdleTime" value= "1800"/>
<property name= "maxpoolsize" value= "/>"
<property name= "Acquireincrement" value= "5"/>
<property name= "acquireretryattempts" value= "/>"
<property name= "Acquireretrydelay" value= "/>"
<property name= "Breakafteracquirefailure" value= "false"/>
<property name= "Autocommitonclose" value= "false"/>
<property name= "Checkouttimeout" value= "30000"/>
<property name= "idleconnectiontestperiod" value= "/>"
</bean>
<bean id= "Myauthenticationhandler" class= "Org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:datasource-ref= "DataSource"
P:sql= "Select passwd from user WHERE name =?"/>

Where the user-built table statement in the CAS_TEST_DB database is

CREATE TABLE user (
idInt (one) not NULL auto_increment,
namevarchar (255) Not NULL,
passwdvarchar (255) Not NULL,
PRIMARY KEY ( id )
)

Reboot Tomcat, Access Https://www.fanlychie.com:8443/cas, log in to the system with NAME/PASSWD as username and password in the database, if the login is successful, the configuration is successful.

CAS Client clients use and configure
Create two Web project Cas-client1,cas-client2 using MAVEN. Click here to download the demo file.

Cas-client1 Project Pom.xml Configuration

<dependencies>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.4.0</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.12</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<path>/</path>
<port>8881</port>
<uriEncoding>UTF-8</uriEncoding>
<protocol>org.apache.coyote.http11.Http11NioProtocol</protocol>
<clientAuth>false</clientAuth>
<keystoreFile>C:\Users\fanlychie.keystore\selfissue.jks</keystoreFile>
<keystorePass>123654</keystorePass>
<keystoreType>JKS</keystoreType>
<url>http://localhost:8081/manager/html</url>
</configuration>
</plugin>
</plugins>
</build>

You must first ensure that the project HTTPS protocol is properly accessible, or CAS server cannot authenticate.

Select Project, Run as, Maven build ...-tomcat7:run

Visit https://www.fanlychie.com:8081, if available, to indicate that Tomcat is ready.

Cas-client1 Project Web. XML configuration

<?xml version= "1.0" encoding= "UTF-8"?>
<web-app version= "2.5" xmlns= "Http://java.sun.com/xml/ns/javaee" xmlns:xsi= "http://www.w3.org/2001/ Xmlschema-instance "xsi:schemalocation=" Http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ Web-app_2_5.xsd ">
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

<filter> <filter-name>    CAS Single Sign Out filter</filter-name>    <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>        <init-param>        <param-name>casServerUrlPrefix</param-name> <!        --The CAS server address--> is configured here    <param-value>https://www.fanlychie.com:8443/cas</param-value>    </init-param></filter><filter-mapping> <filter-name>    CAS Single Sign Out filter</filter-name>    <url-pattern>/*</url-pattern></filter-mapping><filter> <filter-name>    CAS Authentication filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class&    Gt        <init-param> ≪param-name>casserverloginurl</param-name> <!        --The CAS server login address is configured here-->    <param-value>https://www.fanlychie.com:8443/cas/login</param-value>    </init-param>        <init-param>        <param-name>serverName</param-name> <!        --The current project address is configured here, and the HTTPS service must be used, or CAS server cannot authenticate-->    <param-value>https://www.fanlychie.com:8081</param-value>    </init-param></filter><filter-mapping> <filter-name>    CAS Authentication filter</filter-name>    <url-pattern>/*</url-pattern></filter-mapping><filter> <filter-name>    CAS Validation filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>        <init-param>        <param-name>casServerUrlPrefix</param-name> <!        --The CAS server address--> is configured here    <param-value>https://www.fanlychie.com:8443/cas</param-value>    </init-param>        <init-param>        <param-name>serverName</param-name> <!        --The current project address is configured here, and the HTTPS service must be used, or CAS server cannot authenticate-->    <param-value>https://www.fanlychie.com:8081</param-value>    </init-param></filter><filter-mapping> <filter-name>    CAS Validation filter</filter-name>    <url-pattern>/*</url-pattern></filter-mapping><filter> <filter-name>    CAS HttpServletRequest Wrapper filter</filter-name> <filter-class>org.jasig.cas.client.util.httpservletrequestwrapperfilter</filter-class></filter><    Filter-mapping> <filter-name>    CAS HttpServletRequest Wrapper filter</filter-name>    <url-pattern>/*</url-pattern></filter-mapping><filter> <filter-name>    CAS Assertion Thread Local filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>    </filter><filter-mapping> <filter-name>    CAS Assertion Thread Local filter</filter-name> <url-pattern>/*</url-pattern></filter-mapping><    Welcome-file-list> <welcome-file>index.jsp</welcome-file></welcome-file-list>

</web-app>

The above is the CAS client standard configuration

Cas-client2 configuration is basically the same as the Cas-client1 configuration, details can be seen in the demo, while starting these two projects

cas-client1-https://www.fanlychie.com:8081
cas-client2-https://www.fanlychie.com:8082
Accessing one of these items https://www.fanlychie.com:8081 automatically jumps to

Https://www.fanlychie.com:8443/cas/login?service=https%3A%2F%2Fwww.fanlychie.com%3A8081%2F.

Since the CAS authentication system has not been logged in, the CAS authentication system intercepts your access, enters the authentication system login interface, and when the login is successful, the CAS service jumps to the address you just visited.

When you visit https://www.fanlychie.com:8082, you do not need to log in at this time.

At this point, CAS realizes SSO Single sign-on system construction end

CAS for SSO Single sign-on