CAS implements single sign-on, logout (Java and PHP client) (RPM)

Source: Internet
Author: User
CAS implements single sign-on, logout (Java and PHP client) (RPM)

Recent projects need to do single sign-on, the client contains Java and Php,java have several applications, PHP is discuz+supesite+ucenter, need to

?

To these clients to be able to single sign-on and log out, find a lot of relevant information on the Internet, today finally configured successfully, the steps are as follows:

?

1. CAS server: Download address: http://downloads.jasig.org/cas/ ,There are many versions of the CAS server and client, the latest version and the old version

?

There is a big difference, the current service side is the latest version: Cas-server-3.4.4-release.zip

?

Unzip Cas-server-3.4.4-release.zip to rename the Cas-server-webapp-3.4.4.war under the modules directory as Cas.war copy to

?

under Tomcat's WebApps, launch Tomcat, Access: Http://localhost:8080/cas/login you will see the login screen:


CAS server by default is the user name = password authentication, and the use of HTTPS authentication, need to give Tomact configuration certificate, the system does not use HTTPS authentication, if the use of HTTPS authentication can be consulted:

?

http://blog.csdn.net/haydenwang8287/archive/2010/07/26/5765941.aspx .

?

1.1, if not using HTTPS authentication, server side needs to configure

1, Cas\web-inf\deployerconfigcontext.xml


p:httpclient-ref= "HttpClient"/>

?

Add the parameter p:requiresecure= "false", whether the need for security verification, that is, Https,false is not used, plus go after the following:

?


? p:httpclient-ref= "HttpClient"? P:requiresecure= "false"/>

?

2, cas\web-inf\spring-configuration\

Ticketgrantingticketcookiegenerator.xml

< span="">

????? P:cookiesecure= "true"

????? P:cookiemaxage= "-1"

????? P:cookiename= "CASTGC"

????? P:cookiepath= "/cas"/>

?

Parameter p:cookiesecure= "True", which is related to HTTPS authentication, true for HTTPS authentication, FALSE for HTTPS authentication.

The parameter p:cookiemaxage= "-1", which is simply the maximum life cycle of a cookie, 1 is a life cycle, that is, only in the currently open IE window, ie close or reopen other windows, will still require validation. can be modified as necessary to a number greater than 0, such as 3600, meaning that within 3,600 seconds, open any IE window, do not need to verify.

?

1.2. Server-side exit Access: Http://localhost:8080/cas/logout ,

?

?

If you wish to return after exiting, you need to configure

Service-Side Cas-servlet.xml configuration

Add Property p:followserviceredirects= "true"

?

The exit link is:http://localhost:8080/cas/logout?service=http://localhost:8080/Casclient/index.jsp

?

1.3, change the server-side authentication method, using Database authentication:

Modify the configuration file Deployerconfigcontext.xml, add DBCP Connection pool: (Oracle as an example)

?


????
????????? Oracle.jdbc.driver.OracleDriver
????
????
????????? JDBC:ORACLE:THIN:@192.168.18.26:1521:ORCL
????
????
????????? Test
????
????
????????? Test
????
??

?

The required jar packages are: (see annex: Cas-server-support-jdbc-3.4.4.jar,commons-dbcp-1.2.1.jar,commons-pool-1.3.jar,ojdbc14_g.jar)

?

Configure the encryption method, CAS has built-in MD5 encryption, you can also write your own encryption class, implement the Org.jasig.cas.authentication.handler.PasswordEncoder interface can:

? ?
??? class= "Org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire= "byname" >?????
??? ?
??

?

Comment out the default authentication method, using database query validation:


?????
?????
????

?

??? ??
?????
?????
???????? value= "Select password from userinfo where lower (username) = lower (?)"/>
?????
?????
???
??

?

---------------here, the CAS server configuration is complete.

?

?

2. Java Client configuration, download client: http://downloads.jasig.org/cas-clients/ , currently the latest version is: cas-client-3.2.0

?

Copy the jar under modules to the Java Client Casclient1 Lib and configure the filter in Web. config as follows (see attached for details):



? xmlns= "HTTP://JAVA.SUN.COM/XML/NS/J2EE"
? xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance"
? xsi:schemalocation= "HTTP://JAVA.SUN.COM/XML/NS/J2EE
?http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
?
?
?

?
???????? Org.jasig.cas.client.session.SingleSignOutHttpSessionListener
?

?

?
???????? CAS Single Sign Out Filter
???????? Org.jasig.cas.client.session.SingleSignOutFilter
?
?
???????? CAS Single Sign Out Filter
???????? /*
?

?
?
?
???????? Casfilter
???????? Org.jasig.cas.client.authentication.AuthenticationFilter
????????
???????????????? Casserverloginurl
???????????????? Http://192.168.18.8:8080/cas/login
????????????????
????????
????????
???????????????? ServerName
???????????????? http://192.168.18.8:8989
????????
?
?
???????? Casfilter
???????? /*
?
?
?
?
???????? CAS Validation Filter
????????
???????????????? Org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
????????
???????????????? Casserverurlprefix
???????????????? Http://192.168.18.8:8080/cas
????????
????????
???????????????? ServerName
???????????????? http://192.168.18.8:8989
????????
?
?
???????? CAS Validation Filter
???????? /*
?
?
?
?
???????? CAS httpservletrequest Wrapper Filter
????????
???????????????? Org.jasig.cas.client.util.HttpServletRequestWrapperFilter
?
?
???????? CAS httpservletrequest Wrapper Filter
???????? /*
?


??????? CAS Assertion Thread Local Filter
??????? Org.jasig.cas.client.util.AssertionThreadLocalFilter


??????? CAS Assertion Thread Local Filter
??????? /*

?
?
?
??? index.jsp
?

?

The page is:

<%
Attributeprincipal principal = (Attributeprincipal) request.getuserprincipal ();???
String username = principal.getname ();
%>

----------------------------------------------------------

Login successful, this is client 1 AH



User name: <%=username%>

http://localhost:8989/Casclient2/index.jsp> Enter the Client 2

http://localhost: 8080/cas/logout?service=http://localhost:8989/casclient1/index.jsp "> Exit

?

-----------Here the Java Client Configuration succeeded, published to Tomcat, replicated Casclient1 renamed Casclient2, launched Tomcat,

?

Access to Casclient1, jump to the login page, successful login successfully to the Login Success page, then access Casclient2 found that do not need to login to display the login Success page, Java Single Sign-on success.

?

?

3, configure PHP client, download PHP client:http://downloads.jasig.org/cas-clients/php/?, the current version is: CAS-1.2.0RC2

?

New PHP Project: Phpcasclient1, copy the CAs folder and cas.php to the project, modify the cas/client.php, change the HTTPS to HTTP, and docs/examples/example_simple.php

?

Copy to the project and modify the following:

//
Phpcas Simple Client
//

Import Phpcas Lib
Include_once (' cas.php ');

Phpcas::setdebug ();

Initialize Phpcas
Phpcas::client (cas_version_2_0, ' 192.168.18.8 ', 8080, ' CAS ');

No SSL validation for the CAS server
Phpcas::setnocasservervalidation ();

Force CAS Authentication
Phpcas::forceauthentication ();

At this step, the user had been authenticated by the CAS server
And the user ' s login name can be read with Phpcas::getuser ().

Logout if desired
if (Isset ($_request[' logout ')) {

?

? $param =array ("service" ="http://localhost/Phpcasclient1/example_simple.php");// return after logging out

? phpcas::logout ($param);


}

For this test, simply print, the authentication is successfull
?>

?
???Phpcas Simple Client
?
?
???

Successfull authentication! This is client 1


???

The user ' s login is.


???

Phpcas version is.


??? ??

http://192.168.18.8:8989/Casclient1/index.jsp "> Go to Java Client 1


???? ?

Exit


?

?

PHP configuration needs to turn on Php_curl, can copy Phpcasclient1 to Phpcasclient2

?

Access:http://localhost/Phpcasclient1/example_simple.php, jump to login page, login after successful access to Phpcasclient2, do not need to login,

?

PHP Single Sign-on success, then again access to Java Client discovery also do not need to login, PHP and Java applications between single sign-on success.

?

Note: PHP's phpcas::client (cas_version_2_0, ' 192.168.18.8 ', 8080, ' CAS '); The address needs to be the same as the CAS server address in Java Web. XML, I started a write ip:192.168.18.8, a write localhost,

PHP and Java always can not sync login, depressed for a long time

?

----------------here the Java and PHP client has been configured to complete, now you will find PHP and Java can not be a single point of logout, PHP side exit Java Client also exited, and Java quit but PHP did not sync out

?

Here you need to make a configuration, in

Phpcas::setnocasservervalidation ();

Force CAS Authentication
Phpcas::forceauthentication ();

Here Plus

?

Phpcas::setnocasservervalidation ();

Force CAS Authentication

Phpcas::handlelogoutrequests ();? This will detect the server-side Java exit notification, you can realize the synchronization between PHP and Java logout.

Phpcas::forceauthentication ();

?

?

?

As for the Discuz+supesite single sign-on, and then understand the PHP single-sign-on principle will need to transform the Discuz+supesite login code, discuz for the logging.php

?

Supersite for batch.login.php, I do Java development, is not very familiar with PHP, so the transformation of the feeling is not very reliable, basically let Discuz single sign in, get the user name, according to the user

?

Get the password in the database and give it to the Discuz system to log on to its own login system. The discuz is validated by a cookie, so discuz does not exit after the Java side exits.

?

If anyone has a successful transformation can communicate under.

?

Reference URL:

Http://blog.csdn.net/DL88250/archive/2008/08/20/2799522.aspx

http://www.wsria.com/archives/1349

http://tonrenyuye.blog.163.com/blog/static/30012576200922925820471/

Http://www.discuz.net/thread-1416206-1-1.html

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.