Home > Others

CAS Single Sign-On Configuration

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Document directory
  • 1. Create a certificate
  • 2. Export the certificate
  • 3. Client JVM Import Certificate
  • 4. Apply the certificate to the Web server. Tomcat is used here.
  • 5. Configure the CAS Server
  • 6. Configure the CAS server to connect to the database
  • 7. CAS client Configuration
  • 8. Modify the CAS logon page
  • 9. CAS retrieval on the client page

I read the CAS Single Sign-On configuration tutorial of coffee rabbit and wrote it very well. After a day of hard work, I finally configured the configuration successfully and recorded the configuration steps.

1. Create a certificate

Certificates are an important key in the Single Sign-On authentication system. The interaction security of clients on servers depends on certificates; in this tutorial, we will use the keytool tool that comes with JDK to generate certificates. If you are actually using it in the product environment in the future, you must purchase it from the certificate provider. Generally, Verisign is used for certificate authentication.

Here we use the built-in JDK keytool to generate a certificate: keytool-genkey-alias mycas-keyalg RSA-keystore D:/keys/mykey

Note that the first and last names are the inputs of the domain name. Do not use IP addresses.

2. Export the certificate

D: \ Keys> keytool-export-file D:/keys/mycas. CRT-alias wsria-keystore D:/keys/mykey

3. Client JVM Import Certificate

Keytool-import-keystore D: \ JDK \ 1.6 \ jdk1.6.0 _ 20 \ JRE \ Lib \ SECURITY \ cacerts-file D:/keys/mycas. CRT-alias mycas

It is worth noting that I reported an error during the configuration process, a java. Io exception. Solution: Delete the cacerts of the jdk directory \ JRE \ Lib \ Security.

4. Apply the certificate to the Web server. Tomcat is used here.

Open the conf/server. xml file in the Tomcat directory, at the end of 8443, and set keystorefile and keystorepass. The Modification result is as follows:

<Connector Port = "8443" protocol = "HTTP/1.1" sslenabled = "true" maxthreads = "150" Scheme = "HTTPS" secure = "true" clientauth = "false" sslprotocol = "TLS" keystorefile = "D: /keys/mykey "keystorepass =" generate key password "/>

Parameter description: keystorefile: The storage location of the key created in step 1. keystorepass: the password when the certificate is created

Enable https: // localhost: 8443/. You can test it.

5. Configure the CAS Server

Cas-server-3.4.3.1.zip unzipping, unzipping cas-server-3.4.3/modules/cas-server-webapp-3.4.3.1.war, rename cas. War, Tomcat automatically unzipping open, and then copy the CAS directory to your tomcat/webapp directory

Https: // localhost: 8443/CAS/login. Now, enter Admin/admin on the CAS Server Page and click "Log On". (the default CAS verification rule will pass as long as the user name and password are the same) the system prompts that the logon is successful.

6. Configure the CAS server to connect to the database

First open the tomcat/webapp/CAS/WEB-INF/deployerconfigcontext. xml file, comment out simpletestusernamepasswordauthenticationhandler this verification Handler

Add the following JDBC query interface. For data sources, add the MD5 encryption interface of CAS.

<! -- Configure the JDBC query interface --> <Bean class = "org. JASIG. CAS. adaptors. JDBC. querydatabaseauthenticationhandler "> <property name =" datasource "ref =" datasource "/> <property name =" SQL "value =" select password from t_admin_user where login_name =? "/> <! -- <Property name = "passwordencoder" ref = "md5passwordencoder"/> --> </bean> <bean id = "datasource" class = "org. springframework. JDBC. datasource. drivermanagerdatasource "> <property name =" driverclassname "> <value> oracle. JDBC. driver. oracledriver </value> </property> <property name = "url"> <value> JDBC: oracle: thin: @ 127.0.0.1: 1521: orcl </value> </property> <property name = "username"> <value> zhouyujie </value> </property> <Property name = "password"> <value> zhouyujie </value> </property> </bean> <! -- <Bean id = "md5passwordencoder" class = "org. JASIG. CAS. authentication. handler. defaultpasswordencoder "> <constructor-Arg Index =" 0 "> <value> MD5 </value> </constructor-Arg> </bean> -->
Copy cas-server-3.4.3.1 \ modules \ cas-server-support-jdbc-3.4.3.1.jar and MySQL driver jar package to Tomcat/webapp/CAS/WEB-INF/lib directory 7, CAS client Configuration

Add a cas-client-core-3.2.1.jar package in your client project.

Add the following information to Web. xml:

<! -- Used for single-point exit. This filter is used for single-point logout. Optional. --> <listener-class> Org. JASIG. CAS. client. session. singlesignouthttpsessionlistener </listener-class> </listener> <! -- This filter is optional for single-point logout. --> <Filter-Name> CAS Single Sign Out filter </filter-Name> <filter-class> Org. JASIG. CAS. client. session. singlesignoutfilter </filter-class> </filter> <filter-mapping> <filter-Name> CAS Single Sign Out filter </filter-Name> <URL-pattern>/* </url-pattern> </filter-mapping> <! -- This filter is used for user authentication and must be enabled --> <filter-Name> casfilter </filter-Name> <filter-class> Org. JASIG. CAS. client. authentication. authenticationfilter </filter-class> <init-param> <param-Name> casserverloginurl </param-Name> <param-value> https: // localhost: 8443/CAS/login </param-value> <! -- The server here is the server's IP --> </init-param> <param-Name> servername </param-Name> <param-value> HTTP: // localhost: 8080 </param-value> </init-param> </filter> <filter-mapping> <filter-Name> casfilter </filter-Name> <URL-pattern>/ * </url-pattern> </filter-mapping> <! -- This filter is used for ticket verification and must be enabled --> <filter-Name> CAS validation filter </filter-Name> <filter-class> Org. JASIG. CAS. client. validation. cas20proxypolicingticketvalidationfilter </filter-class> <init-param> <param-Name> casserverurlprefix </param-Name> <param-value> https: // localhost: 8443/CAS </param-value> </init-param> <param-Name> servername </param-Name> <param-value> HTTP: // localhost: 8080 </param-va Lue> </init-param> </filter> <filter-mapping> <filter-Name> CAS validation filter </filter-Name> <URL-pattern>/* </ URL-pattern> </filter-mapping> <! -- This filter is used to implement the package of the httpservletrequest request. For example, you can use the getremoteuser () method of httpservletrequest to obtain the login name of the SSO logon user. Optional. --> <Filter-Name> CAS httpservletrequest wrapper filter </filter-Name> <filter-class> Org. JASIG. CAS. client. util. httpservletrequestwrapperfilter </filter-class> </filter> <filter-mapping> <filter-Name> CAS httpservletrequest wrapper filter </filter-Name> <URL-pattern>/* </ URL-pattern> </filter-mapping> <! -- This filter allows developers to use org. JASIG. Cas. Client. util. assertionholder to obtain the user's login name. For example, assertionholder. getassertion (). getprincipal (). getname (). --> <Filter-Name> CAS assertion Thread Local filter </filter-Name> <filter-class> Org. JASIG. CAS. client. util. assertionthreadlocalfilter </filter-class> </filter> <filter-mapping> <filter-Name> CAS assertion Thread Local filter </filter-Name> <URL-pattern>/* </url-pattern> </filter-mapping> <! -- = ============== -->
8. Modify the CAS logon page

You can modify the appearance of the CAS login page, which must be used in actual projects.

9. CAS retrieval on the client page

On the page, we can use string uname = request. getremoteuser (); to obtain the username information in CAS.

 

Thanks again for the tutorial, haha, ^ 0 ^...

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
adfs single sign on ade single sign on sailpoint single sign on single sign on software verizon single sign on oauth2 single sign on um single sign on

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More