CAS Single Sign-on configuration [3]: server-side configuration

This article describes the configuration of the server side after work on preparation, certificate generation, etc. is completed.

JDK Configuration

1. 1

   We will copy the generated cacerts files to the Jre/lib/security directory under the JDK directory and the corresponding directory of the JRE, if this file exists before, please replace it;

   END

Tomcat Configuration

1. 1

   Step 1: Copy all the certificate files except cacerts to the root directory of Tomcat, if the server side and client share a tomcat only need to copy once, otherwise several tomcat copies several times.

   Step 2: Modify the Tomcat conf/server.xml configuration file to find the following configuration code:

   <connector port= "8443" protocol= "http/1.1" sslenabled= "true"

   maxthreads= "Scheme=" "https" secure= "true"

   Clientauth= "false" sslprotocol= "TLS"/>

   **************************************************************

   Modified to:

   <connector protocol= "Org.apache.coyote.http11.Http11NioProtocol"

   port= "8443" minsparethreads= "5" maxsparethreads= "75"

   Enablelookups= "true" disableuploadtimeout= "true"

   Acceptcount= "maxthreads=" 200 "

   Scheme= "https" secure= "true" sslenabled= "true"

   Clientauth= "false" sslprotocol= "TLS"

   Keystorefile= "D:/develop/tomcat7.0.55/server.keystore"

   keystorepass= "Changeit"/>

   [note] Here SSL port is 8443, if you want to access without the port number can be changed to the default port 443 , Keystorefile point to the Server.keystore file we copied, Keystorepass is the password information.

   END

Database configuration

2. Step 1: Because the CAS default policy is username = password, that is, login succeeded, which is obviously unsafe, open the Tomcat installation directory by pressing Webapps/cas/web-inf find Deployerconfigcontext.xml modify the following two:

   First place:

   Will <bean class=

   "Org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"/>

   Switch

   <bean class= "Org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" >

   <property name= "DataSource" ref= "DataSource" ></property>

   <property name= "SQL" value= "select password from Tbl_user where login_name=? ">

   </property>

   <property name= "Passwordencoder" ref= "Md5passwordencoder" ></property>

   </bean>

   *****************************************************************

   Query the user name password from Tbl_user, the table structure is as follows.

3. Second place:

   Add before </beans>

   <bean id= "Audittrailmanager" class=

   "Com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager"/>

   <bean

   Id= "Md5passwordencoder" class=

   "Org.jasig.cas.authentication.handler.DefaultPasswordEncoder" >

   <constructor-arg index= "0" >

   <value>MD5</value>

   </constructor-arg>

   </bean>

   <bean

   Id= "DataSource" class= "Org.springframework.jdbc.datasource.DriverManagerDataSource" >

   <property name= "Driverclassname" >

   <value>com.microsoft.sqlserver.jdbc.SQLServerDriver

   </value>

   </property>

   <property name= "url" >

   <value>jdbc:sqlserver://localhost:1433;databasename=

   </value>

   </property>

   <property name= "username" ><value>sa</value></property>

   <propertyname= "Password" >

   <value>databaseadmin</value>

   </property>

   </bean>

   The SQLServer2008 database is used here, and if the other database is bold, the italic section needs to be modified.

5. The data table structure is as follows:

7. [note] The data source is SQL Server, done as the above configuration also to the database to establish the corresponding table, and the configuration of the field corresponding to the 32-bit MD5 encryption algorithm, the database must also use the password field MD5 encryption.

   [Attached]:

   admin888 32-bit MD5 cipher: 7fef6171469e80d32c0559f88b377245

   Do not rush to run, missing jar package will be error ...

9. Step 2: Find the Cas-server-3.4.10/modules directory,

   Copy the Cas-server-support-jdbc-3.4.10.jar and corresponding database driver packages to the CAs Lib directory.

   Configuration complete, reboot tomcat, if error please check the configuration file or Jar package import is wrong!

   Test: Username and password are entered 1

11. 6

    Then replace the user name password set in our database, if the login success indicates that the server-side configuration is successful!

    END

Precautions

• If the login interface cannot be displayed after the XML file is configured, carefully check that the tags in the XML are symmetrical and the contents are correct!
• Database is SQlServer2008

CAS Single Sign-on configuration [3]: server-side configuration