Home > Others

CAS uses esup plug-in to authenticate single-point logon for DB users

Source: Internet
Author: User
Tags ldap
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The most frequently used method in SSO implementation is, of course, using relational databases to authenticate users. Using the esup plug-in can easily use the DB user authentication method for CAS, this document describes how to configure esup. Esup is mainly divided into three authentication modes: binding mode (that is, DB users can pass CAS authentication), and searching mode (that is, users in a table in dB can pass CAS authentication ), query mode (CAS authentication is enabled when the results obtained by using SQL query statements match user information ).

This method is esentially used by organizations of which some users, for technical or political reasons, are not registered in their LDAP directory but in a distinct database.

As well as for LDAP authentication, fault tolerance is insured by the redundancy of database servers, and three access modes are provided (Bind,SearchAndQuery).

Bind Mode

In this mode, users shoshould be declared in the database, I. e. Be database users; authentication is successfull when the information given by the user allows CAs to connect to the database.

One may use:

<authentication debug="off">
      <classname>
      org.esupportail.cas.server.handlers.database.SearchDatabaseHandler
    </classname>
    <config>
      <server>
        <jdbc_driver>com.mysql.jdbc.Driver</jdbc_driver>
        <jdbc_url>jdbc:mysql://127.0.0.1</jdbc_url>
      </server>
    </config>
  </authentication>
Search Mode

This mode uses a privileged connection to the database. The authentication informations (login and password) are stored in a table; authentication is successfull when information provided by the users are found in the database.

One may use:

<authentication debug="off">
      <classname>
org.esupportail.cas.server.handlers.database.SearchDatabaseHandler
    </classname>
    <config>
      <table>user</table>
      <login_column>login</login_column>
      <password_column>password</password_column>
      <bind_username>admin</bind_username>
      <bind_password>secret</bind_password>
      <server>
        <jdbc_driver>com.mysql.jdbc.Driver</jdbc_driver>
        <jdbc_url>jdbc:mysql://127.0.0.1</jdbc_url>
      </server>
    </config>
  </authentication>

When using this mode, the Administrator shoshould specify:

  • The table of the database users are stored in;
  • The columns storing the users 'id and password;
  • The encryption used to store the password (optional );
  • The credentials used to connect to the database (optional ).
Query Mode

This mode also uses a privileged connection to the database. The authentication informations are stored anywhere in the database, and authentication is successfull when information provided by the users matches the informations returned by the query.

One may use:

<authentication debug="off">
      <classname>
      org.esupportail.cas.server.handlers.database.QueryDatabaseHandler
    </classname>
    <config>
      <sql_query>
        SELECT md5_password FROM user WHERE login = '%u' AND NOT locked
      </sql_query>
      <encryption>md5</encryption>
      <bind_username>admin</bind_username>
      <bind_password>secret</bind_password>
      <server>
        <jdbc_driver>com.mysql.jdbc.Driver</jdbc_driver>
        <jdbc_url>jdbc:mysql://127.0.0.1</jdbc_url>
      </server>
    </config>
  </authentication>

When using this mode, the Administrator shoshould specify:

  • TheSQL queryUsed to query the database. This query can contain the special "% u" token, which will be replace by the users 'netid at runtime;
  • TheEncryptionUsed to store the password (plain, Des, MD5 and pammd5 are allowed, MD5 by default );
  • TheCredentialsUsed to connect to the database (optional ).

Note: internally, a searchdatabasehandler is a querydatabasehandler using the following SQL query:

SELECT <password_column> FROM <table> WHERE <login_column> = '%u'
Database servers

The database servers are defined:

  • The jdbc url of the database;
  • The JDBC driver that shocould be used to access the database.

When specifying several servers, all the servers are considered as replicates: When authenticationfails on one database, Database Authentication fails because databases are intended to contain the same data; next (redundant) servers are tried only if the first one does not respond.

JDBC drivers

Cas gh developers usually place the jars implementing the JDBC drivers they use into the $ {tomcat. home}/webapps/CAS/WEB-INF/lib directory (classes are placed into $ {tomcat. home}/webapps/CAS/WEB-INF/classes), or, when using one of the esup-cas-server and esup-cas-quick-start packages, directly into the custom/CAS-server-patch/web/WEB-INF folder (so the files get deployed with ant ).

No JDBC driver is provided with cas gh, but the following links may help to find the JDBC driver corresponding to your database:

  • Hypersonic SQL: http://hsql.sourceforge.net
  • MySQL: http://dev.mysql.com/downloads/connector/j/3.0.html
  • ORACLE: http://otn.oracle.com/software/tech/java/sqlj_jdbc/index.html
  • PostgreSQL: http://jdbc.postgresql.org/download.html

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to authenticate website how to authenticate email address cas in net how to list users in linux how to see users in mysql how to check all users in linux how to list all users in linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More