Configure Yale CAS server for single-point login (SSO)

Source: Internet
Author: User

In this configuration document, refer to Argan's blog... use Yale CAS server to achieve single point of login (SSO)
Argan's blog... Address: http://blog.matrix.org.cn/page/cas

Configure java_home as follows:
Java_home = D:/Java/jdk1.5.0 _ 06

CAS (Central Authentication Service) is an open-source Java implementation developed by its of Yale University.
SSO (Single Sign-On) service.

Here is a simple example to illustrate how to use CAs to achieve single point of login (SSO ).

Configuration process of Yale CAS Server

CAS (Central Authentication Service) is an open-source Java implementation developed by its of Yale University.
SSO (Single Sign-On) service. This service is implemented by a Java Web app (eg: Cas. War,
Cas. war must be published to a server compatible with servlet2.3, and the server must support SSL,
In other servers (customers) that need to use the service, SSO can be implemented by simple configuration.

CAS clients can have many types, because the verification results are returned in XML format, CAS clients have
There are several client examples packaged in: Java, Perl, Python, ASP, Apache module, etc.
You need to implement your own client, which is very simple !~

Next we use Tomcat 5.0 as the CAS server (server1), and the other tomcat5.0 is the client (Client1)
For example.

1. Download cas-server and CAS-client (optional)
Http://www.ja-sig.org/downloads/cas/cas-server-3.0.zip
Http://www.yale.edu/tp/cas/cas-client-2.0.11.zip

2.decompress cas-server-3.0.zip and copy lib/CAS. War to webapps of server1.

3. Generate the server certificate
Keytool-genkey-alias my-alias-name-keyalg RSA-keystore. keystore

4. Configure tomcat to Use https in server1
$ Catalina_home/CONF/server. xml
<Connection Port = "8443"
Maxthreads = "150" minsparethreads = "25" maxsparethreads = "75"
Enablelookups = "false" disableuploadtimeout = "true"
Acceptcount = "100" DEBUG = "0" Scheme = "HTTPS" secure = "true"
Clientauth = "false" sslprotocol = "TLS"
Keystorefile = "C:/Documents and Settings/New/keystore. keystore"
Keystorepass = "changeit"/>

5. Set in client Client1 of the CAS client (take the app servlets-examples as an example ).
Servletfilter (provided in CAS client) to check SSO.

Modify servlets-examples/WEB-INF/Web. xml

<Filter>
<Filter-Name> casfilter </filter-Name>
<Filter-class> edu. Yale. Its. Tp. Cas. Client. Filter. casfilter </filter-class>
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. loginurl </param-Name>
<Param-value> https: /localhost: 8443/CAS/login </param-value>
</Init-param>
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. validateurl </param-Name>
<Param-value> https: // localhost: 8443/CAS/proxyvalidate </param-value>
</Init-param>

<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. servername </param-Name>
<Param-value> localhost: 8080 </param-value>
</Init-param>

</Filter>

<Filter-mapping>
<Filter-Name> casfilter </filter-Name>
<URL-pattern>/servlet/* </url-pattern>
</Filter-mapping>

6.decompress cas-client-2.0.11.zip and copy Java/lib/CasClient. jar to
Webapps/Servlets-examples/WEB-INF/lib directory (if not, create one)

7. Export the server certificate to import the certificate to all clients
Keytool-export-file myserver. cert-alias my-alias-name-keystore. keystore

8. Import the trusted server certificate in the client's JVM (administrator privilege may be required as appropriate)

# Keytool-import-keystore $ java_home/JRE/lib/security/cacerts-file myserver. cert-alias my-alias-name
Keytool-import-keystore D:/Java/jdk1.5.0 _ 06/JRE/lib/security/cacerts-file myserver. cert-alias localhost

9. Test & done.
Separate server1 and Client1, and check whether the started log is normal. If everything is OK, access
Http: // Client1: 8080/Servlets-examples/servlet/helloworldexample
The system will automatically jump to a verification page and enter the same account and password.
To the real helloworldexample Servlet

For more information, see
Http://www.yale.edu/tp/cas/
Http://www-106.ibm.com/developerworks/web/library/wa-singlesign/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.