CAS client configuration, cas Client

Source: Internet
Author: User

CAS client configuration, cas Client

1. Export the certificate

  

The above operation will generate a file in the current directory: ssodemo. crt (for the files to be used, see the document on CAS server configuration)

2. Import the certificate from the client

  

The above operation will generate the file cacerts under the jdk installation directory jre \ lib \ security.

Note: You must repeat the preceding operations on multiple computers. Each jdk must import this file.

For more information about how to import a certificate, see: http://www.cnblogs.com/cxyj/p/3884507.html

3. Add the cas client jar package to the web-inf/lib directory of the web application that requires single-point logon.

: Http://downloads.jasig.org/cas-clients/

Or maven Configuration:

    <dependency>      <groupId>org.jasig.cas.client</groupId>      <artifactId>cas-client-core</artifactId>      <version>3.2.1</version>   </dependency>

4. Configure the web. xml file

<! -- ===================================== Start of Single Sign-on =================--> <! -- Used for single-point exit. This filter is used for single-point logout. Optional. --> <listener-class> org. jasig. cas. client. session. singleSignOutHttpSessionListener </listener-class> </listener> <! -- This filter is optional for single-point logout. --> <Filter-name> CAS Single Sign Out Filter </filter-name> <filter-class> org. jasig. cas. client. session. singleSignOutFilter </filter-class> </filter> <filter-mapping> <filter-name> CAS Single Sign Out Filter </filter-name> <url-pattern>/* </url-pattern> </filter-mapping> <filter-name> CAS Filter </filter-name> <filter-class> org. jasig. cas. client. authentication. authenticationFilter </filter- Class> <init-param> <param-name> casServerLoginUrl </param-name> <param-value> https: // localhost: 8443/cas/login </param-value> </init-param> <param-name> serverName </param-name> <param-value> http: // localhost: 8080 </param-value> </init-param> </filter> <filter-mapping> <filter-name> CAS Filter </filter-name> <url-pattern> /* </url-pattern> </filter-mapping> <! -- This filter is used for Ticket verification and must be enabled --> <filter> <Filter-name> CAS Validation filter </filter-name> <filter-class> org. jasig. cas. client. validation. cas20proxypolicingticketvalidationfilter </filter-class> <init-param> <param-name> casServerUrlPrefix </param-name> <param-value> https: // localhost: 8443/cas </param-value> </init-param> <param-name> serverName </param-name> <param-value> http: // localhost: 808 0 </param-value> </init-param> </filter> <filter-mapping> <filter-name> CAS Validation Filter </filter-name> <url-pattern >/* </url-pattern> </filter-mapping> <! -- This filter is used to implement the package of the HttpServletRequest request. For example, you can use the getRemoteUser () method of HttpServletRequest to obtain the login name of the SSO logon user. Optional. --> <Filter-name> CAS HttpServletRequest Wrapper Filter </filter-name> <filter-class> org. jasig. cas. client. util. httpServletRequestWrapperFilter </filter-class> </filter> <filter-mapping> <filter-name> CAS HttpServletRequest Wrapper Filter </filter-name> <url-pattern>/* </ url-pattern> </filter-mapping> <! -- This filter allows developers to use org. jasig. cas. client. util. AssertionHolder to obtain the user's login name. For example, AssertionHolder. getAssertion (). getPrincipal (). getName (). --> <Filter-name> CAS Assertion Thread Local Filter </filter-name> <filter-class> org. jasig. cas. client. util. assertionThreadLocalFilter </filter-class> </filter> <filter-mapping> <filter-name> CAS Assertion Thread Local Filter </filter-name> <url-pattern>/* </url-pattern> </filter-mapping> <! -- = ============== -->

In the preceding configuration, https: // localhost: 8443/cas is the cas server path. http: // localhost: 8080 is the path of the current web project.

 


Configure CAS in tomcat

CAS principles and protocols
In terms of structure, CAS includes two parts: CAS Server and CAS Client. CAS Server needs to be deployed independently and is mainly responsible for user authentication. CAS Client is responsible for processing access requests to the protected resources of the Client, and is redirected to CAS Server when logon is required. Figure 1 shows the most basic CAS Protocol process:
Figure 1. CAS basic Protocol

CAS Client and protected Client applications are deployed together to protect protected resources in Filter mode. For each Web request that accesses protected resources, the CAS Client analyzes whether the Http request contains Service Ticket. If not, the current user has not logged on, therefore, the request is redirected to the specified CAS Server logon address, and the Service (that is, the destination resource address to be accessed) is passed so that the address can be returned after successful logon. The user enters the authentication information in step 1. If the login succeeds, the CAS Server randomly generates a fairly long, unique, and unfalsified Service Ticket, and caches it for future verification, then the system automatically redirects to the Service address and sets a Ticket Granted Cookie (TGC) for the Client browser. After the CAS Client obtains the Service and the newly generated Ticket, in step 5 and 6, perform proper identity with the CAS Server to ensure the validity of the Service Ticket.
In this Protocol, all interactions with CAS adopt the SSL protocol to ensure the security of ST and TGC. There will be two redirection processes during the Protocol work, but the process of Ticket verification between CAS Client and CAS Server is transparent to users.
In addition, the CAS Protocol also provides the Proxy mode to adapt to more advanced and complex application scenarios. For details, refer to the relevant documents on the Official CAS website.
Preparations
The example in this article takes tomcat5.5 as an example to explain ,:
Tomcat.apache.org/download-55.cgi
Download the CAS Server and Client from the CAS official website:
Www.ja-sig.org /...
Www.ja-sig.org /...
Deploy CAS Server
CAS Server is a Java-based service. It is deployed independently on a Web Server compatible with servlet2.3 using a Java Web Application. In addition, because the Client and CAS Server ...... remaining full text>


When CAS configures the NET client, the "this webpage contains a redirection loop" problem occurs. What causes this problem? How can this problem be solved?

Endless loop, link past, link back
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.