SSO based on CAs for single sign-on instance resolution (II)

This Document directory: Overview demo environment Deployment Cas-server related Tomcat deployment Cas-client related Tomcat test verify SSO

First:

This demo is implemented on a machine (three virtual hosts) to see SSO Single Sign-on instance (we can use the same principle on multiple machines), a server host, and two client virtual hosts

<span style= "FONT-SIZE:18PX;" ># 127.0.0.1 localhost
#:: 1 localhost

127.0.0.1 localhost
127.0.0.1 www.bbs.itcast.cn
127.0.0.1 www.news.itcast.cn
127.0.0.1 www.news.com
127.0.0.1 www.bbs.com
127.0.0.1 www.server.com
</ Span></span></span>

Second: In the Tomcat root directory, respectively, the establishment of three directories, namely, Server, BBS, news.

In three directories, create a root (root is Tomcat's main default home directory) folder.

Unzip the Cas-server.xx.war into the/tomcat/server/root directory. The following figure:

Note the directory structure, which is scattered to the root directory. The third step: First Test whether the server can be used properly

To start Tomcat, enter in the Address bar:

http://www.server.com:8080 (because I did not modify the port default value)

User name and password are the same, you can log in, default

Make sure you log on to a single server to log on successfully. If you cannot log on successfully, repeat the previous configuration. Fourth Step: Configure two clients

Unzip the downloaded file Mywebapp.war into the Tomcat/bbs/root directory and the Tomcat/news/root directory, respectively. Note that it is scattered to the root directory.

Since there is no dependent jar file in the Mywebapp.war, we also need to add the jar file that it depends on, so I have prepared for you to put a good

Mywebapp.war file.

The directory structure is placed as follows:

The packages under the Web-inf/lib directory are as follows: Cas-client-core-3.2.1.jar

Commons-logging-1.1.jar

Both of these packages can be found in the Cas-client.rar file.

Here, you can start a tomcat, and if it starts successfully, go to the next step. Fifth Step: Modify the client's configuration file

When the login client protected resource is used, if the discovery is not logged in, it is redirected to the server (ticket office) to request login verification, and a ticket is obtained when the login succeeds, and the server carries the ticket and redirects it to the client page.

Modify the client's Web. XML configuration file so that it knows which server to go to when logging on:

Note that the HTTPS is all modified to HTTP.

The modified section is divided into two main pieces:

1: Modify the login redirect filter, which is used to protect protected resources, and if a user is not logged on while accessing a protected resource, it is redirected to the server and requires the user to log on:

<span style= "FONT-SIZE:18PX;" ><filter>
	<!--Configure login filters, note that you are responsible for redirecting to the server page at login--
		<filter-name>cas Authentication Filter </filter-name>
		<filter-class>org.jasig.cas.client.authentication.authenticationfilter</ filter-class>
		<init-param>
		<!--to the server address, note the following/login-->
			<param-name> Casserverloginurl</param-name>
			<param-value>http://www.server.com:8080/login</param-value >
		</init-param>
		<init-param>
		<!--the url--> of the program
			<param-name> servername</param-name>
			<param-value>http://www.news.com:8080</param-value>
		</ init-param>
		<init-param>
			<param-name>renew</param-name>
			<param-value >false</param-value>
		</init-param>
		<init-param>
			<param-name>gateway </param-name>
			<param-value>false</param-value>
		</init-param>
	</ Filter></span>

Sixth step: Test Login

Single Sign-on is not yet possible. However, you can perform login verification on any one client.

1. Enter in the Address bar

http://www.news.com:8080

Click to access protected pages: Got to Protected area

Redirect to Server request login:

Once the login is successful, the original request page is re-determined:

Seventh Step: Configuration can be Single sign-on CAS servers are configured with a spring configuration file. and uses cookie technology. In the Ticketgrantingticketcookiegenerator.xml file, the way the cookie is generated and the effective time is saved.

Note that this is the spring configuration file on the server servers.

Open this file and modify it to the following:

<span style= "FONT-SIZE:18PX;" ><bean id= "Ticketgrantingticketcookiegenerator" class= " Org.jasig.cas.web.support.CookieRetrievingCookieGenerator "
		p:cookiesecure=" false "
		p:cookiemaxage=" 3600 "
		p:cookiename=" Mycas "
		p:cookiepath="/"/></span>

Description: False refers to support for HTTP protocol logons. The default is true to support HTTPS logins.

3600 the time the cookie is stored locally, the default is-1 is the browser cache.

Cookiepath is the path setting of the cookie. Eighth step: Single Sign-on test

Once you have modified the file above, you can test whether you are able to log in from one point, that is, you can access two sites and display the first sign-in name:

Enter http://www.news.com:8080 first

Enter directly in the Address bar: www.bbs.com:8080

As you can see, the news user name, the user name that was previously logged on www.news.com, is displayed, which enables single sign-on.

OK, the above steps, complete, if you can configure the success, then go to the next step.

Summarize

These are the results of single sign-on that are built under the War of SSO, the simplest effect, the simplest of things to get started,

On the home page of the CAs, you can see the complete process of the CAS server, and the client configuration, which, as prompted, can fully configure the successful server and client. At the same time, on the CAs can also find server-side programs and client programs, are already configured, for the initial learning, can be directly taken to configure the test. The above is an example of a single sign-on that is configured directly using the sample server and sample client that is officially provided by CAS.

Next in the Eclipse Environment, develop SSO