Implement SSO (1) Using Yale CAS +. Net client-install and configure Tomcat

Source: Internet
Author: User
Tags windows x64

Address: http://www.cnblogs.com/zhenyulu/archive/2013/01/22/2870838.html

Due to the need for information system integration, CAS has recently been studied. I have found a lot of information on the Internet, many of which are for the Java platform and few for it. net client articles tend to describe one-sidedly a certain aspect. Many problems will be encountered, especially the "redirection loop" issue. There are various online solutions, the problem cannot be completely solved. After several days of exploration, the debugging is successful. For this reason, this series will be detailed in ASP. net, how to use CAs to implement Single sign on, discuss some online materials, and provide my own solutions to the "redirection loop" problem.

Part 1: install and configure Tomcat

Part 2: install and configure cas

Part 3: Implement ASP. NET webform Client

Part 4: Implement database-based Identity Authentication

Part 5: extended database-based authentication

Part 6: custom logon page

Software and hardware environment

 

  Server Client
IP address
  • 192.168.0.123
  • 192.168.0.153
Operating System
  • Windows 2008x64
  • Windows 7x64
Software
  • JDK 7u11 windows x64
  • Apache Tomcat 7.0.35
  • CAS 3.5.1
  • Visual Studio 2012
  • IIS 7 (optional)
Part 1: install and configure Tomcat

1. Install JDK on the server.

Click "Next ".

Click "Next ".

Click "Next ".

 

Click Close ".

 

2. install Tomcat on the server.

Click "Next ".

Click "I agree ".

Select the "full" installation type and click "Next ".

Click "Next ".

Click "Next ".

Click "Install ".

 

Click "finish ".

 

3. Configure SSL on Tomcat.

(1) generate a certificate

Create a sub-folder "keys" under the C-drive root directory to store certificates.

Click Start> Run, Enter cmd, and click OK to start the Command Prompt window.

Enter "cd" C: \ Program Files \ Java \ jre7 \ bin "to enter the bin directory of jre7.

Run the "keytool-genkey-alias tomcat-keyalg RSA-storepass changeit-keystore C: \ keys \. keystore-validity 3600" command to create a certificate.

 

(2) import the certificate to the JDK certificate trust library

Step 1: export the certificate.

Run the command "keytool-export-trustcacerts-alias tomcat-file C: \ keys \ tomcat. cer-keystore c: \ keys \. keystore-storepass changeit "exports the certificate to the Keys folder.

Step 2: import the certificate to the JDK certificate trust library.

Run the command "keytool-import-trustcacerts-alias tomcat-file C: \ keys \ tomcat. cer-keystore "C: \ Program Files \ Java \ jre7 \ Lib \ SECURITY \ cacerts"-storepass changeit ". The system asks if you trust this certificate and answers "Y ".

Other useful keytool commands (list all existing certificates in the trust certificate library, delete a certificate in the library ):

Keytool-list-v-keystore "C: \ Program Files \ Java \ jre7 \ Lib \ SECURITY \ cacerts"

Keytool-delete-trustcacerts-alias tomcat-keystore "C: \ Program Files \ Java \ jre7 \ Lib \ SECURITY \ cacerts"-storepass changeit

 

4. Configure the server. xml file.

Run the text editor as an administrator and open % atat_home % \ conf \ Server. xml. Search for the SSL configuration and insert the following content.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"                maxThreads="150" scheme="https" secure="true"                clientAuth="false" sslProtocol="TLS"                keystoreFile="C:/Keys/.keystore"                keystorePass="changeit" />

As shown in:

 

 

4. test whether the SSL configuration on Tomcat is successful.

(1) restart the Tomcat service ., Click stop, and then click Start ".

 

(2) Open IE and test "http: // localhost: 8080" and "https: // localhost: 8443/" respectively /"

The security certificate issued by this website is not issued by a trusted Certificate Authority, So Ie will have a warning. Here we click "continue to browse this website (not recommended ). ".

If the preceding interface is displayed, the SSL configuration of Tomcat is successful.

 

To be continued...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.