Address: http://www.cnblogs.com/zhenyulu/archive/2013/01/22/2870838.html
Due to the need for information system integration, CAS has recently been studied. I have found a lot of information on the Internet, many of which are for the Java platform and few for it. net client articles tend to describe one-sidedly a certain aspect. Many problems will be encountered, especially the "redirection loop" issue. There are various online solutions, the problem cannot be completely solved. After several days of exploration, the debugging is successful. For this reason, this series will be detailed in ASP. net, how to use CAs to implement Single sign on, discuss some online materials, and provide my own solutions to the "redirection loop" problem.
Part 1: install and configure Tomcat
Part 2: install and configure cas
Part 3: Implement ASP. NET webform Client
Part 4: Implement database-based Identity Authentication
Part 5: extended database-based authentication
Part 6: custom logon page
Software and hardware environment
|
Server |
Client |
IP address |
|
|
Operating System |
|
|
Software |
- JDK 7u11 windows x64
- Apache Tomcat 7.0.35
- CAS 3.5.1
|
- Visual Studio 2012
- IIS 7 (optional)
|
Part 1: install and configure Tomcat
1. Install JDK on the server.
Click "Next ".
Click "Next ".
Click "Next ".
Click Close ".
2. install Tomcat on the server.
Click "Next ".
Click "I agree ".
Select the "full" installation type and click "Next ".
Click "Next ".
Click "Next ".
Click "Install ".
Click "finish ".
3. Configure SSL on Tomcat.
(1) generate a certificate
Create a sub-folder "keys" under the C-drive root directory to store certificates.
Click Start> Run, Enter cmd, and click OK to start the Command Prompt window.
Enter "cd" C: \ Program Files \ Java \ jre7 \ bin "to enter the bin directory of jre7.
Run the "keytool-genkey-alias tomcat-keyalg RSA-storepass changeit-keystore C: \ keys \. keystore-validity 3600" command to create a certificate.
(2) import the certificate to the JDK certificate trust library
Step 1: export the certificate.
Run the command "keytool-export-trustcacerts-alias tomcat-file C: \ keys \ tomcat. cer-keystore c: \ keys \. keystore-storepass changeit "exports the certificate to the Keys folder.
Step 2: import the certificate to the JDK certificate trust library.
Run the command "keytool-import-trustcacerts-alias tomcat-file C: \ keys \ tomcat. cer-keystore "C: \ Program Files \ Java \ jre7 \ Lib \ SECURITY \ cacerts"-storepass changeit ". The system asks if you trust this certificate and answers "Y ".
Other useful keytool commands (list all existing certificates in the trust certificate library, delete a certificate in the library ):
Keytool-list-v-keystore "C: \ Program Files \ Java \ jre7 \ Lib \ SECURITY \ cacerts"
Keytool-delete-trustcacerts-alias tomcat-keystore "C: \ Program Files \ Java \ jre7 \ Lib \ SECURITY \ cacerts"-storepass changeit
4. Configure the server. xml file.
Run the text editor as an administrator and open % atat_home % \ conf \ Server. xml. Search for the SSL configuration and insert the following content.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:/Keys/.keystore" keystorePass="changeit" />
As shown in:
4. test whether the SSL configuration on Tomcat is successful.
(1) restart the Tomcat service ., Click stop, and then click Start ".
(2) Open IE and test "http: // localhost: 8080" and "https: // localhost: 8443/" respectively /"
The security certificate issued by this website is not issued by a trusted Certificate Authority, So Ie will have a warning. Here we click "continue to browse this website (not recommended ). ".
If the preceding interface is displayed, the SSL configuration of Tomcat is successful.
To be continued...