Implement SSO (1) Using Yale CAS +. Net client-install and configure Tomcat

Address: http://www.cnblogs.com/zhenyulu/archive/2013/01/22/2870838.html

Due to the need for information system integration, CAS has recently been studied. I have found a lot of information on the Internet, many of which are for the Java platform and few for it. net client articles tend to describe one-sidedly a certain aspect. Many problems will be encountered, especially the "redirection loop" issue. There are various online solutions, the problem cannot be completely solved. After several days of exploration, the debugging is successful. For this reason, this series will be detailed in ASP. net, how to use CAs to implement Single sign on, discuss some online materials, and provide my own solutions to the "redirection loop" problem.

Part 1: install and configure Tomcat

Part 2: install and configure cas

Part 3: Implement ASP. NET webform Client

Part 4: Implement database-based Identity Authentication

Part 5: extended database-based authentication

Part 6: custom logon page

Software and hardware environment

 

	Server	Client
IP address	192.168.0.123	192.168.0.153
Operating System	Windows 2008x64	Windows 7x64
Software	JDK 7u11 windows x64 Apache Tomcat 7.0.35 CAS 3.5.1	Visual Studio 2012 IIS 7 (optional)

Part 1: install and configure Tomcat

1. Install JDK on the server.

Click "Next ".

Click "Next ".

Click "Next ".

 

Click Close ".

 

2. install Tomcat on the server.

Click "Next ".

Click "I agree ".

Select the "full" installation type and click "Next ".

Click "Next ".

Click "Next ".

Click "Install ".

 

Click "finish ".

 

3. Configure SSL on Tomcat.

(1) generate a certificate

Create a sub-folder "keys" under the C-drive root directory to store certificates.

Click Start> Run, Enter cmd, and click OK to start the Command Prompt window.

Enter "cd" C: \ Program Files \ Java \ jre7 \ bin "to enter the bin directory of jre7.

Run the "keytool-genkey-alias tomcat-keyalg RSA-storepass changeit-keystore C: \ keys \. keystore-validity 3600" command to create a certificate.

 

(2) import the certificate to the JDK certificate trust library

Step 1: export the certificate.

Run the command "keytool-export-trustcacerts-alias tomcat-file C: \ keys \ tomcat. cer-keystore c: \ keys \. keystore-storepass changeit "exports the certificate to the Keys folder.

Step 2: import the certificate to the JDK certificate trust library.

Run the command "keytool-import-trustcacerts-alias tomcat-file C: \ keys \ tomcat. cer-keystore "C: \ Program Files \ Java \ jre7 \ Lib \ SECURITY \ cacerts"-storepass changeit ". The system asks if you trust this certificate and answers "Y ".

Other useful keytool commands (list all existing certificates in the trust certificate library, delete a certificate in the library ):

Keytool-list-v-keystore "C: \ Program Files \ Java \ jre7 \ Lib \ SECURITY \ cacerts"

Keytool-delete-trustcacerts-alias tomcat-keystore "C: \ Program Files \ Java \ jre7 \ Lib \ SECURITY \ cacerts"-storepass changeit

 

4. Configure the server. xml file.

Run the text editor as an administrator and open % atat_home % \ conf \ Server. xml. Search for the SSL configuration and insert the following content.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"                maxThreads="150" scheme="https" secure="true"                clientAuth="false" sslProtocol="TLS"                keystoreFile="C:/Keys/.keystore"                keystorePass="changeit" />

As shown in:

 

 

4. test whether the SSL configuration on Tomcat is successful.

(1) restart the Tomcat service ., Click stop, and then click Start ".

 

(2) Open IE and test "http: // localhost: 8080" and "https: // localhost: 8443/" respectively /"

The security certificate issued by this website is not issued by a trusted Certificate Authority, So Ie will have a warning. Here we click "continue to browse this website (not recommended ). ".

If the preceding interface is displayed, the SSL configuration of Tomcat is successful.

 

To be continued...