Independently deploy CAS servers to test the uniform single-point login authentication function of each client application

After some recent Application Studies on cas, we further summarize the configuration of CAS single-point Login server. The application is as follows:

CAS as an independent server deployment Environment

1. Search for the hosts text file in the standby CAS server host in the enterprise intranet, and add the domain name ing to the IP address javafenger.
2. Search for the hosts text file on the client host and add the corresponding CAS server domain name ing information.
3. generate an SSL environment required for deploying cas3 servers

File to be generated: cacerts server. keystore client. keystore
Server. Cer client. Cer

Generate server library files
Keytool-genkey-alias tomcat-server-keyalg RSA-keypass changeit-storepass changeit-keystore

Server. keystore

Export server certificate
Keytool-export-alias tomcat-server-storepass changeit-file server. cer-keystore server. keystore
Generate client library files
Keytool-genkey-alias tomcat-client-keyalg RSA-keypass changeit-storepass changeit-keystore

Client. keystore
Export client certificate
Keytool-export-alias tomcat-client-storepass changeit-file client. cer-keystore client. keystore

Import server certificate
Keytool-import-trustcacerts-alias server-file server. cer-keystore cacerts-storepass changeit
Import client certificate
Keytool-import-trustcacerts-alias client-file client. cer-keystore cacerts-storepass changeit

4. Generate cacerts server. keystore client. keystore as above.
The server. Cer client. Cer file is copied to the CAS server and the tomcat_home main directory of the application client, and

Java_hoem/JRE/lib/Security File

5
Add the following content to the Web. xml file of the client application:

<! -- CAS filters -->
<Filter>
<Filter-Name> casfilter </filter-Name>
<Filter-class>
Edu. Yale. Its. Tp. Cas. Client. Filter. casfilter
</Filter-class>
<Init-param>
<Param-Name>
Edu. Yale. Its. Tp. Cas. Client. Filter. loginurl
</Param-Name>
<Param-value> https: // javafenger: 8443/CAS/login </param-value>
</Init-param> <! -- The server here is the IP address of the server -->
<Init-param>
<Param-Name>
Edu. Yale. Its. Tp. Cas. Client. Filter. validateurl
</Param-Name>
<Param-value>
Https: // javafenger: 8443/CAS/proxyvalidate
</Param-value>
</Init-param> <! -- The sername here is the host name of the server, and must be -->
<Init-param>
<Param-Name>
Edu. Yale. Its. Tp. Cas. Client. Filter. servername
</Param-Name>
<Param-value> localhost: 8080 </param-value> <! -- Client: port is what cas needs to intercept

The address and port, usually the IP address and port started by Tomcat -->
</Init-param>
</Filter>

<Filter-mapping>
<Filter-Name> casfilter </filter-Name>
<URL-pattern>/secure/* </url-pattern> <! -- The settings here are for servlets-examples and

Set JSP-examples to/* -->
</Filter-mapping>

Note that the CAS server host name javafenger is the domain name ing pair added to the hosts file in the CAS server host.

6. start Tomcat on the CAS server and run the CAS main web application.

Then start Tomcat on the client machine and access your sub-application through http: // localhost: 8080/webapp.