Liferay sso cas Integration

1. Configure Tomcat and enable the SSL protocol.

1. Generate a key for SSL communication for Tomcat on the machine to be installed in CAS (that is, the server): keytool-genkey-alias Tomcat
-Keyalg
RSA: Enter the key password and the corresponding parameters. (Note: The first parameter CN must enter the name of the CAS installation machine, and other parameters are left blank.) The result is that a name is created in the user directory.
Is the key file of. keystore.

2. Export the key file from the server: keytool-export-file server. CRT-alias tomcat. Enter the password in the previous step and generate the server. CRT key file in the current directory. (Note: This file must be imported to the JVM of the client)

3. Import the key for the client's JVM: keytool-import-keystore
$ Java_home/JRE/lib/security/cacerts-file server. CRT-alias
Tomcat, enter the password (Note: The password here is not the password set above, but changeit), and The cacerts file will be created.

4. Modify the tomcat configuration file server. xml on the server, and remove the SSL annotation, that is, open port 8443. Note that you need to add it in the connector field.
Keystorepass = "password" parameter. Password is the password involved in the preceding steps.
Code, keystorefile = ". keystorepath",. keystorepath is the full path of the file. keystore generated in step 1, as shown in
/Usr/Java/bin/. keystore.

5. start Tomcat and test whether https: // server: 8443/is accessible only after verification (note: the server is the IP address or machine name of the server ).

2. Deploy CAS server 2.0.12 to Tomcat

1. A simple method is to copy the CAS. War file in the downloaded package to the webapps directory of Tomcat directly.

2. Another method is to find the esup-portail CAS generic handler project from SourceForge and generate a simplest Tomcat using esup-cas-quick-start. For details, see my next article.Article.

3. start Tomcat and test whether https: // server: 8443/CAS can access the CAS homepage (note: the server is the IP address or machine name of the server ).

3. Deploy CAS client 2.0.11 to servlet-Examples

1. Use the servlet-examples instance for testing, copy the CasClient. jar file in the downloaded package to the Lib of the WEB-INF directory in servlet-examples, here you need to manually create the lib directory.

2. Modify the servlet-examples configuration file web. xml and add the following filter:

<! -- CAS filters -->
<Filter>
<Filter-Name> casfilter </filter-Name>
<Filter-class> edu. Yale. Its. Tp. Cas. Client. Filter. casfilter </filter-class>
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. loginurl </param-Name>
<Param-value> https: // server: 8443/CAS/login </param-value>
</Init-param> <! -- The server here is the IP address of the server -->
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. validateurl </param-Name>
<Param-value> https: // sername: 8443/CAS/proxyvalidate </param-value>
</Init-param> <! -- The sername here is the host name of the server, and must be -->
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. servername </param-Name>
<Param-value> client: Port </param-value> <! -- Client: port is the address and port to be intercepted by CAS. Generally, it is the IP address and port started by Tomcat. -->
</Init-param>
</Filter>

<Filter-mapping>
<Filter-Name> casfilter </filter-Name>
<URL-pattern>/* </url-pattern>
</Filter-mapping>

Iv. Test

1. Start tomcat, locate the servlet-examples application, and click execute;

2. the browser jumps to the CAS logon homepage. Note that the service name of servlet-examples has been attached to the URL.

3. Enter the user name and password. The verification conditions are not modified here. Therefore, verification can be performed if the user name and password are the same.

4. After the verification is passed, the browser relocates servlet-examples and displays the servlet content.

5. Click the HTTP header servlet application. The user name information of the current user is recorded.

6. You do not need to enter the user name and password again when accessing the servlet-examples application in the future.

So far, CAS server and client have been successfully deployed and configured on Tomcat, and achieved the expected SSO effect.

From: http://hi.baidu.com/rbtk/blog/item/f8de7c1e859927f41bd576fa.html