. NET Single Sign-on detailed (SSO)
Mvc4 One-point login CAs Brief introduction
MVC4 Single Sign-on two Cas server configuration
MVC4 Single Sign-on three CAS client configuration
the previous several blog general introduction, the use of CAs, in this blog, will introduce you how to configure the server side, let the user login, return more user information!
first, you need to configure the properties
attributerepository
first, you need to Web-inf Directory found deployerconfigcontext.xml files, configure attributerepository as follows:
<bean class= "Org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" id= " Attributerepository "> <constructor-argindex=" 0 "ref=" casdatasource "/> <constructor-argindex = "1" value= "SELECT * from UserInfo where {0}"/> <propertyname= "queryattributemapping" > <map> <entrykey= "username" value= "loginname"/> //The key here needs to write username and login page consistent, value corresponding to the database user name field </map > </property> <propertyname= "resultattributemapping" > <map>//<!-- Key is the corresponding database field name, value is the name of the property provided to the client, and the system automatically populates the values- <entrykey= "id" value= "id"/> <entrykey= " Mobile "value=" mobile "/> <entrykey=" email value= "email"/> </map> </property > </bean>
among them:
Remember: You cannot use _ (underscore) in the middle of a queried field name, otherwise you will not get data, such as Cell_phone need to set alias to CellPhone.
queryattributemapping is a query condition attribute that is used to assemble SQL, the above configuration, combined with the package into query SQL is select* from userinfo where loginname= #username # Resultattributemapping is the Structure property returned after SQL execution, key corresponds to the database field, and value corresponds to the client to get the parameter.
If you want to assemble multiple query conditions, you need to add the following, the default is and
<property name= "QueryType" >
Second, configure the user authentication credential conversion Parser
Also in the Deployerconfigcontext.xml, for Usernamepasswordcredentialstoprincipalresolver injected attributerepository, then The attributerepository will be triggered and parsed by this class, and the red is the newly added part. <propertyname= "Credentialstoprincipalresolvers" > <list> <beanclass= " Org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver "> <span style=" Color: #ff0000; " > <propertyname= "attributerepository" ref= "attributerepository"/></span> </bean> <beanclass= "Org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"/> </list> </property>
Third, modify
Deployerconfigcontext.xml
in the
Org.jasig.cas.services.InMemoryServiceRegistryDaoImpl
of the
Properties
registeredservices
Modify registeredservices The value of the allowedattributes property in each protocol in the list . Each value listed, the client will be able to access the
<bean id= "Serviceregistrydao" class= "Org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" > <property Name= "Registeredservices" > <list> <beanclass= "Org.jasig.cas.services.RegexReg Isteredservice "> <property name=" id "value=" 0 "/> <property name=" n Ame "value=" HTTP and IMAP "/> <property name=" description "value=" allows HTTP (s) and IMAP (s) pro Tocols "/> <property name=" serviceId "value=" ^ (https?| Imaps?):/ /.* "/> <propertyname=" EvaluationOrder "value=" 10000001 "/> <prope Rtyname= "Allowedattributes" >//the property name of the object that the client needs to use <list> <value>uid</value> <value>email</value> <value>mobile</value> </list> </property> </bean> </list></property>& Lt;/bean>
This step Ash is always important , you can see org.jasig.cas.services.RegexRegisteredService Source, of which the allowedattributes is the key
"Tips" online says this Bean in the ignoreattributes The default property is to not add user information and view the CAS 3.5.2 version of abstractregisteredservice Source, found that its default value is false, that is: After adding the property, the client is visible
Iv. Modification
casservicevalidationsuccess.jsp
Path: web-inf/view/jsp/protocol/2.0/casservicevalidationsuccess.jsp
in the Server after validation succeeds, this page is responsible for generating the client interface XML information, in the default casservicevalidationsuccess.jsp , including only the user name, does not provide additional property information, so you need to extend the page, such as red for the newly added part
<cas:serviceresponsexmlns:cas= ' Http://www.yale.edu/tp/cas ' >
<cas:authenticationSuccess>
<cas:user>${fn:escapexml (Assertion.chainedauthentications[fn:length (assertion.chainedauthentications)-1] . principal.id)}</cas:user>
<c:iftest= "${fn:length (Assertion.chainedauthentications[fn:length (assertion.chainedauthentications)-1]. Principal.attributes) > 0} ">
<cas:attributes>
<c:foreach var= "attr" items= "${assertion.chainedauthentications[fn:length (assertion.chainedauthentications)-1 ].principal.attributes} ">
<cas:${fn:escapexml (Attr.key)}>${fn:escapexml (attr.value)}</cas:${fn:escapexml (Attr.key)}>
</c:forEach>
</cas:attributes>
</c:if>
<c:if test= "${not Empty Pgtiou}" >
<cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
</c:if>
<c:iftest= "${fn:length (assertion.chainedauthentications) > 1}" >
<cas:proxies>
<c:foreach var= "proxy" items= "${assertion.chainedauthentications}" varstatus= "Loopstatus" begin= "0" end= "${FN: Length (Assertion.chainedauthentications)-2} "step=" 1 ">
<cas:proxy>${fn:escapexml (proxy.principal.id)}</cas:proxy>
</c:forEach>
</cas:proxies>
</c:if>
</cas:authenticationSuccess>
</cas:serviceResponse>
With these configurations, you can get more of the returned information on the client!
MVC4 Single Sign-on four configuration CAs server, return more user information!