"SSO single Point Series" (1): CAS4.0 Environment Construction

Today began to write the first CAs-related article, this article is mainly about the CAS environment collocation, provides a primer for just contact with CAs, and demonstrates the simplest example of a CAs

Second, environmental requirements

The blogger's environment is as follows:

1. win8.1 bit
2. JDK1.7 dot Me
3. Tomcat-8.0.15 dot Me
4. cas-server-4.0.0, cas-client-3.3.3 point I (official website speed is relatively slow, provide Baidu network disk)

Tomcat server needs to deploy three, I named Apache-tomcat-8.0.15-app1, APACHE-TOMCAT-8.0.15-APP2, Apache-tomcat-8.0.15-cas

The respective uses are as follows:

Serial number	Server name	Use
1	Tomcat-app1	Client server 1: User deployment App App1
2	Tomcat-app2	Client server 2: User deployment App App2
3	Tomcat-cas	CAS server: Used to deploy CAS server

III. Special Instructions

CAS Default authentication method uses the HTTPS protocol, generally to the security is not high, it is recommended to cancel the change to HTTP mode. Because, the word will often prompt the certificate expires, users need to confirm, etc., the perception of the customer is not good, the current need can be opened.

If you need the HTTPS protocol, you can refer to this article for certificate generation: CAs Single sign-on certificate import

The way to cancel the HTTPS protocol, the 4th will be specific, you can continue to look down!

iv. Explanation of examplesfirst step, tomcat modification

1. Unzip the downloaded Tomcat-8.0.15.zip and copy the three and name according to the 2nd Convention

Modify the Tomcat-related boot ports so that the machine can run multiple tomcat. My access port corresponds to the following:

Serial number	Server name	Access Port
1	Tomcat-app1	8081
2	Tomcat-app2	8082
3	Tomcat-cas	18080

Port Modification Method: Open the X:\tomcat-app1\conf\server.xml file to find

First: Modify the shutdown port (default is Port 8005)
<server port= "8005" shutdown= "Shutdown" >
Second: Modify the HTTP access port (default is 8080 port) <connector port= "8080" protocol= "http/1.1"              connectiontimeout=              "20000" redirectport= "8443"/>

Third: Modify the port of 8009
<connector port= "8009" protocol= "ajp/1.3" redirectport= "8443"/>

Modify the port you want.

　　　　　　　　

The second step, the deployment of the Cas-server server

1. 1. Unzip the downloaded Cas-server-4.0.0-release.zip compressed package
   2. Locate X:\cas-server-4.0.0\modules\cas-server-webapp-4.0.0.war File
   3. Unzip to the tomcat-cas\webapps\.
   4. To cancel the HTTPS protocol:

1) Open the Cas-server\web-inf\deployerconfigcontext.xml file and locate the following configuration:

<!--Required for proxy ticket mechanism. -    
class= "Org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"          p: httpclient-ref= "httpClient"/> Add parameter P:requiresecure= "false", whether security authentication is required, that is, Https,false is not adopted. Modified to:  
class= "Org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"          p: httpclient-ref= "HttpClient" p:requiresecure= "false"/>

2) Open Cas-server\web-inf\spring-configuration\ticketgrantingticketcookiegenerator.xml and find the following configuration:

<bean id= "Ticketgrantingticketcookiegenerator" class= " Org.jasig.cas.web.support.CookieRetrievingCookieGenerator "        p:cookiesecure=" true "        p:cookiemaxage="-1 "        p:cookiename= "CASTGC"        p:cookiepath= "/cas"/> Modify  p:cookiesecure= "true" to P:cookiesecure= "false" That is, HTTPS authentication is not turned on

3) Open Cas-server\web-inf\spring-configuration\warncookiegenerator.xml and find the following configuration:

<bean id= "Warncookiegenerator" class= "Org.jasig.cas.web.support.CookieRetrievingCookieGenerator"        p: Cookiesecure= "true"        p:cookiemaxage= "-1"        p:cookiename= "casprivacy"        p:cookiepath= "/cas"/>

Modify  p:cookiesecure= "true" to p:cookiesecure= "false" that does not turn on HTTPS authentication

　

5. Start Tomcat-cas, Access Http://localhost:18080/cas-server, you can see the following interface

　　

　　　　　　

　　Note:The default validation rule before cas-server4.0: Authentication is done as long as the user name and password are the same

After 4.0 the rule changed, the default is configured in the Deployerconfigcontext.xml configuration file, you can see the user name password is casuser/mellon.

　　　　　　

<bean id= "Primaryauthenticationhandler"          class= " Org.jasig.cas.authentication.AcceptUsersAuthenticationHandler ">        <property name=" Users ">            < map>                <entry key= "Casuser" value= "Mellon"/>            </map>        </property>    </bean>

Configuration of the third step, client (cas-client)

Note: We directly use Tomcat's own examples project as a client example

1. Unzip our downloaded Cas-client-3.3.3-release.zip package, copy the Cas-client-3.3.3\modules\cas-client-core-3.3.3.jar package
2. Put it under the Tomcat-app1\webapps\examples\web-inf\lib (two client Tomcat needs to be put, only one of them is listed here)
3. Modify the Examples\web-inf\web.xml file to add the following:

<!--======================== Single Sign-on start ========================-<!--for single-point logout, which allows for single-point logout, optional configuration--< Listener> <listener-class>org.jasig.cas.client.session.singlesignouthttpsessionlistener</ Listener-class> </listener> <!--This filter is used for single-point logout, optional configuration. -<filter> <filter-name>cassingle Sign outfilter</filter-name> <filter-class&gt        ;org.jasig.cas.client.session.singlesignoutfilter</filter-class> </filter> <filter-mapping> <filter-name>cassingle sign Outfilter</filter-name> <url-pattern>/*</url-pattern> </ filter-mapping> <filter> <filter-name>CASFilter</filter-name> <filter-class>or G.jasig.cas.client.authentication.authenticationfilter</filter-class> <init-param> <param -name>casserverloginurl</param-name> <param-value>http://localhost:18080/cas-server/login</param-value> </init-param> <init-param> <param-n Ame>servername</param-name> <param-value>http://localhost:8081</param-value> </i        nit-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--The filter is responsible for verifying the ticket, it must be enabled--<filt Er> <filter-name>CASValidationFilter</filter-name> <filter-class> Org.jasig.            Cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://localhost:18080/cas-s erver</param-value> </init-param> <init-param> <param-name>serverName<         /param-name>   <param-value>http://localhost:8081</param-value> </init-param> </filter> <filte R-mapping> <filter-name>CASValidationFilter</filter-name> <url-pattern>/*</url-patte Rn> </filter-mapping> <!--This filter is responsible for implementing HttpServletRequest-requested packages, such as allowing developers to HttpServletRequest Getremoteuser ( ) method to obtain the login name of the SSO login user, optional configuration. -<filter> <filter-name>cashttpservletrequest wrapperfilter</filter-name> <filt er-class> Org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </fil        ter> <filter-mapping> <filter-name>cashttpservletrequest wrapperfilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- This filter allows developers to get the user's login name through Org.jasig.cas.client.util.AssertionHolder. such as Assertionholder.getassertion (). Getprincipal (). GetName (). -<filter> <filter-name>casassertion Thread localfilter</filter-name> <filter-class>        Org.jasig.cas.client.util.assertionthreadlocalfilter</filter-class> </filter> <filter-mapping> <filter-name>casassertion Thread localfilter</filter-name> &LT;URL-PATTERN&GT;/*&LT;/URL-PATTERN&G    T </filter-mapping> <!--======================== Single Sign-on end ========================-

4. Start Tomcat-app1, then visit Http://localhost:8081/examples, and the page will jump to

Http://localhost:18080/cas-server/login?service=http%3A%2F%2Flocalhost%3A8081%2Fexamples%2F

Description Single Point success

The same tomcat-app2, I don't have a demo on this side.

I uploaded the modified two Web. xml

Tomcat-app1:web.xml

Tomcat-app2:web.xml

Fourth step, single point process demo

We start with three Tomcat in turn, we first visit two clients to see the effect

1. Visit Http://localhost:8081/examples = = "Jump to http://localhost:18080/cas-server/login?service=http%3A%2F%2Flocalhost% 3a8081%2fexamples%2f

2. Visit Http://localhost:8082/examples = = "Jump to http://localhost:18080/cas-server/login?service=http%3A%2F%2Flocalhost% 3a8082%2fexamples%2f

Indicates that both clients need to jump to Cas-server for authentication the first time they visit

Next: We log in one of the client http://localhost:8081/examples, account password Casuser/mellon

The following interface is displayed after successful login

Then we open a new tab and access the Http://localhost:8082/examples directly

Can see not jump to Cas-server login interface directly display the following interface

Two client Single sign-on success, log in one, the other does not need to login to access.

Summarize

Single Sign-on, or SSO, is one of the most popular solutions for enterprise business integration, and SSO enables users to access all trusted applications in multiple application systems with only one login.

This is just the simplest example of single sign-on, which is not available in real-world development. If you need to apply to the project, but also need a lot of personalized customization, such as landing page beautification, through the database authentication, server and client user information interaction. These will be described in a later article.

SSO single Point series (1): CAS4.0 Environment Construction