Several ways to implement Jforum forum single sign-on (CAs and cookies)

Jforum several ways to implement forum single sign-on (CAS and Cookies)

 

Wang Pao

email:baozhengw@netease.com

 

2007-8-4

A single sign-on with CAS implementation jforum

( i) CAS Web.xml for client applications Configuration

The installation process for CAs and jforum is not covered in this article, and the following are the configurations that Jforum configure CAs server connections to add to Web.xml:

<filter>

<filter-name>CASFilter</filter-name>

<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>

<init-param>

<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>

<param-value>https://localhost:8443/cas/login</param-value>

</init-param>

<init-param>

<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>

<param-value>https://localhost:8443/cas/proxyValidate</param-value>

</init-param>

<init-param>

<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>

<param-value>localhost:8000</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>CASFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

The first time I debug Jforum single sign-on, enter the address bar http://localhost:8000/cas/login?service=http://localhost:8000/jforum/user.jsp

(where user.jsp is my own JSP page to do the test), the page automatically jumps to http://localhost:8000/jforum/user.jsp?ticket= ticket= after entering the user name and password confirmation on the CAS page St-5-ih4fjnyywlhffywfeowuvafzn1vkoovagpd-20

Ticket is the generated ticket and then uses this ticket to do the parameter access:

Https://localhost:8443/cas/serviceValidate?service= http://localhost:8000/jforum/user.jsp&ticket= St-5-ih4fjnyywlhffywfeowuvafzn1vkoovagpd-20

If successful, the returned page appears with a successful username and opens the HTML source file, which reads:

<cas:serviceresponse xmlns:cas= ' Http://www.yale.edu/tp/cas ' >

<cas:authenticationSuccess>

<cas:user>admin</cas:user>

</cas:authenticationSuccess>

</cas:serviceResponse>

If it fails, the page displays ticket ' st-2-4ffpnvhkv1nh5so7uwvfdvnrbhsapafroxx-20 ' not recognized,html source file content:

<cas:serviceresponse xmlns:cas= ' Http://www.yale.edu/tp/cas ' >

<cas:authenticationfailure code= ' Invalid_ticket ' >

Ticket ' st-2-4ffpnvhkv1nh5so7uwvfdvnrbhsapafroxx-20 ' not recognized

</cas:authenticationFailure>

</cas:serviceResponse>

(ii) Jforum To Configure single sign-on

Jforum has a systemglobals.properties file under the Web-inf/config directory, configuring SSO requires changing several configuration parameters for this file:

Authentication.type = SSO

#CasUserSSO类用于CAS单点登录, the code for this class is described below

Sso.implementation = Com.iss.common.sso.CasUserSSO

#CasCookieSSO是基于Cookie的一个简单的单点登录, code see below

#sso. Implementation = Com.iss.common.sso.CasCookieSSO

#下面的redirect我也不太清楚具体有什么用

Sso.redirect = https://localhost:8443/cas/

(c) when the Jforum the Web.xml the CAS filter after the comment is dropped, use the following JSP through CAs An example of a single sign-on ticket validation, where the URL should bring service parameters, such as:

http://localhost:8000/cas/login?service=http://localhost:8000/jforum/testsso.jsp

After you have successfully logged in to CAS, the page URL returned with a ticket parameter, see the following return URL:

Http://localhost:8000/jforum/testsso.jsp?ticket=ST-5-VbM7tdMPeLD1WlH2ZGnocVGTbAY73ff4y17-20

The Tomcat console displays the following output notes certified through:

<cas:serviceresponse xmlns:cas= ' Http://www.yale.edu/tp/cas ' >

<cas:authenticationSuccess>

<cas:user>admin</cas:user>

</cas:authenticationSuccess>

</cas:serviceResponse>

Here is testsso.jsp:

<%@ page contenttype= "TEXT/HTML;CHARSET=GBK"%>

<%@ page import= "java.util.*"%>

<%@ page import= "Net.jforum.context.RequestContext"%>

<%@ page import= "Net.jforum.entities.UserSession"%>

<%@ page import= "Net.jforum.util.preferences.ConfigKeys"%>

<%@ page import= "Net.jforum.util.preferences.SystemGlobals"%>

<%@ page import= "Org.apache.log4j.Logger"%>

<%@ page import= "net.jforum.sso.*"%>

<%@ page import= "java.io.*"%>

<%@ page import= "edu.yale.its.tp.cas.client.*"%>

<%

String username = null;

String errorcode = null;

String errormessage = null;

String xmlresponse = null;

String ticket = Request.getparameter ("Ticket");

SYSTEM.OUT.PRINTLN ("Acquired ticket is:" +ticket);

Serviceticketvalidator SV = new Serviceticketvalidator ();

if (ticket!= null)

{

Try

{

Sv.setcasvalidateurl ("Https://localhost:8443/cas/serviceValidate");

Sv.setserviceticket (ticket);

Sv.setservice ("http://localhost:8000/jforum/testsso.jsp");

Sv.validate ();

Xmlresponse = Sv.getresponse ();

if (sv.isauthenticationsuccesful ())

{

Username = Sv.getuser ();

SYSTEM.OUT.PRINTLN ("Authentication successful, obtained username is:");

SYSTEM.OUT.PRINTLN (username);

}

Else

{

ErrorCode = Sv.geterrorcode ();