Single Sign-on Cas-demo

1 , security certificate configuration

CAS Default Usage HTTPS protocol, if the security requirements are not high, you can use HTTP agreement.

modified to HTTP the steps of the agreement are as follows:

Modify Deployerconfigcontext.xml Add parameter p:requiresecure= "false" no need for security verification.

<bean class= "Org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p : httpclient-ref= "HttpClient" p:requiresecure= "false"/>

Modify ticketgrantingticketcookiegenerator.xml ( path:cas/web-inf/spring-configuration/ Ticketgrantingticketcookiegenerator.xml) in ticketgrantingticketcookiegeneratorp:cookiesecure The value of the property is changed to false.

<bean id= "Ticketgrantingticketcookiegenerator" class= " Org.jasig.cas.web.support.CookieRetrievingCookieGenerator "p:cookiesecure=" false "p:cookiemaxage="-1 "p: Cookiename= "CASTGC" p:cookiepath= "/cas"/>

2 , deploy server-side cas-server

Cas-server : Http://www.jasig.org/cas/download

Unzip Cas-server-3.4.11-release.zip Extract Cas-server-3.4.11/modules/cas-server-webapp-3.4.11.war file, change the file Copy to the Tomcat under, such as , D:\tomacat-casServer\webapps\ and rename it as: Cas.war.

Start Tomacat-casserver , enter in the browser address bar: Http://localhost:8080/cas/login , enter

Cas-server default validation rule: As long as the user name and password are the same authentication pass (only for testing, the production environment needs to be modified according to the actual situation), enter Admin/admin Click Log in to see the successful login page:

Cas-server The deployment was successful.

3, deploy cas-client

cas-client : http://downloads.jasig.org/cas-clients/

(1) Unzip Cas-client-3.2.1-release.zip Extract Cas-client-3.2.1/modules/cas-client-core-3.2.1.jar

(2) in Tomcat The default comes with a Webapps\examples Project as Client  

(3) Installation Configuration Tomcat-client1

Unzip apache-tomcat-7.0.6 and rename it to Tomcat-client1

, modify Tomcat the boot port (total 5 office), in the file Conf/server.xml The file finds the following:

<server port= "8005" shutdown= "shutdown" ><connector port= "8080" protocol= "http/1.1"  connectiontimeout = "20000"  redirectport= "8443"/><connector port= "8009" protocol= "ajp/1.3" redirectport= "8443"/>

Modified to read as follows:

<server port= "18005" shutdown= "shutdown" ><connector port= "18080" protocol= "http/1.1  " connectiontimeout= "20000"  redirectport= "18443"/><connector port= "18009" protocol= "AJP/1.3" RedirectPort = "18443"/>

(4) Start Tomcat-app1 , Browser input http://localhost:18080/examples/servlets/ Enter:

tomcat-client configuration is successful.

(5) Copy Client of the Lib Package Cas-client-core-3.2.1.jar and the Commons-logging-1.1.jar to the tomcat-client\webapps\examples\web-inf\lib\ directory, Add the following configuration in the tomcat-client\webapps\examples\web-inf\web.xml file:

<!-----------------Single Sign-on start----------------------------> <!--for single-point exit, which allows for single-point logout, optional configuration- <listener> <listener-class>org.jasig.cas.client.session.singlesignouthttpsessi Onlistener</listener-class> </listener><!--This filter is used for single-point logout, optional configuration. -<filter> <filter-name>cassingle Sign Out FILTER&LT;/FILTER-NAME&G                        T                <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>cassingle Sign Out FILTER&LT;/FILTER-NAME&G                        T <url-pattern>/*</url-pattern> </filter-mapping><filter> < Filter-name>casfilter</filter-name> <filter-class>org.jasig.cas.client.authenticatioN.authenticationfilter</filter-class> <init-param> <p Aram-name>casserverloginurl</param-name> <param-value>https://demo.micmiu.co                                M:8443/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-va Lue>http://app1.micmiu.com:18080</param-value> </init-param> </fil                        Ter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- The filter is responsible for verifying the ticket, which must be enabled--<filter> <filter-name>casvalidation Filt  Er</filter-name>                      <filter-class> Org.jasig.cas.client.validation.Cas20ProxyReceiv Ingticketvalidationfilter</filter-class> <init-param> &L T;param-name>casserverurlprefix</param-name> &LT;PARAM-VALUE&GT;HTTPS://DEMO.MICMI                                U.com:8443/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-valu E>http://app1.micmiu.com:18080</param-value> </init-param> </filte r> <filter-mapping> <filter-name>casvalidation Filter</filter-name                        > <url-pattern>/*</url-pattern> </filter-mapping><!-- The filter is responsible for the actualNow httpservletrequest the requested package, such as allowing the developer to obtain the login name of the SSO login user through the HttpServletRequest getremoteuser () method, optional configuration. -<filter> <filter-name>cashttpservletrequest Wrapper Filte R</filter-name> <filter-class> Org.jasig.cas.client.util .                        Httpservletrequestwrapperfilter</filter-class> </filter> <filter-mapping>                        <filter-name>cashttpservletrequest Wrapper filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping><!--This filter allows developers to pass Org.ja                Sig.cas.client.util.AssertionHolder to get the user's login name.                such as Assertionholder.getassertion (). Getprincipal (). GetName (). -<filter> <filter-name>casassertion Thread Local filter</filter  -name>                      <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>casassertion thre Ad Local filter</filter-name> <url-pattern>/*</url-pattern> </f ilter-mapping><!--------------------------------Single Sign-on end------------------------------->

(6)

Installation Configuration Tomcat-client2

Unzip apache-tomcat-7.0.6 and rename it to Tomcat-client2

, modify Tomcat the boot port (total 5 office), in the file Conf/server.xml The file finds the following:

<server port= "8005" shutdown= "shutdown" ><connector port= "8080" protocol= "http/1.1"  connectiontimeout= "20000"  redirectport= "8443"/><connector port= "8009" protocol= "ajp/1.3" redirectport= "8443"/>

Modified to read as follows:

<server port= "28005" shutdown= "shutdown" ><connector port= "28080" protocol= "http/1.1  " connectiontimeout= "20000"  redirectport= "28443"/><connector port= "28009" protocol= "AJP/1.3" RedirectPort = "28443"/>

The following additional steps are configured with tomcat-client 1

4, test SSO

Start separately Tomcat-casserver , Tomcat-client1 , Tomcat-client2

Testing Process:OpenClient1url-->JumpCAS serverValidation -ShowClient1 the application- -OpenClient2 url-->ShowClient2Application- -LogoutCAs server-->Openclient1/client2 URL- -Jump back toCAS serverValidation.

Hands-on, observe the single sign-on effect.

Single Sign-on Cas-demo