Yale CAS Configuration

Source: Internet
Author: User
In the CAS configuration of Yale, many detours were taken and finally completed. Therefore, we wrote a tutorial. We hope that people who configure it again will be able to avoid detours.
Tomcat: tomcat-version 5.5.15 ~~~ Forgot. It's the latest version.
JDK: 1.5.06
Set environment variables.
First Post ~~~~

1. Enable Tomcat SSL
Copy the. keystore file to the conf directory of Tomcat.
Modify the server. xml file under the conf directory of the main directory of Tomcat, and add the following code:
<Connector Port = "8443" maxhttpheadersize = "8192"
Maxthreads = "150" minsparethreads = "25" maxsparethreads = "75"
Enablelookups = "false" disableuploadtimeout = "true"
Acceptcount = "100" Scheme = "HTTPS" secure = "true"
Clientauth = "false" sslprotocol = "TLS"
Keystorefile = "CONF/. keystore"
Keystorepass = "changeit"
/>
The keystorefile is the certificate library file, and the keystorepass is the password used to access the certificate library file.
Note: The keystore file can be generated using the following method.
Keytool-genkey-alias hostname-keyalg RSA. home) to generate a file named. keystore file. If it already exists, the new key is automatically put into the file (the hostname is the name of the running CAS server. do not make a mistake. Otherwise, the verification will fail in the future. if you are testing locally, use localhost)
2. Import the Certificate file to the jre jvm of each application
First, generate a certificate file. Use the following method:
Keytool-export-alias hostname-file filename. Cer
In this way, a file named filename. CER is generated.
Next, import the file to the JVM of each application.
Keytool-import-alias hostname-file filename-keystore {java_home}/JRE/lib/security/cacerts
NOTE: If your java_home contains spaces, enclose them in quotation marks.
3. Copy the CAS. War package to Tomcat's webapps, and Use http: // localhost: 8080/CAS/login to access and log on.

Rewrite the verification method. The default CAS verification method is the same as the user name and password. If you want to change it to your own authentication method, what should you do? You just need to copy the following code and insert your verification code in the appropriate place.
Package org. JASIG. Cas. Authentication. handler. Support;

Import org. JASIG. Cas. Authentication. Principal. usernamepasswordcredentials;
Import org. springframework. util. stringutils;

Public final class classname extends
Abstractusernamepasswordauthenticationhandler {

Public Boolean authenticateusernamepasswordinternal (
Final usernamepasswordcredentials credentials ){
Final string username = credentials. GetUserName ();
Final string Password = credentials. GetPassword ();

If (insert your verification code here ){
Getlog (). debug (
"User [" + username + "] was successfully authenticated .");
Return true;
}

Getlog (). debug ("User [" + username + "] failed authentication ");

Return false;
}

Protected void afterpropertiessetinternal () throws exception {
Super. afterpropertiessetinternal ();
Getlog ()
. Warn (
This. getclass (). getname ()
+ "Is only to be used in a testing environment. Never enable this in a production environment .");
}
}

Then modify deployerconfigcontext. XML (under the WEB-INF directory of CAS)
Find
<Bean class = "org. JASIG. Cas. Authentication. handler. Support. simpletestusernamepasswordauthenticationhandler"/>
Change the class to the verified class you wrote.
At this point, the server configuration is complete.
The following is the configuration of each application:

4. (using Java configuration as an example) copy the CasClient. jar package to the lib directory of the application. If not, create it. Then, add the filter in the deployment description file (Web. XML) of the application. As follows:
<Filter>
<Filter-Name> CAS filter </filter-Name>
<Filter-class> edu. Yale. Its. Tp. Cas. Client. Filter. casfilter </filter-class>
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. loginurl </param-Name>
<Param-value> https: // case HOST: 8443/CAS/login </param-value>
</Init-param>
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. validateurl </param-Name>
<Param-value> https: // casserverhost: 8443/CAS/proxyvalidate </param-value>
</Init-param>
<Init-param>
<Param-Name> edu. Yale. Its. Tp. Cas. Client. Filter. servername </param-Name>
<Param-value> localhost: 8080 </param-value>
</Init-param>
</Filter>
<Filter-mapping>
<Filter-Name> CAS filter </filter-Name>
<URL-pattern>/servlet/* </url-pattern>
</Filter-mapping>

Localhost is the name of the server for each application.
Casserverhost refers to the name of the CAS server.
Among them, filter-mapping is used to configure which resources need to be verified by CAS. You can configure multiple instances.

4. Configure the Language Pack
Add different language packs under the WEB-INF/classes in CAS, and then top in/WEB-INF/View/JSP/default/UI/templates. add <% @ page contenttype = "text/html; charset = GBK" Language = "Java" %> to the top of the JSP file.

Some error messages:
1. keytool authentication does not enter an alias <mykey> already exists
This is because you have imported a trusted certificate. If no alias is specified during keytool-import, the name of the certificate imported by the system is mykey. Therefore, you can first Delete this certificate keytool-delete-alias mykey-keystore {java_home}/JRE/lib/security/cacerts
Then import the data again, or specify an alias to import the data to keytool-import-alias name-keystore {java_home}/JRE/lib/security/cacerts.

2. java. Io. ioexception: keystore was tampered with, or password was incorrect
This is probably because your keystore file has been modified and your password has been changed. You can delete this file directly, and then get the result from new users.
3. javax. servlet. servletexception: Sun. Security. validator. validatorexception: pkix path building failed: Sun. Security. provider. certpath. suncertpathbuilderexception: unable to find valid certification path to requested target
This is because you have not imported the certificate on the application. Run keytool-import-alias name-file filename. Cer on the application side. The name. Cer file in the preceding example is the CER file exported using keytool-export.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.