CAS 4.2.x 单点登录(SSO)
本文所介绍环境为win7环境下运行, 下载cas-4.2.1.zip,解压并进入目录 cd D:\document\cas-4.2.1\cas-4.2.1,运行命令
gradlew clean build -x test -x javadocJar -x checkstyleMain -x checkstyleTest -x findbugsMain -DskipVersionConflict=true
编译成功完成后,进入目录cas-4.2.1\cas-server-webapp\build\libs,获取到cas-server-webapp-4.2.1.war,修改为cas.war。
1、为了更直观查看单点登录效果配置以下host
127.0.0.1 sso.mixfate.com
127.0.0.1 bbs.mixfate.com
127.0.0.1 all.mixfate.com
如上配置 sso.mixfate.com为cas服务器,bbs.mixfate.com及all.mixfate.com分别为2个应用,均使用cas完成登录认证。
2、下载apache-tomcat-7.0.55-windows-x64.zip,并解压后拷贝三份,分别命名为tomcat-cas-sso,tomcat-cas-bbs,tomcat-cas-all。 将cas.war放到tomcat-cas-sso目录中,启动tomcat,使用http://sso.mixfate.com:8080/cas访问,使用用户名:casuser,密码:Mellon,即可登录成功。 配置tomcat支持https,请参考前面的文章tomcat ssl配置。,简单列出步骤如下。
生成证书库命令(注意其中填写您的名字与姓氏项,请填写*.mixfate.com)
keytool -genkey -alias cas-sso -keyalg RSA -keysize 1024 -validity 365 -keystore "C:\cert\tomcat.keystore"
导出证书
keytool -export -alias cas-sso -keystore "C:\cert\tomcat.keystore" -storepass 123456 -rfc -file "C:\cert\tomcat.cer"
双击C:\cert\tomcat.cer文件,将此证书安装在“受信任的根证书颁发机构”即可。
同时将证书安装到证书库
keytool -import -v -trustcacerts -alias tomcat -file "C:\cert\tomcat.cer" -keystore "D:\Program Files\Java\jdk1.8.0_66\jre\lib\security\cacerts"
tomcat中的server.xml配置如下 (注意另外两个tomcat同样需配置)
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="c:\cert\tomcat.keystore" keystorePass="123456"/>
tomcat-cas-sso 参考tomcat ssl配置启动,即可以访问https://sso.mixfate.com/cas,使用用户名:casuser,密码:Mellon,即可登录成功。
3、为了简单起见cas客户端直接使用tomcat中的example作为演示web工程。 先配置好tomcat-cas-bbs,tomcat-cas-all,端口分别为8443(默认),9443,接着在tomcat-cas-bbs/webapps/examples/WEB-INF/web.xml文件的标签 web-app结束前添加如下
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.mixfate.com/cas</param-value>
</init-param>
</filter>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso.mixfate.com/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://bbs.mixfate.com:8443</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.mixfate.com/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://bbs.mixfate.com:8443</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>authn_method</param-name>
<param-value>mfa-duo</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
再接着在tomcat-cas-all/webapps/examples/WEB-INF/web.xml 文件的标签 web-app结束前添加如下
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.mixfate.com/cas</param-value>
</init-param>
</filter>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso.mixfate.com/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://all.mixfate.com:9443</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.mixfate.com/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://all.mixfate.com:9443</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>authn_method</param-name>
<param-value>mfa-duo</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
4、下载jar包:slf4j-api-1.7.12.jar cas-client-core-3.4.1.jar commons-logging-1.2.jar log4j-1.2.17.jar 并将其放到目录 tomcat-cas-bbs\webapps\examples\WEB-INF\lib中,以及目录 tomcat-cas-all\webapps\examples\WEB-INF\lib中。
启动tomcat-cas-sso,tomcat-cas-all,tomcat-cas-bbs
5、测试
同一浏览器打开2个标签,分别打开地址https://bbs.mixfate.com:8443/examples/和https://all.mixfate.com:9443/examples/
结束
赞赏(Donation)
微信(Wechat Pay)
