2. Tech
  3. Use Yale Cas Server to implement single-point landing (SSO)

Use Yale Cas Server to implement single-point landing (SSO)

xiaoxiao2021-03-06  41

The CAS (Central Authentication Service) is a Java implementation of the Yale University's ITS development SSO (Single Sign-ON) service.

Here is a simple example to illustrate single-point landing (SSO) with CAS.

Yale Cas Server configuration process

The CAS (Central Authentication Service) is a Java implementation of the Yale University's ITS development SSO (Single Sign-ON) service. This service is served in a Java Web App (EG: CAS.WAR). You need to post CAS.WAR to a servlet2.3 compatible server, and the server needs to support SSL, which is required to use the service. Other Server (Customers), you can implement SSO as long as you make a simple configuration.

There are many kinds of CAS clients, because the result of the verification is returned in XML, and the CAS client has been packaged in Java, Perl, Python, ASP, Apache Module, etc. Several client examples, you still You can implement a yourself according to your needs, very simple! ~

Below we take Tomcat 5.0 as CAS Server (Server1), another Tomcat 5.0 is described as an example.

1. Download CAS-Server and Cas-Client (optional, recommended) http://www.yale.edu/tp/cas/cas-server-2.0.12.ziphtp://www.yale.edu/TP /cas/cas-client-2.0.11.zip

2. Unzip CAS-SERVER-2.0.12.zip and copy the lib / cas.war to the WebApps of Server1

3. Certificate of Certificate in Server Keytool -Genkey -Alaias My-alias-name -keyalg RSA -KEYSTORE KeyStore-file

4. Configure Tomcat in Server1 Use https

$ CATALINA_HOME / conf / server.xml in

5. Set in the client client1 (with servlets-example this app) to use the CAS, we use the ServletFilter (provided in the CAS Client) to implement the SSO check. Modify servlets-example / web-inf / web.xml Casfilter edu.yale.ts.tp.cas.client.filter.casfilter edu.yale.ifter.tp.cas.client.filter.loginurl https://your.cas.server.name (EG: Server1): Port / Cas / Login edu.yale.its.tp.cas.client.filter.validateURL https://your.cas.server.name (Eg: Server1): Port / Cas / ProxyValidate edu.yale.its.tp.cas.client.filter.servername Your.client.server.name (Eg: Client1): Port < / init-param> CASFILTER / servlet / * 6. CAS-CLIENT-2.0.11.zip decompressed, copy java / lib / casclient.jar to the webApps / servlets-examples / web-inf / lib directory on the Client1 server (if you do not build) 7. Export Server Certificate, used to import keytool -export -file myserver.cert -alias my-alias-name -keystore key STORE-FILE

8. Guide the trusted Server certificate in the client's JVM (administrator privileges according to the situation) Keytool-Import-KeyStore $ java_home / jre / lib / security / cacerts -file myserver.cert -alias my-alias-name

9. Test & Done. Since the server1 and client1, check if the launched log is normal. If everything is OK, visit http: // client1: 8080 / servlets-example / servlet / helloWorldexample system automatically jump to a verification page If you enter an identical account, password, you will access the real helloworldexample this servlet after passing it.

转载请注明原文地址:https://www.9cbs.com/read-54691.html

9cbs

New Post(0)