AD

cas for single sign-on of the simple example

In accordance with the following configuration successful:
1 First of all I opened tomcat5.5 of SSL
Modify the Tomcat configuration file server.xml, removing the comment for SSL, that is opening up ports 8443 modified the relevant code is as follows:
<Connector port = "8443" keystorePass = "changeit"
maxThreads = "150" minSpareThreads = "25" maxSpareThreads = "75"
enableLookups = "false" disableUploadTimeout = "true"
acceptCount = "100" debug = "0" scheme = "https" secure = "true"
clientAuth = "false" sslProtocol = "TLS" />
Description: keystorePass is to add the configuration items, namely, the certificate database password, tomcat server default is changeit
2. Generate the safety certificate, first in the command line switch to% java_home% \ jre \ lib \ security directory
% java_home% \ bin \ keytool-genkey-alias tomcat-keyalg RSA
The password is: changeit
Name is: localhost
Followed by other random write
% java_home% \ bin \ keytool-export-alias tomcat-file server.crt
And
% java_home% \ bin \ keytool-import-file server.crt-keystore% java_home% / jre / lib / security / cacerts
3. The CAS server3.0.2 in the target directory CAS.war copied to the% tomcat_home% \ webapps directory.
(Or \ cas-server-2.0.12 \ lib directory can also be CAS.war)
4. The cas-client-2.0.11 \ java \ lib file to the% tomcat_home% \ webapps \ servlets-examples \ WEB-INF \ lib (for there is no lib folder, to build their own one)
5. Modify the tomcat's own servlet-examples of web.xml, by adding cas filter:

<filter>
<filter-name> CASFilter </ filter-name>
<filter-class> edu.yale.its.tp.cas.client.filter.CASFilter </ filter-class>
<init-param>
<param-name> edu.yale.its.tp.cas.client.filter.loginUrl </ param-name>
<param-value> https: / / localhost: 8443/cas/login </ param-value>
</ init-param>
<init-param>
<param-name> edu.yale.its.tp.cas.client.filter.validateUrl </ param-name>
<param-value> https: / / localhost: 8443/cas/proxyValidate </ param-value>
</ init-param>
<init-param>
<param-name> edu.yale.its.tp.cas.client.filter.serverName </ param-name>
<param-value> localhost: 8080 </ param-value>
</ init-param>
</ filter>
<filter-mapping>
<filter-name> CASFilter </ filter-name>
<url-pattern> / servlet / * </ url-pattern>
</ filter-mapping>
6. Start tomcat!, CAS.war files are automatically in the webapps directory under the CAS to release into the **localhost:8080/servlets-examples, if configured correctly on the Gao Ding, and visit the show, when prompted to install the certificate (you on the choice installation of the above that the exported certificate, or from the IE - Tools - Internet Preferences - Content - Certificates - and then follow the prompts to import sufficient).

If it is IE, then, first of all will pop up a dialog box that prompts you the certificate is not issued by a trusted institution. This is quite natural, because the certificate is itself generated.

Click "View Certificate", click "Install Certificate" in the Wizard of options "to all of the certificates on the following store" and then click "Browse", select "Trusted Root Certificate Authorities." Click OK to install the certificate. IE will be considered later this certificate is issued by a trusted institution.

If you do not want to install, you can also directly in the dialog box, click "Yes"

Click on a casual Execute, the system is automatically forwarded to the CAS's landing page.
Enter the same user name and password, then jump back to the original page NOTE:
In the production of a self-signed credential, and in the keystore file is generated when the password is: changeit (This is the tomcat default), your name must be an: localhost, of course, is that you need to CAS client and CAS server on the same platform testing machine used.

---------

Note:

A generation crt's jre must tomcat using jdk's jre, or can not find the certificate.

2 filter in <url-pattern> / servlet / * </ url-pattern> is the need to verify the url or context.

3 cas2.0.11 and tomcat5.5.16 windows install version may be incompatible (I suppose).
标签: server default, localhost, param name, lib directory, filter class, filter name, target directory, tls, command line switch, tomcat5, file server, connector port, database password, jre, servlet examples, maxthreads, relevant code, certificate database, security directory, safety certificate
分类: Java
时间: 2008-07-27

相关文章

  1. CAS (single sign) --- A Summary

    Single sign-on (sso) is based on user / session authentication in a process, users simply provide a one-time c ...
  2. CAS is implemented in Tomcat using the single sign (Reprinted)

    Use of CAS in achieving single sign-on Tomcat Document options <script type="text/javascript"> ...
  3. CAS is implemented in Tomcat using the single sign

    Reprinted: http://blog.csdn.net/DL88250/archive/2008/08/20/2799522.aspx SSO (Single Sign On, referred to as SS ...
  4. Little Ant-CAS single sign series (5) - Simple implementation of the SSO of the two

    In this series of articles in the first three, explain the use of CAS to implement a simple single sign-on pro ...
  5. CAS (single sign) --- Summary 2

    Following the return to more user information. . . Configuration ssoAuth / WEB-INF / view / protocol / casServ ...
  6. Use the CAS to achieve single sign of the relevant configuration

    Use the CAS to achieve single sign of the relevant configuration, follow these steps: 1. Configuring SSL a) ge ...
  7. CAS (Single Sign) --- Summary II

    Following the return to more user information. . . Configuration ssoAuth / WEB-INF / view / protocol / casServ ...
  8. <Switch> CAS single sign out to achieve

    Ordinary items (not combined with Spring Security) that can add the following code in web.xml <filter> & ...
  9. cas for single sign-on, log off (java and php client)

    Recent projects have to do single sign-on, the client contains the java and php, java has several applications ...
  10. jasig-cas single sign of the custom validation - jdbc

    jasig-cas single sign of the custom validation - jdbc cas-servlet.xml is used in the spring-webflow such a thi ...
  11. ucenter single sign summary

    Hong Sing's products have been used, natural and ultimately a single point of landing, the next ucenter recent ...
  12. To ask you, SSO single sign of problems

    By Cookie, cross-domain single sign carried out, a number of systems after landing, to ask you, what better wa ...
  13. ofbiz how to implement Single Sign On

    In the present project, to achieve single sign. SSH had previously realized. ofbiz search many documents on th ...
  14. Spring Security 2.0 + CAS configure single sign-on learning configuration notes

    Spring Security 2.0 + CAS configure single sign-on learning configuration notes Spring Security 2.0 is based o ...
  15. Single sign -01 (Analysis)

    I always thought the original "single sign" means an account can only be landed in one place, that t ...
  16. CAS Single Sign Series (4) - Using RDBMS Authentication

    In practice, the user authentication information usually stored in the RDBMS or LDAP, that can better guarante ...
  17. CAS single sign a complete tutorial

    To enable more people to quickly build their own single sign-on server, I in the company's experience in a pro ...
  18. Achieved with a simple cookie single sign-

    See Bowen, on the single sign-on. Quote Write your own single sign-on (SSO) service: http://blog.csdn.net/java ...
  19. Cookie achieved through single sign Redmine

    Belong to two different systems, they can not be shared between the same set of Session , to achieve the SSO w ...