cas 6.0.x环境部署

。

1.jdk11环境

OPEN JDK11的安装–参考https://www.cjavapy.com/article/81/
配置java_home和path

2.Tomcat8.5环境

参考https://www.cnblogs.com/purplestone/p/3964207.html
配置catalog 和path
注册服务 service.bat install
移除服务 service.bat remove
启动服务 net Start Tomcat8
关闭服务 net stop Tomcat8
生成key
keytool -genkey -alias cas -keyalg RSA -keysize 2048 -keypass 123456 -storepass 123456 -keystore D:/liuyx.keystore -dname “CN=cas.example.org,OU=liuyx.com,O=liuyx,L=JiNan,ST=JiNan,C=CN”
Tomcat --server.xml中添加配置使用https协议成功和key

3.认证服务器cas-server搭建

下载源码https://github.com/apereo/cas-overlay-template/
cmd指到~\cas-overlay-template-6.0路径下，使用命令打包build package
将生成的war包拷贝到Tomcat的webapp目录下，重启

4.cas-server+mysql暂未实现

5.cas client 准备

导出证书
keytool -exportcert -alias cas -keystore D:/liuyx.keystore -file D:/liuyx.keystore.cer -storepass 123456
将证书导入jdk
keytool -import -alias cas -keystore “C:/Program Files/Java/jdk-11.0.2/lib/security/cacerts” -file D:/liuyx.keystore.cer
显示证书列表
keytool -list -keystore “C:/Program Files/Java/jdk-11.0.2/lib/security/cacerts”
删除证书
keytool -delete -alias cas -keystore C:/Java/jdk1.8.0_91/jre/lib/security/cacerts

6.cas client部署

下载代码https://github.com/cas-projects/cas-sample-java-webapp
修改pom.xml
修改web.xml

7.疑问server和client是否要在一个服务里？

<!-- wcc add -->
		<dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-api</artifactId>
            <version>1.7.25</version>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
            <version>1.7.25</version>
        </dependency>
         <!-- wcc add -->
         
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <!--用来控制cas识别的session的保存，以及判断是否是登出请求-->
    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <!--这个地址要和keystore中的CN一致，端口无所谓，域名必须一致，前边我在hosts里面配置了这个域名映射，所以实际上访问的是127.0.0.1-->
            <param-value>https://cas.example.org:443</param-value>
        </init-param>
    </filter>

    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

    <!--用来跳转登录-->
    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <!--这个地址要和keystore中的CN一致，端口无所谓，域名必须一致，前边我在hosts里面配置了这个域名映射，所以实际上访问的是127.0.0.1-->
            <param-value>https://cas.example.org:443/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <!--这是你客户端的部署地址，认证时会带着这个地址，认证成功后会跳转到这个地址-->
            <param-value>http://localhost:8081</param-value>
        </init-param>
    </filter>

    <!--用来验证ticket-->
    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <!--这个地址要和keystore中的CN一致，端口无所谓，域名必须一致，前边我在hosts里面配置了这个域名映射，所以实际上访问的是127.0.0.1-->
            <param-value>https://cas.example.org:443</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <!--这是你客户端的部署地址，验证ticket成功后会跳转到这个地址-->
            <param-value>http://localhost:8081</param-value>
        </init-param>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>useSession</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>authn_method</param-name>
            <param-value>mfa-duo</param-value>
        </init-param>
    </filter>

    <!--用来封装request-->
    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*
    

    
        CAS Validation Filter
        /*
    

    
        CAS Authentication Filter
        /*
    

    
        CAS HttpServletRequest Wrapper Filter
        /*
    

    
        
            index.jsp