Tomcat 6.0.29 + JDK 1.6.0_18 + CAS 3.4.3 + CAS Client 3.1.12 单点登录
1、cmd命令进入%CATA_LINA%/conf/目录:
keytool -delete -alias tomcat -keypass changeit
keytool -genkey -alias tomcat -keypass changeit -keyalg RSA -keystore .keystore --D:/keys/.keystore
keytool -export -alias tomcat -keypass changeit -file server.crt -keystore keystore
keytool -import -file server.crt -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
2、修改server.xml将<Connector prot="8443"...../>修改为
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
prot="8443" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystorePass="changeit"
keystoreFile="{Tomcat的安装目录}/conf/.keystore"/>
3、在CAS客户端的web.xml文件里添加(首先将casclient.jar添加到../WEB-INF/lib/目录里)
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://cas.server/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://cas.server/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
4、PHP客户端将CAS-1.1.3文件夹拷贝到Apache的发布目录即可
include_once("CAS.php");
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0, CAS_URL cas服务器地址, 8443, "/cas");
phpCAS::setNoCasServerValidation();不需要SSL验证
phpCAS::forceAuthentication();进行用户验证
CAS服务器配置
1、下载CAS Server 将其下的war拷贝到Tomcat下。
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="sql" value="select password from t_admin_user where login_name=?" />
<property name="passwordEncoder" ref="MD5PasswordEncoder"/>
</bean>
<bean id="MD5PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
<constructor-arg index="0">
<value>MD5</value>
</constructor-arg>
</bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
<property name="url"><value>jdbc:mysql:///wsriademo</value></property>
<property name="username"><value>root</value></property>
<property name="password"><value>root</value></property>
</bean>
keytool -delete -alias tomcat -keypass changeit
keytool -genkey -alias tomcat -keypass changeit -keyalg RSA -keystore .keystore --D:/keys/.keystore
keytool -export -alias tomcat -keypass changeit -file server.crt -keystore keystore
keytool -import -file server.crt -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
2、修改server.xml将<Connector prot="8443"...../>修改为
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
prot="8443" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystorePass="changeit"
keystoreFile="{Tomcat的安装目录}/conf/.keystore"/>
3、在CAS客户端的web.xml文件里添加(首先将casclient.jar添加到../WEB-INF/lib/目录里)
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://cas.server/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://cas.server/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
4、PHP客户端将CAS-1.1.3文件夹拷贝到Apache的发布目录即可
include_once("CAS.php");
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0, CAS_URL cas服务器地址, 8443, "/cas");
phpCAS::setNoCasServerValidation();不需要SSL验证
phpCAS::forceAuthentication();进行用户验证
CAS服务器配置
1、下载CAS Server 将其下的war拷贝到Tomcat下。
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="sql" value="select password from t_admin_user where login_name=?" />
<property name="passwordEncoder" ref="MD5PasswordEncoder"/>
</bean>
<bean id="MD5PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
<constructor-arg index="0">
<value>MD5</value>
</constructor-arg>
</bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
<property name="url"><value>jdbc:mysql:///wsriademo</value></property>
<property name="username"><value>root</value></property>
<property name="password"><value>root</value></property>
</bean>