【转】Yale_CAS客户端配置说明

Java Web应用

使用cas-client-3.1.12 Java

 

设置filter

<!-- 用于单点退出，该过滤器用于实现单点登出功能，可选配置-->

<listener>

         <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

 

<!-- 该过滤器用于实现单点登出功能，可选配置。 -->

<filter>

         <filter-name>CAS Single Sign Out Filter</filter-name>

         <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

</filter>

<filter-mapping>

         <filter-name>CAS Single Sign Out Filter</filter-name>

         <url-pattern>/*</url-pattern>

</filter-mapping>

 

<!-- 该过滤器负责用户的认证工作，必须启用它 -->

<filter>

         <filter-name>CASFilter</filter-name>

         <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

         <init-param>

                 <param-name>casServerLoginUrl</param-name>

                 <param-value>https://sso.wsria.com:8443/cas/login</param-value>

                 <!--这里的server是服务端的IP-->

         </init-param>

         <init-param>

                 <param-name>serverName</param-name>

                 <param-value>http://localhost:10000</param-value>

         </init-param>

</filter>

<filter-mapping>

         <filter-name>CASFilter</filter-name>

         <url-pattern>/*</url-pattern>

</filter-mapping>

 

<!-- 该过滤器负责对Ticket的校验工作，必须启用它 -->

<filter>

         <filter-name>CAS Validation Filter</filter-name>

         <filter-class>

                 org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

         <init-param>

                 <param-name>casServerUrlPrefix</param-name>

                 <param-value>https://sso.wsria.com:8443/cas</param-value>

         </init-param>

         <init-param>

                 <param-name>serverName</param-name>

                 <param-value>http://localhost:10000</param-value>

         </init-param>

</filter>

<filter-mapping>

         <filter-name>CAS Validation Filter</filter-name>

         <url-pattern>/*</url-pattern>

</filter-mapping>

 

<!--

         该过滤器负责实现HttpServletRequest请求的包裹，

         比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名，可选配置。

-->

<filter>

         <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

         <filter-class>

                 org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>

</filter>

<filter-mapping>

         <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

         <url-pattern>/*</url-pattern>

</filter-mapping>

 

<!--

         该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。

         比如AssertionHolder.getAssertion().getPrincipal().getName()。

-->

<filter>

         <filter-name>CAS Assertion Thread Local Filter</filter-name>

         <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>

</filter>

<filter-mapping>

         <filter-name>CAS Assertion Thread Local Filter</filter-name>

         <url-pattern>/*</url-pattern>

</filter-mapping>

 

<!-- 自动根据单点登录的结果设置本系统的用户信息 -->

<filter>

         <display-name>AutoSetUserAdapterFilter</display-name>

         <filter-name>AutoSetUserAdapterFilter</filter-name>

         <filter-class>com.wsria.demo.filter.AutoSetUserAdapterFilter</filter-class>

</filter>

<filter-mapping>

         <filter-name>AutoSetUserAdapterFilter</filter-name>

         <url-pattern>/*</url-pattern>

</filter-mapping>

<!-- ============== 单点登录结束 === -->

 

使用版本3.x用以下方法获得用户名:

request.getRemoteUser()

前提是配置了CAS HttpServletRequest Wrapper Filter

 

 

.NET

1.使用casModule-1.0.1

2.添加casModule.dll的引用

3.在web.confg文件添加以下配置:

<appSettings>

    <add key="loginUrl" value="https://cas.server/login" />

    <add key="validateUrl" value="https://cas.server/serviceValidate" />

    <add key="logoutUrl" value="https://cas.server/logout" />

  </appSettings>

<system.web>

    ...

    <httpModules>

      <add name="CasModule" type="Upmc.CasModule.CasModule, CasModule"/>

    </httpModules>

    ...

  </system.web>

<authentication mode="None">

    </authentication>

    <authorization>

        <allow users="*"/>

</authorization>

 

PHP

1.增加Apache ssl_module模块

2.增加php_curl模块

3.使用到的文件或目录:CAS-php-1.2.2/CAS.php和CAS-php-1.2.2/CAS目录.

4.修改config中CAS目录与服务器相关的配置:

 $phpcas_path

$cas_host

5.调用phpCAS::getUser()获得用户名.

6.在每个受保护的页面开关加以下代码:

<?php

include_once('config.php');

include_once($phpcas_path.'/CAS.php');

phpCAS::setDebug();// Uncomment to enable debugging

phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);

// 必须调用以下两个方法中的一个:phpCAS::setCasServerCACert(),phpCAS::setNoCasServerValidation()

// phpCAS::setCasServerCACert($cas_server_ca_cert_path); // 设置证书的路径

phpCAS::setNoCasServerValidation();

phpCAS::forceAuthentication();

if (isset($_REQUEST['logout'])) { // logout if desired

    phpCAS::logout();

}

?>