Yale CAS 安装配置过程指导书

1、配置Maven repo mirror

可以使用如下2个链接作为Maven的镜像地址。否则，整个编译过程会因为下载超时面失败。
http://maven.oschina.net/content/groups/public/
http://mirrors.aliyun.com/

#mvn clean install -Dmaven.test.skip
#mvn eclipse:eclipse

2、配置https protocol in server.xml.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/home/cas/cas.allinone.statcks.keystore" keystorePass="cas123" truststoreFile="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.91.x86_64/jre/lib/security/cacerts" clientAuth="false" sslProtocol="TLS" />

3、使用 JAVA keytool to generate CA

3.1 List all CAs in system

keytool -list -v -alias cas -keystore cas.allinone.keystore
keytool -list -keystore $JAVA_HOME/lib/security/cacerts

3.2 Clear the previously CA

keytool -delete -alias cas -keystore $JAVA_HOME/lib/security/cacerts
cacerts password: changeit

3.3 Genereate the new CA

keytool -genkey -alias cas -keypass cas123 -keyalg RSA -keystore cas.njsdb.keystore

The first CN should be the value as the HOST name.

3.4 Export CA to CA files

keytool -export -alias cas -keypass cas123 -file cas.njsdb.crt -keystore cas.njsdb.keystore

3.5 Import CA file to system

On linux

keytool -import -alias cas -file cas.njsdb.crt -keystore 
$JAVA_HOME/lib/security/cacerts -keypass changeit

On windows

keytool -import -alias cas -file cas.njsdb.crt -keystore %JAVA_HOME%\lib\security\cacerts -keypass changeit

4、在cas-management 中启用 casuser

At location: /home/cas/tomcat/webapps/cas-management/WEB-INF/classes, open file ‘user-detail.properties’ and uncommnet the line to let the casuser has the privilledge of ROLE_ADMIN or add a new line of your new user name.

C:\Windows\System32\drivers\etc

5、注册 CAS service.
In $CAS_HOME/tomcat/webapps/cas/WEB-INF/classes/services
add a JSON file with file name {ServiceName}-{ServiceID}.json.
For example:
iPortal-172428224375258.json

{
  "@class" : "org.jasig.cas.services.RegexRegisteredService",
  "serviceId" : "^http://localhost:8080/iportal",
  "name" : "iPortal",
  "id" : 172428224375258,
  "description" : "Apereo foundation sample service",
  "proxyPolicy" : { "@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy" },
  "evaluationOrder" : 1,
  "usernameAttributeProvider" : { "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" },
  "logoutType" : "BACK_CHANNEL",
  "attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", "principalAttributesRepository" : { "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" }, "authorizedToReleaseCredentialPassword" : false, "authorizedToReleaseProxyGrantingTicket" : false },
  "accessStrategy" : { "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "ssoEnabled" : true } }