CAS4.0.0整合LDAP

概述:主要是介绍下CAS4.0.0的版本和LDAP整合实现步骤
CAS4.0以下版本网上例子多的一比,随便找一下就知道该怎么配置了,也不难。但是4.0的版本网上的例子还是太少了,尤其中文的更是没有多少,我这种英文水平来弄这个真是花了大把的时间,下面我来整理下,也方便以后用到的人

详细步骤:
4.0.0版本整合ldap一共有四种方式:我选择的是直接绑定的方法

  1. 在windows里面装好ldap,这里就不多介绍了,给大家推荐篇文章,照着这个来配置就ok了:http://www.micmiu.com/enterprise-app/sso/openldap-windows-config/
  2. 配置安全证书:生成证书->导出证书->导入证书到jdk 在cmd中敲以下3行代码:
keytool -genkey -alias tomcat -keyalg RSA -storepass changeit -keystore d:\keys\.keystore -validity 3600
keytool -export -trustcacerts -alias tomcat -file d:\keys\tomcat.cer -keystore d:\keys\.keystore -storepass changeit
keytool -import -trustcacerts -alias tomcat -file d:\keys\tomcat.cer -keystore "D:\Program Files\Java\jdk1.7.0_51\jre\lib\security\cacerts" -storepass changeit
详细情况可以浏览这片文章:http://www.micmiu.com/enterprise-app/sso/sso-cas-sample/ 这里我就不多说了

3. 下载cas-server-4.0.0-release.zip
4. 解压cas-server-4.0.0-release.zip,并把里面的modules文件夹中的cas-server-webapp-4.0.0.war改名成cas(仅仅是为了方便)拷出来放到tomcat中的webapp中
5. 修改tomcat里面的8443端口内容,修改成如下:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="d:/keys/.keystore" <!--你的证书所放的位置--> keystorePass="password" /> <!--认证证书的密码-->

到此为止的操作和之前的版本都是没有区别的,下面是重点

  1. 下载这些jar包,将这些jar包放入cas中的lib文件夹中
    cas-server-support-ldap-4.0.0.jar
    spring-ldap-core-2.0.2.RELEASE.jar
    ldaptive-1.0.5.jar

  2. CAS整合LDAP:
    和CAS4.0以下版本一样,CAS整合LDAP只需要修改deployerConfigContext.xml文件就可以了,但是之前的版本只要修改下authenticationManager的配置就可以了,感兴趣的可以进入这个链接看下:http://www.micmiu.com/enterprise-app/sso/sso-cas-ldap-auth/

4.0的版本中需要增加的内容太多了,首先需要的是修改认证入口:

    <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
        <constructor-arg>
            <map>
                <!-- | IMPORTANT | Every handler requires a unique name. | If more than one instance of the same handler class is configured, you must explicitly | set its name to something other than its default name (typically the simple class name). -->
                <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
                <!--<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> --> 将这个默认的入口隐藏掉
                <entry key-ref="ldapAuthHandler" value-ref="proxyPrincipalResolver"/>   新增ldap认证的入口
            </map>
        </constructor-arg>

然后就是新增ldap中的LDAP配置文件,可以直接把我下面的代码拷贝到你的deployerConfigContext.xml,将相应的参数修改成自己的就可以了

<bean id="ldapAuthHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:principalIdAttribute="uid" c:authenticator-ref="authenticator">
            <property name="principalAttributeMap">
                <map>
                    <!-- | This map provides a simple attribute resolution mechanism. | Keys are LDAP attribute names, values are CAS attribute names. | Use this facility instead of a PrincipalResolver if LDAP is | the only attribute source. -->
                    <entry key="member" value="member" />
                    <entry key="mail" value="mail" />
                    <entry key="uid" value="uid" />
                </map>
            </property>
        </bean>


        <bean id="authenticator" class="org.ldaptive.auth.Authenticator" c:resolver-ref="dnResolver" c:handler-ref="authHandler" />


        <!-- | The following DN format works for many directories, but may need to be | customized. -->
        <bean id="dnResolver" class="org.ldaptive.auth.FormatDnResolver" c:format="uid=%s,ou=Developer,dc=micmiu,dc=com" />   <!--根据自己的LDAP内容来配置-->


        <bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler" p:connectionFactory-ref="pooledLdapConnectionFactory" />


        <bean id="pooledLdapConnectionFactory" class="org.ldaptive.pool.PooledConnectionFactory" p:connectionPool-ref="connectionPool" />


        <bean id="connectionPool" class="org.ldaptive.pool.BlockingConnectionPool" init-method="initialize" p:poolConfig-ref="ldapPoolConfig" p:blockWaitTime="3000" p:validator-ref="searchValidator" p:pruneStrategy-ref="pruneStrategy" p:connectionFactory-ref="connectionFactory" />


        <bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig" p:minPoolSize="3" p:maxPoolSize="10" p:validateOnCheckOut="false" p:validatePeriodically="true" p:validatePeriod="300" />


        <bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory" p:connectionConfig-ref="connectionConfig" />


        <bean id="connectionConfig" class="org.ldaptive.ConnectionConfig" p:ldapUrl="ldap://192.168.1.183:389" p:connectTimeout="3000" p:useStartTLS="false" p:sslConfig-ref="sslConfig" /><!--上面内容根据自己的LDAP内容来配置-->


        <bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
            <property name="credentialConfig">
                <bean class="org.ldaptive.ssl.X509CredentialConfig" p:trustCertificates="d:/keys/.keystore" />  <!--证书地址-->
            </property>
        </bean>


        <bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy" p:prunePeriod="300" p:idleTime="600" />


        <bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />

上面这些都配置好之后,可以直接启动你的tomcat,进入https://localhost:8443/cas/login来查看结果了

你可能感兴趣的:(cas,LDAP,CAS4-0-0)