I. CAS is the abbreviation of Central Authentication Service, Central Authentication Service, an independent open instruction protocol. CAS is Yale An open source project initiated by the university aims to provide a reliable single sign on method for Web application system. CAS officially became a project of JA-SIG in December 2004.
2. cas central authentication server is used as a single sign on method when we use it. Here we mainly build a central authentication server. cas has three access protocols: https, http and imaps. But cas uses https by default. http needs to be configured. Here we mainly explain the problems involved in cas construction. Next, we will explain how to modify it.
III. cas project download address: https://github.com/apereo/cas-overlay-template/tree/master (this is the main line)
We use version 5.3 here: https://github.com/apereo/cas-overlay-template/tree/5.3 (maven version)
IV. open the project with idea
1) cas-server-webapp-tomcat-5.3.8 will be downloaded by default War dependency
2) the content in war is
V. modify parameters and hit CAS war
1) modify account information: application properties
Default:
Modify it according to your needs. I modify it here as admin::admin
2) if we want to support http clients, we need to set the following content
http:
a,HTTPSandIMAPS-10000001.json
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000
}
Add http in serviceId
b. in application Properties join
#Use http
cas.tgc.secure=false #Open JSON file identification cas.serviceRegistry.initFromJson=true
3) maven packaging
Vi. operation
VII. https protocol
1) the keytool certificate provided by jdk is used here to realize verification. In practice, you can apply for the certificate yourself. This is mainly for testing, using linux environment testing
2) default or add settings
#Enable json data recognition cas.serviceRegistry.initFromJson=true
If you need to support http:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000
}
Add http in serviceId
3) generate Certificate (relative path, cas.keystore and password set are used here)
keytool -genkey -alias cas -keyalg RSA -keystore cas.keystore -storepass changeit
Note: if the domain name is different, it will lead to unlimited redirection
4) export certificate
keytool -export -file cas.crt -alias cas -keystore cas.keystore -storepass changeit
4) import JDK (no import is required by default, but it is required for further verification)
keytool -import -keystore "/usr/java/jdk1.8.0_192/jre/lib/security/cacerts" -file cas.crt -alias cas -storepass changeit
5) delete the certificate (cas is the alias set, which is not deleted here)
keytool -delete -alias cas -keystore "/usr/java/jdk1.8.0_192/jre/lib/security/cacerts" -storepass changeit
6) configure the server of tomcat xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/root/https/cas.keystore"
keystorePass="changeit"/>Note 8080 port
<!-- <Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" /> -->7) start project test
