CAS代理配置

Posted dorothychai

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CAS代理配置相关的知识,希望对你有一定的参考价值。

CAS Server:www.sinosoft.com

代理服务:palace.sinosoft.com

被代理服务:gguser.sinosoft.com

1. 建立key,命令如下:

keytool -genkey -alias palace -keyalg RSA -keystore palace -ext san=dns:palace.sinosoft.com,dns:gguser.sinosoft.com,dns:www.sinosoft.com
keytool -export -file palace.crt -alias palace -keystore palace

2. 导入key(在三台机器上都导入)

keytool -import -keystore "c:\\Program Files\\Java\\jdk1.7.0_79\\jre\\lib\\security\\cacerts" -file d:\\keys\\palace.crt -alias palace

3. 修改tomcat的server.xml,添加如下语句:

image

其中马赛克处是密码

4. 代理服务的web.xml配置添加如下:

PS:配置在其他的filter之前.注意配置的顺序等.

<!-- begin CAS -->
    
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>
      
    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>
    
    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://www.sinosoft.com:8443/CAS-yuan02/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://palace.sinosoft.com:8080</param-value>
        </init-param>
    </filter>
             
    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>
                     org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://www.sinosoft.com:8443/CAS-yuan02</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://palace.sinosoft.com:8080</param-value>
        </init-param>
                
        <init-param>  
            <param-name>acceptAnyProxy</param-name>  
            <param-value>true</param-value>  
        </init-param>  
        <init-param>
            <param-name>proxyCallbackUrl</param-name>
            <param-value>https://palace.sinosoft.com:8443/palace/proxyCallback</param-value>
        </init-param>
        <init-param>
            <param-name>proxyReceptorUrl</param-name>
            <param-value>/proxyCallback</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/proxyCallback</url-pattern>
    </filter-mapping>
              
    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
      
      <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
      
    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>
                     org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <!-- end CAS -->

5. 被代理服务的web.xml配置

<!-- ======================== 单点登录开始 ======================== -->
             <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
             <listener>
                <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
              </listener>
             <filter>
                 <filter-name>CAS Single Sign Out Filter</filter-name>
                 <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
             </filter>
             <filter-mapping>
                 <filter-name>CAS Single Sign Out Filter</filter-name>
                 <url-pattern>/*</url-pattern>
             </filter-mapping>
      
             <filter>
                 <filter-name>CAS Filter</filter-name>
                 <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
                 <init-param>
                     <param-name>casServerLoginUrl</param-name>
                     <param-value>https://www.sinosoft.com:8443/CAS-yuan02/login</param-value>
                 </init-param>
                 <init-param>
                     <param-name>serverName</param-name>
                     <param-value>http://gguser.sinosoft.com:8080</param-value>
                </init-param>
             </filter>
             <filter-mapping>
                 <filter-name>CAS Filter</filter-name>
                 <url-pattern>/*</url-pattern>
             </filter-mapping>
             <filter>
                 <filter-name>CAS Validation Filter</filter-name>
                 <filter-class>
                     org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
                 <init-param>
                     <param-name>casServerUrlPrefix</param-name>
                     <param-value>https://www.sinosoft.com:8443/CAS-yuan02</param-value>
                 </init-param>
                <init-param>
                     <param-name>serverName</param-name>
                     <param-value>http://gguser.sinosoft.com:8080</param-value>
                </init-param>
                
                    <init-param>
                    <!-- redirectAfterValidation must be false, otherwise the request params
                        from proxying app could not be received -->
                    <param-name>redirectAfterValidation</param-name>
                    <param-value>false</param-value>
                </init-param>
                <init-param>
                    <param-name>acceptAnyProxy</param-name>
                    <param-value>true</param-value>
                </init-param>
    
             </filter>
             <filter-mapping>
                 <filter-name>CAS Validation Filter</filter-name>
                 <url-pattern>/*</url-pattern>
             </filter-mapping>
      
             
             <filter>
                <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
                 <filter-class>
                     org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
             </filter>
             <filter-mapping>
                 <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
                 <url-pattern>/*</url-pattern>
             </filter-mapping>
      
             <filter>
                 <filter-name>CAS Assertion Thread Local Filter</filter-name>
                 <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
             </filter>
             <filter-mapping>
                 <filter-name>CAS Assertion Thread Local Filter</filter-name>
                 <url-pattern>/*</url-pattern>
             </filter-mapping>
             <!-- ======================== 单点登录结束 ======================== -->

以上是关于CAS代理配置的主要内容,如果未能解决你的问题,请参考以下文章

markdown [Apereo CAS 3.5 CORE] Apereo CAS 3.5 #CAS的核心代码片段

CAS代理配置

nginx配置反向代理CAS单点登录应用

JAVA CAS单点登录之三:CAS代理模式演练

单点登录cas常见问题 - 什么时候会用到代理proxy模式?

双网隔离环境下CAS单点登录的解决方案