This tutorial is designed to help a new CAS user to set up the Apereo CAS server and client to their applications. The code of this tutorial is open-sourced on GitLab.
What's CAS?
Enterprise Single Sign-On - CAS provides a friendly open source community that actively supports and contributes to the project. While the project is rooted in higher-ed open source, it has grown to an international audience spanning Fortune 500 companies and small special-purpose installations.
CAS provides enterprise single sign-on service for the Web:
- An open and well-documented protocol
- An open-source Java server component
- Pluggable authentication support (LDAP, database, X.509, 2-factor)
- Support for multiple protocols (CAS, SAML, OAuth, OpenID)
- A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others
- Integrates with uPortal, BlueSocket, TikiWiki, Mule, Liferay, Moodle, and others
- Community documentation and implementation support
- An extensive community of adopters
Setup Aperro CAS Server
Download Source Code
Before start, you need to download the source code from GitLab. In this tutorial, we are about to use the 4.x release.
Create Maven Project
After the download completes, uncompress the source code and copy cas-server-webapp/src/main/webapp and cas-server-webapp/src/main/resources to webapp and resources folder of the new created Maven project respectively.
Setup Maven Dependencies
Setup Maven dependencies in pom.xml as following:
<properties>
<spring.version>4.2.3.RELEASE</spring.version>
<cas-server.version>4.1.10</cas-server.version>
<cs.dir>${project.parent.basedir}</cs.dir>
</properties>
<repositories>
<repository>
<id>codelds</id>
<url>https://code.lds.org/nexus/content/groups/main-repo</url>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-webapp-support</artifactId>
<version>${cas-server.version}</version>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas-server.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>com.ryantenney.metrics</groupId>
<artifactId>metrics-spring</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>com.oracle</groupId>
<artifactId>ojdbc7</artifactId>
<version>12.1.0.2</version>
</dependency>
<!-- JSTL Tags -->
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.1.2</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-security-filter</artifactId>
<version>2.0.4</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.22</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
</dependencies>
HTTP Support
We strongly recommend you use HTTPS in the production environment! But in the development environment, you may want to use HTTP. You need to edit WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml as following:
<bean id="ticketGrantingTicketCookieGenerator"
class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
c:casCookieValueManager-ref="cookieValueManager"
p:cookieSecure="false" <!-- Edit this value -->
p:cookieMaxAge="-1"
p:cookieName="TGC"
p:cookiePath=""/>
And WEB-INF/deployerConfigContext.xml:
<bean id="proxyAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:requireSecure="false" <!-- Add this attribute -->
p:httpClient-ref="supportsTrustStoreSslSocketFactoryHttpClient" />
Database Configuration
The structure of the user table (named users) is listed below:
| Field Name | Field Type |
|---|---|
| username | VARCHAR2 |
| password | VARCHAR2 |
To add database support, you need to edit WEB-INF/deployerConfigContext.xml. Just change the following lines
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
to
<!-- Replace driverClassName to MySQL Connector if you're using MySQL -->
<!-- Replace url, username, password to yours -->
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"
init-method="init" destroy-method="close">
<property name="driverClassName" value="oracle.jdbc.driver.OracleDriver" />
<property name="url" value="jdbc:oracle:thin:@localhost:1521/xe" />
<property name="username" value="Your-Username" />
<property name="password" value="Your-Password" />
</bean>
<bean id="MD5PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
<constructor-arg index="0" value="MD5" />
</bean>
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="passwordEncoder" ref="MD5PasswordEncoder"/>
<property name="sql" value="select password from users where username = ?" />
</bean>
Finally, we need to set up the applications that authenticate via this CAS server. Replace the following lines in WEB-INF/deployerConfigContext.xml:
<bean id="serviceRegistryDao" class="org.jasig.cas.services.JsonServiceRegistryDao"
c:configDirectory="${service.registry.config.location:classpath:services}" />
to
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
p:registeredServices-ref="registeredServicesList" />
<util:list id="registeredServicesList">
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="10000001"/>
<property name="name" value="Your Service Name"/>
<property name="description" value="Your Service Description"/>
<property name="serviceId" value="^(http?|https?|imaps?)://((127\.0\.0\.1)|(localhost))(:[\d]+)?/.*"/>
<property name="evaluationOrder" value="10000001"/>
</bean>
</util:list>
Setup Aperro CAS Client
It's easier to set up CAS clients in the application. First of all, you need to add the dependency to pom.xml:
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.4.1</version>
</dependency>
Then, add the following lines in web.xml:
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://localhost/cas/login</param-value>
</init-param>
<init-param>
<param-name>casServerLogoutUrl</param-name>
<param-value>http://localhost/cas/logout</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>localhost</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
References
- http://blog.csdn.net/heavenick/article/details/51916663
- http://blog.csdn.net/heavenick/article/details/51923361
- https://my.oschina.net/yxzterry/blog/746189
- https://www.apereo.org/projects/cas
- https://github.com/apereo/java-cas-client
浙公网安备 33010202001499号