安装单点登录cas服务器

    1. 下载cas server

     http://www.jasig.org/cas/download

 

    2. cas-server-webapp-version.war拷贝到tomcat/webapps目录下,并重命名cas.war

 

    3.生成证书 写道

keytool -genkey -alias tomcat -keyalg RSA -keystore /ca/tomcatKeystore -validity 365 -v

 

 

4. 修改tomcat server.xml

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/ca/tomcatKeystore" keystorePass="123456"/>

 

 

The original webflow XML configuration file is located in ${project.home}/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml.

 

5. 把x509Check注释去掉

 <!--
<action-state id="startAuthenticate">
<action bean="x509Check" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="viewLoginForm" />
</action-state>
-->

 

 

6. 在/WEB-INF/cas-servlet.xml 添加下面这段

<bean
id="x509Check"
p:centralAuthenticationService-ref="centralAuthenticationService"
class="org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction" >
<property name="centralAuthenticationService" ref="centralAuthenticationService"/>
</bean>

 

 

７.WEB-INF/deployerConfigContext 添加

One bean must be added to the list of Authentication Handlers. In file WEB-INF/deployerConfigContext find the <bean id="authenticationManager">. Inside it, there is a <property name="authenticationHandlers">.  In it is a <list>. To this list, add:

<bean
class="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler">
<property name="trustedIssuerDnPattern" value="CN=Hogwarts Certifying Authority.+" />
</bean>

 

8. 拷贝cas-server-support-x509-3.3.3.jar

把modules/cas-server-support-x509-3.3.3.jar拷贝到web-inf/lib下

 

   

9.启动

https://192.168.254.3:8443/cas/login

输入用户名和密码一样，然后登录

 

  see more detail information :

  http://www.ja-sig.org/wiki/display/CASUM/X.509+Certificates