Central Authentication Service
内部邀请码:C8E245J (不写邀请码,没有现金送)
国内私募机构九鼎控股打造,九鼎投资是在全国股份转让系统挂牌的公众公司,股票代码为430719,为“中国PE第一股”,市值超1000亿元。
http://docs.jboss.com/jbportal/v2.7.1/referenceGuide/html/sso.html#d0e11667
21.3. CAS - Central Authentication Service
This Single Sign On plugin enables seamless integration between JBoss Portal and the CAS Single Sign On Framework. Details about CAS can be found here
21.3.1. Integration steps
Note
The steps below assume that CAS server and JBoss Portal will be deployed on the same JBoss Application Server instance. CAS will be configured to leverage identity services exposed by JBoss Portal to perform authentication. Procedure may be slightly different for other deployment scenarios. Both JBoss Portal and CAS will need to be configured to authenticate against same database or LDAP server. Please see CAS documentation to learn how to setup it up against proper identity store.
Note
Configuration below assumes that JBoss Application Server is HTTPS enabled and operates on standard ports: 80 (for HTTP) and 443 (for HTTPS).
- Install CAS server (v 3.0.7). This should be as simple as deploying single cas.war file.
- Copy portal-identity-lib.jar and portal-identity-sso-lib.jar files from$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib to$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/lib.
- Edit $JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/WEB-INF/context.xml file and enable proper Apache Tomcat Valve by uncommenting following lines:
<Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
casLogin="https://localhost/cas/login"
casValidate="https://localhost/cas/serviceValidate"
casServerName="localhost"
authType="FORM"
/>Update valve options as follow:
- casLogin: URL of your CAS Authentication Server
- casValidate: URL of your CAS Authentication Server validation service
- casServerName: the hostname:port combination of your CAS Authentication Server
Note
CAS client requires to use SSL connection. To learn how to setup JBoss Application Server to use HTTPS see here
- Copy casclient.jar into $JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib. You can download this file from CAS homepage or from JBoss repository underhttp://repository.jboss.com/cas/3.0.7/lib/
Note
The CAS engine does not accept self-signed SSL certificates. This requirement is fine for production use where a production level SSL certificate is available. However, for testing purposes, this can get a little annoying. Hence, if you are having this issue, you can usecasclient-lenient.jar instead.
- Edit $JBOSS_HOME/server/default/deploy/jboss-portal.sar/META-INF/jboss-service.xml file and uncomment following lines:
<mbean
code="org.jboss.portal.identity.sso.cas.CASAuthenticationService"
name="portal:service=Module,type=CASAuthenticationService"
xmbean-dd=""
xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
<xmbean/>
<depends>portal:service=Module,type=IdentityServiceController</depends>
<attribute name="HavingRole"></attribute>
</mbean>This will expose special service in JBoss Portal that can be leveraged by CAS AuthenticationHandler if the server is deployed on the same application server instance. This AuthenticationHandler will be enabled in next 2 steps.
- Edit $JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/deployerConfigContext.xml and add following line in the authenticationHandlers section:
<bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
<property
name="httpClient"
ref="httpClient" />
</bean> <!--
| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
| into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
| where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+-->
<bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
</list>
</property>
To test the integration:
- Go to your portal. Typically, http://localhost:8080/portal
- Click on the "Login" link on the main portal page
- This should bring up the CAS Authentication Server's login screen instead of the default JBoss Portal login screen
- Input your portal username and password. For built-in portal login try user:user or admin:admin
- If login is successful, you should be redirected back to the portal with the appropriate user logged in
Central Authentication Service的更多相关文章
- Hadoop生态圈-单点登录框架之CAS(Central Authentication Service)部署
Hadoop生态圈-单点登录框架之CAS(Central Authentication Service)部署 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 一.CAS简介 CAS( ...
- CAS(Central Authentication Service)——windows上简单搭建及測试
入手文章,大神绕行. 一.服务端搭建 我使用的服务端版本号为:cas-server-3.4.11-release.zip.解压之后,将\cas-server-3.4.11-release\cas-se ...
- 自己动手搭建 CAS(Central Authentication Service) 环境,为了单点登录(Single Sign On , 简称 SSO )
介绍 刚刚搭建 CAS 成功了,现在记录下来,怕以后忘记,同时也给需要帮助的人.CAS 搭建需要服务端和客户端,服务端是 Java 写的,如果自己搭建则需要安装与配置 Java 环境.客户端可以是多种 ...
- 集成基于CAS协议的单点登陆
相信大家对单点登陆(SSO,Single Sign On)这个名词并不感到陌生吧?简单地说,单点登陆允许多个应用使用同一个登陆服务.一旦一个用户登陆了一个支持单点登陆的应用,那么在进入其它使用同一单点 ...
- CAS FOR WINDOW ACTIVE DIRECTORY SSO单点登录
一.CAS是什么? CAS(Central Authentication Service)是 Yale 大学发起的一个企业级的.开源的项目,旨在为 Web 应用系统提供一种可靠的单点登录解决方法(支持 ...
- 【Java EE 学习 68】【单点登录】【两种单点登录类型:SSO/CAS、相同一级域名的SSO】
单点登录:SSO(Single Sign On) 什么是单点登录:大白话就是多个网站共享一个用户名和密码的技术,对于普通用户来说,只需要登录其中任意一个网站,登录其他网站的时候就能够自动登陆,不需要再 ...
- CAS学习笔记(一)
近期做单点登录,看了一些CAS资料,做下总结 一.cas简介 全名:Central Authentication Service 特点: 1.开源的.多协议的 SSO 解决方案: Protocols ...
- 【单点登录】【两种单点登录类型:SSO/CAS、相同一级域名的SSO】
单点登录:SSO(Single Sign On) 什么是单点登录:大白话就是多个网站共享一个用户名和密码的技术,对于普通用户来说,只需要登录其中任意一个网站,登录其他网站的时候就能够自动登陆,不需要再 ...
- CAS 集群部署session共享配置
背景 前段时间,项目计划搞独立的登录鉴权中心,由于单独开发一套稳定的登录.鉴权代码,工作量大,最终的方案是对开源鉴权中心CAS(Central Authentication Service)作适配修改 ...
随机推荐
- ARM7ldr指令与ldr伪指令
ldr伪指令的第二个操作数之前有个=,意思是第一个操作书 = 第二个操作数,相当明了 核心就在于对于用.word指令在.text段里另外定义一段内存,用ldr r0,[pc + x(可以算出.text ...
- linux应用程序问题
---- 1 ----
- freemarker截取字符串
[#if a.title?length lt 23 ] ${a.title} [#else]${a.title[0..22]}...[/#if]
- C语言中的malloc和free
最近在研究php自定义函数的实现,其中php自定义函数在传递参数时,是放到人为的一个栈中,这个跟写C程序时,参数入栈的这个栈还不一样,其中延伸到了 malloc 以及free 有人说在free(p)后 ...
- bzoj1070
平均时间最短即总时间最短 首先不难想到,将每个工作人员拆成n个点 然后,我就卡住了, 的确,正向建图确实很难,因为我们不好表示在修第i个车之前,前面用了多少时间 于是我们应该逆向想一想,将这辆车作为某 ...
- compass和sass很好的两篇文章
Sass是一种"CSS预处理器",可以让CSS的开发变得简单和可维护.但是,只有搭配Compass,它才能显出真正的威力. 本文介绍Compass的用法.毫不夸张地说,学会了Com ...
- 微软 Virtual studion Code
在 Build 2015 大会上,微软除了发布了 Microsoft Edge 浏览器和新的 Windows 10 预览版外,最大的惊喜莫过于宣布推出免费跨平台的 Visual Studio Code ...
- Spring3中用注解直接注入properties中的值
在bean(可是controller, service, dao等了)中,使用@Value注解: @Service public class TestService{ @Value("${s ...
- Windows Server 2008文件同步
配置Windows Server 2008文件同步 摘要: 众所周知,Linux系统可以用rsync来实现文件或目录的同步,windows系统下也一样可以.我们现在就用cwRsync来实现wind ...
- (十三)学习CSS之两个class连一起隔空格和逗号
1.时常见到css的这两种种写法: a.两个class隔空格连一起: .class1 .class2{......} b.两个class隔逗号连一起: .class1,.class2{......} ...