cas 服务器安装

1.生成证书

1.1 服务器端生成证书

[root@systest1 bin]# hostnamesystest1[root@systest1 bin]# keytool -genkeypair -alias cas -keyalg RSA -storepass changeit -keystore /home/server.keystoreWhat is your first and last name?  [Unknown]:  systest1What is the name of your organizational unit?  [Unknown]:  sysWhat is the name of your organization?  [Unknown]:  sysWhat is the name of your City or Locality?  [Unknown]:  sh     What is the name of your State or Province?  [Unknown]:  sh    What is the two-letter country code for this unit?  [Unknown]:  cnIs CN=systest1, OU=sys, O=sys, L=sh, ST=sh, C=cn correct?  [no]:  yEnter key password for <cas>(RETURN if same as keystore password):  

1.2 服务器端导出证书，供客户端使用

keytool -exportcert -alias cas -file /home/cas.crt -storepass changeit -keystore /home/server.keystore

1.3 客户端导入证书到jvm(我这里是在同一台服务器上，所以直接导入)

keytool -importcert -alias cas -file /home/cas.crt -keystore "${JAVA_HOME}/jre/lib/security/cacerts" -storepass changeit -noprompt

2.tomcat支持https访问,conf/server.xml配置如下

<Server port="18005" shutdown="SHUTDOWN">

    <!-- A "Connector" represents an endpoint by which requests are received         and responses are returned. Documentation at :         Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)         Java AJP  Connector: /docs/config/ajp.html         APR (HTTP/AJP) Connector: /docs/apr.html         Define a non-SSL HTTP/1.1 Connector on port 8080    -->    <Connector port="18080" protocol="HTTP/1.1"               connectionTimeout="20000"               redirectPort="18443" />

    <!-- Define a SSL HTTP/1.1 Connector on port 8443         This connector uses the BIO implementation that requires the JSSE         style configuration. When using the APR/native implementation, the         OpenSSL style configuration is required as described in the APR/native         documentation --><Connector port="18443" protocol="org.apache.coyote.http11.Http11Protocol"       maxThreads="150" SSLEnabled="true" scheme="https" secure="true"keystoreFile="/home/server.keystore" keystorePass="changeit"        clientAuth="false" sslProtocol="TLS" />

    <!-- Define an AJP 1.3 Connector on port 8009 -->    <Connector port="18009" protocol="AJP/1.3" redirectPort="18443" />

3. cas 服务搭建

下载地址 http://developer.jasig.org/cas/；最新版本是4.0.0 ，下载后解压后，复制cas-server-4.0.0-release\cas-server-4.0.0\modules\cas-server-webapp-4.0.0.war到tomcat中，重命名为cas.war,启动tomcat

访问cas服务：https://systest1:18443/cas/login

打开文件 webapps/cas/WEB-INF/deployerConfigContext.xml

    <bean id="primaryAuthenticationHandler"          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">        <property name="users">            <map>               <span style="color:#ff0000;"> <entry key="casuser" value="Mellon"/></span>            </map>        </property>    </bean>

这里配置了用户名/密码，

登录cas服务器 ：用户名：casuser  密码：Mellon；登录成功画面如下

登出cas服务器：https://systest1:18443/cas/logout