Central Authentication Service
内部邀请码:C8E245J (不写邀请码,没有现金送)
国内私募机构九鼎控股打造,九鼎投资是在全国股份转让系统挂牌的公众公司,股票代码为430719,为“中国PE第一股”,市值超1000亿元。
http://docs.jboss.com/jbportal/v2.7.1/referenceGuide/html/sso.html#d0e11667
21.3. CAS - Central Authentication Service
This Single Sign On plugin enables seamless integration between JBoss Portal and the CAS Single Sign On Framework. Details about CAS can be found here
21.3.1. Integration steps
Note
The steps below assume that CAS server and JBoss Portal will be deployed on the same JBoss Application Server instance. CAS will be configured to leverage identity services exposed by JBoss Portal to perform authentication. Procedure may be slightly different for other deployment scenarios. Both JBoss Portal and CAS will need to be configured to authenticate against same database or LDAP server. Please see CAS documentation to learn how to setup it up against proper identity store.
Note
Configuration below assumes that JBoss Application Server is HTTPS enabled and operates on standard ports: 80 (for HTTP) and 443 (for HTTPS).
- Install CAS server (v 3.0.7). This should be as simple as deploying single cas.war file.
- Copy portal-identity-lib.jar and portal-identity-sso-lib.jar files from$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib to$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/lib.
- Edit $JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/WEB-INF/context.xml file and enable proper Apache Tomcat Valve by uncommenting following lines:
<Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
casLogin="https://localhost/cas/login"
casValidate="https://localhost/cas/serviceValidate"
casServerName="localhost"
authType="FORM"
/>Update valve options as follow:
- casLogin: URL of your CAS Authentication Server
- casValidate: URL of your CAS Authentication Server validation service
- casServerName: the hostname:port combination of your CAS Authentication Server
Note
CAS client requires to use SSL connection. To learn how to setup JBoss Application Server to use HTTPS see here
- Copy casclient.jar into $JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib. You can download this file from CAS homepage or from JBoss repository underhttp://repository.jboss.com/cas/3.0.7/lib/
Note
The CAS engine does not accept self-signed SSL certificates. This requirement is fine for production use where a production level SSL certificate is available. However, for testing purposes, this can get a little annoying. Hence, if you are having this issue, you can usecasclient-lenient.jar instead.
- Edit $JBOSS_HOME/server/default/deploy/jboss-portal.sar/META-INF/jboss-service.xml file and uncomment following lines:
<mbean
code="org.jboss.portal.identity.sso.cas.CASAuthenticationService"
name="portal:service=Module,type=CASAuthenticationService"
xmbean-dd=""
xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
<xmbean/>
<depends>portal:service=Module,type=IdentityServiceController</depends>
<attribute name="HavingRole"></attribute>
</mbean>This will expose special service in JBoss Portal that can be leveraged by CAS AuthenticationHandler if the server is deployed on the same application server instance. This AuthenticationHandler will be enabled in next 2 steps.
- Edit $JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/deployerConfigContext.xml and add following line in the authenticationHandlers section:
<bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
<property
name="httpClient"
ref="httpClient" />
</bean> <!--
| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
| into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
| where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+-->
<bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
</list>
</property>
To test the integration:
- Go to your portal. Typically, http://localhost:8080/portal
- Click on the "Login" link on the main portal page
- This should bring up the CAS Authentication Server's login screen instead of the default JBoss Portal login screen
- Input your portal username and password. For built-in portal login try user:user or admin:admin
- If login is successful, you should be redirected back to the portal with the appropriate user logged in
Central Authentication Service的更多相关文章
- Hadoop生态圈-单点登录框架之CAS(Central Authentication Service)部署
Hadoop生态圈-单点登录框架之CAS(Central Authentication Service)部署 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 一.CAS简介 CAS( ...
- CAS(Central Authentication Service)——windows上简单搭建及測试
入手文章,大神绕行. 一.服务端搭建 我使用的服务端版本号为:cas-server-3.4.11-release.zip.解压之后,将\cas-server-3.4.11-release\cas-se ...
- 自己动手搭建 CAS(Central Authentication Service) 环境,为了单点登录(Single Sign On , 简称 SSO )
介绍 刚刚搭建 CAS 成功了,现在记录下来,怕以后忘记,同时也给需要帮助的人.CAS 搭建需要服务端和客户端,服务端是 Java 写的,如果自己搭建则需要安装与配置 Java 环境.客户端可以是多种 ...
- 集成基于CAS协议的单点登陆
相信大家对单点登陆(SSO,Single Sign On)这个名词并不感到陌生吧?简单地说,单点登陆允许多个应用使用同一个登陆服务.一旦一个用户登陆了一个支持单点登陆的应用,那么在进入其它使用同一单点 ...
- CAS FOR WINDOW ACTIVE DIRECTORY SSO单点登录
一.CAS是什么? CAS(Central Authentication Service)是 Yale 大学发起的一个企业级的.开源的项目,旨在为 Web 应用系统提供一种可靠的单点登录解决方法(支持 ...
- 【Java EE 学习 68】【单点登录】【两种单点登录类型:SSO/CAS、相同一级域名的SSO】
单点登录:SSO(Single Sign On) 什么是单点登录:大白话就是多个网站共享一个用户名和密码的技术,对于普通用户来说,只需要登录其中任意一个网站,登录其他网站的时候就能够自动登陆,不需要再 ...
- CAS学习笔记(一)
近期做单点登录,看了一些CAS资料,做下总结 一.cas简介 全名:Central Authentication Service 特点: 1.开源的.多协议的 SSO 解决方案: Protocols ...
- 【单点登录】【两种单点登录类型:SSO/CAS、相同一级域名的SSO】
单点登录:SSO(Single Sign On) 什么是单点登录:大白话就是多个网站共享一个用户名和密码的技术,对于普通用户来说,只需要登录其中任意一个网站,登录其他网站的时候就能够自动登陆,不需要再 ...
- CAS 集群部署session共享配置
背景 前段时间,项目计划搞独立的登录鉴权中心,由于单独开发一套稳定的登录.鉴权代码,工作量大,最终的方案是对开源鉴权中心CAS(Central Authentication Service)作适配修改 ...
随机推荐
- 让JAVA代码跑得更快
本文简单介绍一下在写代码过程中用到的一些让JAVA代码更高效的技巧. 1. 将一些系统资源放在池中(如数据库连接, 线程等) 在standalone的应用中, 数据库连接池可以使用一些开源的连接池 ...
- 八大排序方法汇总(选择排序,插入排序-简单插入排序、shell排序,交换排序-冒泡排序、快速排序、堆排序,归并排序,计数排序)
2013-08-22 14:55:33 八大排序方法汇总(选择排序-简单选择排序.堆排序,插入排序-简单插入排序.shell排序,交换排序-冒泡排序.快速排序,归并排序,计数排序). 插入排序还可以和 ...
- 【HDOJ】4426 Palindromic Substring
综合性很强的一道题目,结合manacher,后缀数组,哈希,RMQ,二分可解.基本思路是通过manacher可以找到所有可能的回文串,哈希去重,后缀数组二分找数目.最后暴力求解.需要注意kth需要为_ ...
- Android开发之ContentProvider的简单使用
ContentProvider,内容提供者 官网结构图: 作为四大组件之一的ContentProvider,主要是用于应用间数据共享使用的. ContentProvider把应用的数据封装起来,然后提 ...
- Java版本的删除指定目录及子目录下名叫“xxx.txt”的所有文件
以前写过一个python版本的,但是在查找文件路径的时候出现错误,无法正确的获取到文件的路径,就造成无法删除该路径下的“xxx.txt”文件. 当时以为是windows版本系统的错误造成这个问题的,也 ...
- poj 2531 Network Saboteur( dfs )
题目:http://poj.org/problem?id=2531 题意:一个矩阵,分成两个集合,求最大的 阻碍量 改的 一位大神的代码,比较简洁 #include<stdio.h> #i ...
- 大四实习准备1_java构造器_android ListView
2015-4-23 Java构造器 与类名同名;无返回值(void也不行);被不同的修饰符修饰是有区别的;当构造函数被private修饰时,只有本类可访问.其他类可以通过该类的get函数得到对象.如单 ...
- bzoj3205
和bzoj2595类似,也是斯坦纳树 设f[l,r,]表示在点i机器人组合成了l-r最少推的次数,然后可得 f[l,r,i]=min(f[l,m,i]+f[m+1,r,i]) f[l,r,i]=min ...
- sencha项目升级
对于已经开发好的sencha项目进行升级,要做的有以下几步(以sencha2.2.0升级到sencha2.3.1为例): 1,下载Sencha-2.3.1sdk,下载地址:http://cdn.sen ...
- PHP超大文件下载,断点续传下载
源代码: <?php $sourceFile = "1.tmp"; //要下载的临时文件名 $outFile = "用户订单.xls"; //下载保存到客 ...