Lieferay和web项目中整合Liferay CAS server建立SSO,针对4.3版本进行如下操作
1、设置CAS server
首先下载cas-server WAR包,并将cas-web.war文件放入Tomcat's webapps目录下
编辑 tomcat 下的server.xml
<
Connector port
=
"
8443
"
maxHttpHeaderSize
=
"
8192
"
maxThreads = " 150 " minSpareThreads = " 25 " maxSpareThreads = " 75 "
enableLookups = " false " disableUploadTimeout = " true "
acceptCount = " 100 " scheme = " https " secure = " true "
clientAuth = " false " sslProtocol = " TLS " />
maxThreads = " 150 " minSpareThreads = " 25 " maxSpareThreads = " 75 "
enableLookups = " false " disableUploadTimeout = " true "
acceptCount = " 100 " scheme = " https " secure = " true "
clientAuth = " false " sslProtocol = " TLS " />
2、设置CAS client
下载cas-client-2.0.11,放至lib下
3、设置数字签名
在java环境中用使用keytool 进行设置
D:\Java\jdk1.
5
\bin
>
keytool
-
genkey
-
alias tomcat
-
keypass changeit
-
keyalg RSA 输入keystore密码: changeit 您的名字与姓氏是什么? [Unknown]: localhost 您的组织单位名称是什么? [Unknown]: 您的组织名称是什么? [Unknown]: 您所在的城市或区域名称是什么? [Unknown]: 您所在的州或省份名称是什么? [Unknown]: 该单位的两字母国家代码是什么 [Unknown]: CN
=
localhost, OU
=
Unknown, O
=
Unknown, L
=
Unknown, ST
=
Unknown, C
=
Unknown 正确吗? [否]: y
keytool -export -alias tomcat -keypass changeit -file %FILE_NAME%
keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
D:\Java\jdk1.
5
\bin
>
keytool
-
export
-
alias tomcat
-
keypass changeit
-
file c:
/
server.cart
输入keystore密码: changeit
保存在文件中的认证 < c: / server.cart >
D:\Java\jdk1. 5 \bin > keytool - import - alias tomcat - file c: / server.cart - keypass changeit - keystore c: / cacerts
输入keystore密码: changeit
Owner: CN = localhost, OU = Unknown, O = Unknown, L = Unknown, ST = Unknown, C = Unknown
发照者: CN = localhost, OU = Unknown, O = Unknown, L = Unknown, ST = Unknown, C = Unknown
序号: 46d28617
有效期间: Mon Aug 27 16 : 06 : 47 CST 2007 至: Sun Nov 25 16 : 06 : 47 CST 2007
认证指纹:
MD5: 0E: 27 : 55 : 74 :D0: 56 :E8: 39 :B8:0D: 58 :1E: 69 :7B:C6:C5
SHA1: AD:7F: 90 : 87 :2B: 18 : 99 : 07 :DE:A6:A8: 78 : 90 :9F: 86 :CB: 18 :A8: 67 : 03
信任这个认证? [否]: y
认证已添加至keystore中
输入keystore密码: changeit
保存在文件中的认证 < c: / server.cart >
D:\Java\jdk1. 5 \bin > keytool - import - alias tomcat - file c: / server.cart - keypass changeit - keystore c: / cacerts
输入keystore密码: changeit
Owner: CN = localhost, OU = Unknown, O = Unknown, L = Unknown, ST = Unknown, C = Unknown
发照者: CN = localhost, OU = Unknown, O = Unknown, L = Unknown, ST = Unknown, C = Unknown
序号: 46d28617
有效期间: Mon Aug 27 16 : 06 : 47 CST 2007 至: Sun Nov 25 16 : 06 : 47 CST 2007
认证指纹:
MD5: 0E: 27 : 55 : 74 :D0: 56 :E8: 39 :B8:0D: 58 :1E: 69 :7B:C6:C5
SHA1: AD:7F: 90 : 87 :2B: 18 : 99 : 07 :DE:A6:A8: 78 : 90 :9F: 86 :CB: 18 :A8: 67 : 03
信任这个认证? [否]: y
认证已添加至keystore中
4、设置Liferay Portal
<
filter
>
< filter - name > CAS Filter </ filter - name >
< filter - class > edu.yale.its.tp.cas.client.filter.CASFilter </ filter - class >
< init - param >
< param - name > edu.yale.its.tp.cas.client.filter.loginUrl </ param - name >
< param - value > https: // localhost:8443/cas-web/login</param-value>
</ init - param >
< init - param >
< param - name > edu.yale.its.tp.cas.client.filter.validateUrl </ param - name >
< param - value > https: // localhost:8443/cas-web/proxyValidate</param-value>
</ init - param >
< init - param >
< param - name > edu.yale.its.tp.cas.client.filter.serviceUrl </ param - name >
< param - value > http: // localhost:8080/c/portal/login</param-value>
</ init - param >
</ filter >
< filter - name > CAS Filter </ filter - name >
< filter - class > edu.yale.its.tp.cas.client.filter.CASFilter </ filter - class >
< init - param >
< param - name > edu.yale.its.tp.cas.client.filter.loginUrl </ param - name >
< param - value > https: // localhost:8443/cas-web/login</param-value>
</ init - param >
< init - param >
< param - name > edu.yale.its.tp.cas.client.filter.validateUrl </ param - name >
< param - value > https: // localhost:8443/cas-web/proxyValidate</param-value>
</ init - param >
< init - param >
< param - name > edu.yale.its.tp.cas.client.filter.serviceUrl </ param - name >
< param - value > http: // localhost:8080/c/portal/login</param-value>
</ init - param >
</ filter >
5、test SSO
相关问题汇总:
http://wiki.liferay.com/index.php/Single_SignOn_-_Integrating_Liferay_With_CAS_Server#Instructions_for_Liferay_4.2