前言
近期,公司系统比较多,于是自己部署了一套CAS单点登录系统,其中jira也要连入单点登录,jira账号之前是用crowd统一管理的,方便统一管理wiki账号。
jira版本号:6.3
cas版本号:5.1.1
wiki版本号:5.8.10
上篇介绍了如何连入jira,这篇介绍如何连入wiki,配置过程和jira差不多,只是登出的配置有区别
一、下载单点登录jar包
cas-client-core-3.3.3.jar, cas-client-integration-atlassian-3.5.0-jira7.jar
点击下载
将下载的jra包放到下面目录
/opt/atlassian/confluence/confluence/WEB-INF/lib
二、修改web.xml配置文件
修改/opt/atlassian/confluence/confluence/WEB-INF/web.xml文件
a 、过滤器配置
编写配置文件:
<!-- CAS:START - Java Client Filters -->
<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
<filter-name>CasAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<!-- Include your CAS login here-->
<param-value>http://test.company.com/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<!--include your JIRA url here-->
<param-value>http://jira.company.com:8080</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasValidationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<!--Include your CAS address-->
<param-value>http://test.company.com/cas/</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<!--include your JIRA url here-->
<param-value>http://jira.company.com:8080</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!--- CAS:END -->
将上面配置放到最后一个filter配置的下面,差不多是下面这个mapping的上面:
<filter-mapping>
<filter-name>debug-before-request</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
b、mapping配置
编写下面的配置:
<!-- CAS:START - Java Client Filter Mappings -->
<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS:END -->
将上面的配置放到下面这段配置的上面
<filter-mapping>
<filter-name>login</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher> <!-- we want security/login to be applied after urlrewrites, for example -->
</filter-mapping>
c、listener配置
编写下面配置
<!-- CAS:START - Java Client Single Sign Out Listener -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- CAS:END -->
将上面配置放到Servlet Context Listeners (Executed on app startup/shutdown)
这段话的下面
三、修改seraph-config.xml文件
修改/opt/atlassian/confluence/confluence/WEB-INF/classes/seraph-config.xml文件
修改这部分内容,这段配置中没有登出的配置
<init-param>
<!--
The login URL to redirect to when the user tries to access a protected resource (rather than clicking on
an explicit login link). Most of the time, this will be the same value as 'link.login.url'.
- if the URL is absolute (contains '://'), then redirect that URL (for SSO applications)
- else the context path will be prepended to this URL
If '${originalurl}' is present in the URL, it will be replaced with the URL that the user requested.
This gives SSO login pages the chance to redirect to the original page
-->
<param-name>login.url</param-name>
<!--<param-value>/login.jsp?os_destination=${originalurl}</param-value>-->
<!--add your CAS login URL here-->
<param-value>http://test.company.com/cas/login?service=http://jira.company.com:8080</param-value>
</init-param>
<init-param>
<!--
the URL to redirect to when the user explicitly clicks on a login link (rather than being redirected after
trying to access a protected resource). Most of the time, this will be the same value as 'login.url'.
- same properties as login.url above
-->
<param-name>link.login.url</param-name>
<!--<param-value>/login.jsp?os_destination=${originalurl}</param-value>-->
<!--<param-value>/secure/Dashboard.jspa?os_destination=${originalurl}</param-value>-->
<!--add your CAS login URL here-->
<param-value>http://test.company.com/cas/login?service=http://jira.company.com:8080e</param-value>
</init-param>
注释authenticator
配置的部分
添加下面部分
<!--配置confluence通过cas的方式来验证服务-->
<!-- CAS:START - Java Client Confluence Authenticator -->
<authenticator class="org.jasig.cas.client.integration.atlassian.ConfluenceCasAuthenticator"/>
<!-- CAS:END -->
四、配置登出
cd /opt/atlassian/confluence/confluence/WEB-INF/lib
找到confluence-5.1.8.jar 解压 找到xwork.xml文件 修改如下:
<action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction">
<interceptor-ref name="defaultStack"/>
<!-- <result name="error" type="velocity">/logout.vm</result> -->
<!-- CAS:START - CAS Logout Redirect -->
<result name="success" type="redirect">http://test.company.com/cas/logout?service=http://wiki.company.com:8090</result>
<!-- CAS:END -->
</action>
修改完成后到/opt/atlassian/confluence/confluence/WEB-INF/classes这个目录下。
五、重启服务
#启动服务
/opt/atlassian/confluence/bin/startup.sh
#关闭服务
/opt/atlassian/confluence/bin/shutdown.sh
#查看日志信息
tail -f -n 100 /opt/atlassian/confluence/logs/catalina.out
参考:
1、官方cas github