1、下载
server: http://www.ja-sig.org/downloads/cas/cas-server-3.3-release.zip
client: http://www.ja-sig.org/downloads/cas-clients/cas-client-2.0.11.zip
2、解压cas-server-3.3-release.zip后,将modules/cas-server-webapp-3.3.war修改为cas.war,拷贝到tomcat_path/webapps/下。
3、使用keytool配置web服务器的ssl支持
因为CAS服务器端需要https的支持,所以在部署的web服务器上要开启ssl支持,这样就要提供访问的证书。
创建一个批处理文件cas.bat
内容:
- keytool -delete -alias tomcatsso -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
- keytool -delete -alias tomcatsso -storepass changeit
- rem keytool -list -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit
- keytool -genkey -keyalg RSA -alias tomcatsso -dname "CN=localhost" -storepass changeit
- keytool -export -alias tomcatsso -file "%java_home%/jre/lib/security/tomcatsso.crt" -storepass changeit
- keytool -import -alias tomcatsso -file "%java_home%/jre/lib/security/tomcatsso.crt" -keystore "%java_home%/jre/lib/security/cacerts" -storepass changeit
注意:执行完后你可以查看你的系统用户目录里面会产生一个.keystore的文件,拷贝这个文件到tomcat的conf下面。
4、配置tomcat
打开conf/server.xml文件,找到<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->这行,把下面的Connector的注释去掉,开启ssl支持。
- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxHttpHeaderSize="8192"
- keystorePass="changeit" keystoreFile="conf/.keystore"
- maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
- enableLookups="false" disableUploadTimeout="true"
- acceptCount="100" scheme="https" secure="true"
- clientAuth="false" sslProtocol="TLS" />
5、启动tomcat
在浏览器中输入:http://localhost:8443/cas/login,cas的登录页面应该就出来了
https://p-blog.csdn.net/images/p_blog_csdn_net/liqiangqq/EntryImages/20080917/cas.PNG