cas 去掉证书（跳转不到登录界面）

最新推荐文章于 2021-07-29 18:33:56 发布

那个id是什么东西

最新推荐文章于 2021-07-29 18:33:56 发布

阅读量1k

点赞数

分类专栏： cas

本文链接：https://blog.csdn.net/qq_36666181/article/details/90751119

版权

在尝试将CAS服务器的证书移除后，发现在本地能够正常运行，但服务器上客户端虽然能跳转到服务端，却无法显示登录界面。通过检查sso-server，发现问题可能出在这里。解决步骤包括：在sso-config中修改serviceId为http开头，以及在Linux上的tomcat server.xml文件中调整端口配置。原本8443端口因证书被注释，改为使用8443以匹配内外网映射，若无映射问题，可选择其他端口号。确保客户端跳转地址的端口号与tomcat配置一致。

摘要由CSDN通过智能技术生成

背景：之前的cas一直是有证书的，但是有证书的项目可迁移性太差，所以去掉证书。但是证书去掉了，我本地可以运行，服务器上客户端可以跳转到服务端，但是不出来登录界面。我尝试着访问sso-config里自己写的页面，可以访问。但是登录界面在sso-server里，访问失败。

由此可以确定，问题出在sso-server中。

先看如何去掉cas 的证书：

1.sso-config中，找到

server.ssl.enabled 将这个设置成false

2. servicedId 中添加http

3.把一些跳转链接从https改成http

基本上这样改完就可以了，我本地也可以了，但是在linux上，由于之前有证书，所以我在tomcat的server.xml文件里设置过一些配置，先看之前的：

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one