1.拿到域名和密钥
2.将单点登录程序改为https
只修改tomcat/conf下的server.xml
开始是这么修改的,虽然单独也能登录成功,但是和其他系统一起用的时候报403的错误。
<Connector port="6120" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/data01/Inspur/apps/datam_1124/cer/你的证书.pfx"
keystoreType="PKCS12"
keystorePass="你的密码"
clientAuth="false" sslProtocol="TLS" />
正确方式:
单点登录用jdk生成密钥:https://blog.csdn.net/qqnbsp/article/details/89182793
nginx映射域名地址到单独登录地址:https://ip:port/
3.将业务系统改为https(关键)
<Connector port="9004" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/data01/Inspur/apps/datam_1124/cer/你的证书.pfx"
keystoreType="PKCS12"
keystorePass="你的密码"
clientAuth="false" sslProtocol="TLS" />
单点登录地址配置:
<context-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://inspursso:6120</param-value>
</context-param>-->
<!-- 统一认证登陆地址 -->
<context-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sj.cmdi.chinamobile.com:10040/login</param-value>
</context-param>