apereo cas开发_apereo cas 小记01--服务器搭建01

---恢复内容开始---

github repository:  apereo/cas

一,获取项目

clone该项目。

切换到5.3分支。

安装maven依赖

二,overlay 配置文件

build 项目包(注意:windows 下使用 build.cmd)

./build.sh package

此时 build/cas-resources文件夹内找到,以下两个文件 (不同的cas overlay版本,位置可能不同,根据你的实际情况,找到以下两个文件)

services/

application.properties

将其复制到当前项目的,resources下。

刚新建的项目,需要自己创建 src/main/resources    , 此时你的application.properties将会覆盖默认的application.properties来使用。

注意:

你也可以按照,官方说明中的,使用 build.sh copy 命令,将配置文件拷贝到 /etc/cas/config 中(先自己创建/etc/cas 文件夹),然后编辑 cas.properties。其配置方式和通过application.properties配置一致。

三,设置秘钥

手动指定服务器秘钥。

The CAS server uses a ticket granting cookie in the browser to maintain login state during single sign-on sessions. A client can present this cookie to CAS in lieu of primary credentials and, provided it is valid, will be authenticated. The contents of the cookie should be encrypted to protect them, and when running in a multi-node environment, all of the nodes must use the same keys. Add the following lines to etc/cas/config/cas.properties:

cas.tgc.secure=true

cas.tgc.crypto.signing.key=

cas.tgc.crypto.encryption.key=

Now visit the JSON Web Key Generator and click on the “Shared Secret” tab. Enter 512 into the “Key Size” field, select HS256 from the “Algorithm” drop-down, and click the “New Key” button. Copy the value of the k parameter from the “Key” dialog box and enter it as the value for the cas.tgc.crypto.signing.key property.

Then enter 256 into the “Key Size” field, select HS256 from the “Algorithm” drop-down, and click “New Key” again, and enter that value for the cas.tgc.crypto.encryption.key property. When finished, you should have something like this:

cas.tgc.secure=true

cas.tgc.crypto.signing.key=bMpP_eHgIsL1kz_cnxEqYo9Bb384V70eZIvWctQ5V6xTO4P6wsQjFlglD9OSQNlFdb0mT2Q1E3qXdo05_tzrjQ

cas.tgc.crypto.encryption.key=r88iOMdbRMLOkITV54kax4WgadTdzUYSBXNhOp_oqS0

CAS uses Spring Webflow to manage the authentication sequence, and this also needs to be encrypted. Add the following lines to application.properties

cas.webflow.crypto.signing.key=

cas.webflow.crypto.encryption.key=

Using the JSON Web Key Generator again (see above), generate an HS256 key of size 512 and enter it for the value of the cas.webflow.crypto.signing.key property.

Unlike the ticket granting cookie encryption key above, the encryption key for Spring WebFlow is not a JSON Web Key. Rather, it’s a randomly-generated string of 16 (by default) octets, Base64-encoded. An easy way to generate this key is to use openssl:

casdev-master# openssl rand -base64 16

Kmj1JJSPOTSiagI4gCxhUA==

casdev-master#

Enter the output from the openssl command for the value of the cas.webflow.crypto.encryption.key property. When finished, you should have something like this:

cas.webflow.crypto.signing.key= hGapVlP6pCzIUo_CCboRszQpvWFPazmyuWsBUOoWYqUQqMKw55al5c_EGH6VBtjpIVUqEAXcvLQjQ8HaVBEmDw

cas.webflow.crypto.encryption.key= Kmj1JJSPOTSiagI4gCxhUA==

四,运行服务器

./build.sh run

登录

http://localhost:8443/login

application.properties 中有管理员账号密码(   [账号]:[密码] ):

cas.authn.accept.users=casuser::Mellon

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值