---恢复内容开始---
github repository: apereo/cas
一,获取项目
链接:https://github.com/apereo/cas-overlay-template
- clone该项目。
- 切换到5.3分支。
- 安装maven依赖
二,overlay 配置文件
build 项目包 (注意:windows 下使用 build.cmd)
./build.sh package
此时 build/cas-resources 文件夹内找到,以下两个文件 (不同的cas overlay版本,位置可能不同,根据你的实际情况,找到以下两个文件)
services/ application.properties
将其复制到当前项目的,resources下。
刚新建的项目,需要自己创建 src/main/resources , 此时你的application.properties将会覆盖默认的application.properties来使用。
注意:
你也可以按照,官方说明中的,使用 build.sh copy 命令,将配置文件拷贝到 /etc/cas/config 中(先自己创建/etc/cas 文件夹),然后编辑 cas.properties。其配置方式和通过application.properties配置一致。
三,设置秘钥
手动指定服务器秘钥。
The CAS server uses a ticket granting cookie in the browser to maintain login state during single sign-on sessions. A client can present this cookie to CAS in lieu of primary credentials and, provided it is valid, will be authenticated. The contents of the cookie should be encrypted to protect them, and when running in a multi-node environment, all of the nodes must use the same keys. Add the following lines to etc/cas/config/cas.properties
:
cas.tgc.secure=true
cas.tgc.crypto.signing.key=
cas.tgc.crypto.encryption.key=
Now visit the JSON Web Key Generator and click on the “Shared Secret” tab. Enter 512
into the “Key Size” field, select HS256
from the “Algorithm” drop-down, and click the “New Key” button. Copy the value of the k
parameter from the “Key” dialog box and enter it as the value for the cas.tgc.crypto.signing.key
property.
Then enter 256
into the “Key Size” field, select HS256
from the “Algorithm” drop-down, and click “New Key” again, and enter that value for the cas.tgc.crypto.encryption.key
property. When finished, you should have something like this:
cas.tgc.secure=true
cas.tgc.crypto.signing.key=bMpP_eHgIsL1kz_cnxEqYo9Bb384V70eZIvWctQ5V6xTO4P6wsQjFlglD9OSQNlFdb0mT2Q1E3qXdo05_tzrjQ
cas.tgc.crypto.encryption.key=r88iOMdbRMLOkITV54kax4WgadTdzUYSBXNhOp_oqS0
CAS uses Spring Webflow to manage the authentication sequence, and this also needs to be encrypted. Add the following lines to application.properties
cas.webflow.crypto.signing.key=
cas.webflow.crypto.encryption.key=
Using the JSON Web Key Generator again (see above), generate an HS256
key of size 512
and enter it for the value of the cas.webflow.crypto.signing.key
property.
Unlike the ticket granting cookie encryption key above, the encryption key for Spring WebFlow is not a JSON Web Key. Rather, it’s a randomly-generated string of 16 (by default) octets, Base64-encoded. An easy way to generate this key is to use openssl
:
casdev-master# openssl rand -base64 16
Kmj1JJSPOTSiagI4gCxhUA==
casdev-master#
Enter the output from the openssl
command for the value of the cas.webflow.crypto.encryption.key
property. When finished, you should have something like this:
cas.webflow.crypto.signing.key= hGapVlP6pCzIUo_CCboRszQpvWFPazmyuWsBUOoWYqUQqMKw55al5c_EGH6VBtjpIVUqEAXcvLQjQ8HaVBEmDw
cas.webflow.crypto.encryption.key= Kmj1JJSPOTSiagI4gCxhUA==
四,运行服务器
./build.sh run
登录
http://localhost:8443/login
application.properties 中有管理员账号密码( [账号]:[密码] ):
cas.authn.accept.users=casuser::Mellon