CAS Single Sign [4] - Service configuration and management

• Previous: CAS cluster [3] - Custom Theme

---

• The most complete history of Cas learning finishing -yellowcong

• cas Scaffolding: https://casinitializr.herokuapp.com/

• Various versions of the template: https://github.com/apereo/cas-overlay-template

Service configuration and management

First, we need to understand what the concept of Service of the CAS is that
we explained in the first quarter in the CAS system, divided into three parts,

• User、
• Web applications,
• SSO authentication center.

User is what we ordinary users, Web applications that need to access the SSOapplication certification center is here Service, SSO and authentication center is the CAS server.

CAS is simply divided Server with ClientAnd S ervicerefers to a plurality of specificThe client (CAS Clients)。

• And here's the Service Management (Service Management)It is:
  CAS CAS server service management tools allow administrators to declare and what services (Service, CAS client) configuration can use CAS in what areas.
  Core Component Services administrative tool isService RegistryIt stores one or more registration services.

Next introduce our first knowledge --Service configuration!

A, Service Configuration

We have just mentioned in the CAS, clothesService management tools in the service registry which stores one or more registration service, Which contains the various ServiceMetadata behaviorBy configuring these data we can control these Service of 行为.

Mainly 行为including some points:

• Authorized service - control which services can participate in the CAS SSO session.
• Forced authenticate card - provides management control to enforce authentication.
• Properties Releases - to provide for the service user details for authorization and personalization .
• Acting control - by granting / refusal proxy authentication features to further limit the authorization service.
• Theme control - defined for a specific service spare CAS theme .

In the Serviceconfiguration properties includes the following information:

The figure describes some common configuration items in the Service for the meaning of each configuration property can refer to specific documentation, service configuration .

In these configurations, the more frequently used are:

• Service Access Policy - ( access Strategy), you can view specific: service policy configuration .

• Service Configuration Properties - ( properties), specific view: service property configuration .

• Service Expiration Policy - ( expirationPolicy), specific view: service expiration configuration .

After the configuration information for CAS metadata have a general understanding, we need to configure their storage ,, here Service offers a variety of storage solutions.

Recommended to use JSON, YAML, MongoDb, Redis, JPA to store this in several ways to use here will also be used to introduce this in several ways.

1、JSON

This is also the wayCAS to use the default initializationThe registry service definition reads from JSON configuration file in the application context initialization, expect to find in a JSON file directory location configuration.

First add dependencies:

<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-json-service-registry</artifactId>
    <version>${cas.version}</version>
</dependency>

In the resources/servicesfolder below the new web-10000001.json, as follows:

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https|imaps|http)://.*",
  "name" : "web",
  "id" : 10000001,
  "evaluationOrder" : 10
}

Note: Json file name for the rule ${name}-${id}.json, id must be the same as Json Json content files.

Json document explains:

• @class:
  Necessary for the org.apereo.cas.services.RegisteredServiceimplementation class, other attributes a jsonreflecting object
  commonly used RegexRegisteredService, matching strategy idofRegular Expressions
• serviceId :only 服务 id
• name : Service name, will be displayed in the default login page
• id : Globally unique identifier (Need to match the file name）
• description : Service description, will appear in the default login page
• evaluationOrder : Sequential execution time for the match, preferably greater than 1 digital

Because CAS服务, the default is to provide a default Service配置项, so if you add Json配置did not work, you can try commenting out the default startup Jsonin pom.xmlconfiguration files inside,

as follows:

Then add the configuration in the configuration file application.properties:

##
# Service Registry(服务注册)
#
# 开启识别Json文件，默认false
cas.serviceRegistry.initFromJson=true

#自动扫描服务配置，默认开启
#cas.serviceRegistry.watcherEnabled=true

#120秒扫描一遍
cas.serviceRegistry.schedule.repeatInterval=120000

#延迟15秒开启
# cas.serviceRegistry.schedule.startDelay=15000



##
# Json配置
cas.serviceRegistry.json.location=classpath:/services

Start the service, we can find the next war package Json commented after initialization, by default only started a Json, we can find in the console boot log:

Without comment, the default will be loaded with two service configuration.

Enter a specific address https://sso.anumbrella.net:8443/cas/login?service=http://localhost:9080/sample, log in, enter your user name, password success! And then jump to a http: // localhost: 9080 / sample ticket = address xxxxxxxxxxxxxx of?.