The official document:
+
reference:
- Wukong _ CAS single sign-on - base to build HelloWorld (b)
- Anumbrella CAS single sign-on (two) - to build basic services
download
Scaffolding: https://casinitializr.herokuapp.com/
template: https://github.com/apereo/cas-overlay-template
I choose the version 5.3.15
https://github.com/apereo/cas-overlay-template/archive/5.3.zip
<properties>
<!--修改-->
<cas.version>5.3.15</cas.version>
...其他...
</properties>
<!--添加国内镜像源地址-->
<repository>
<id>maven-ali</id>
<url>http://maven.aliyun.com/nexus/content/groups/public//</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
<checksumPolicy>fail</checksumPolicy>
</snapshots>
</repository>
Generate a self-signed and import JDK
caspublic
$ keytool -genkey -alias caspublickey -keypass casserver -keyalg RSA -keystore thekeystore
输入密钥库口令: javacas
您的名字与姓氏是什么?
[Unknown]: sso.cas.com
您的组织单位名称是什么?
[Unknown]: com
您的组织名称是什么?
[Unknown]: cas
您所在的城市或区域名称是什么?
[Unknown]: c17
您所在的省/市/自治区名称是什么?
[Unknown]: GZ
该单位的双字母国家/地区代码是什么?
[Unknown]: CN
CN=sso.cas.com, OU=com, O=cas, L=c17, ST=GZ, C=CN是否正确?
[否]: y
Warning:
JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore thekeystore -destkeystore thekeystore -deststoretype pkcs12" 迁移到行业标准格式 PKCS12。
$ keytool -export -alias caspublickey -keystore thekeystore -rfc -file cas.crt
输入密钥库口令:javacas
存储在文件 <cas.crt> 中的证书
Warning:
JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore thekeystore -destkeystore thekeystore -deststoretype pkcs12" 迁移到行业标准格式 PKCS12。
windows :( may require administrator privileges)
$ keytool -import -alias caspublickey1 -keystore "%JAVA_HOME%\jre\lib\security\cacerts" -file cas.crt -trustcacerts -storepass changeit
所有者: CN=sso.cas.com, OU=com, O=cas, L=c17, ST=GZ, C=CN
发布者: CN=sso.cas.com, OU=com, O=cas, L=c17, ST=GZ, C=CN
序列号: 5918146d
有效期为 Thu Mar 19 08:04:35 CST 2020 至 Wed Jun 17 08:04:35 CST 2020
证书指纹:
MD5: D3:85:42:D4:BB:46:DE:BF:3C:DA:88:E7:B1:E8:44:48
SHA1: E4:7D:8D:BB:10:55:15:E3:5E:0A:18:BD:9D:92:A3:15:4B:83:31:CA
SHA256: 64:BB:1E:4D:2C:22:4E:F0:51:4F:97:EE:01:2B:11:21:B9:D9:E4:81:0C:D1:DF:51:16:72:B9:51:DF:37:BE:68
签名算法名称: SHA256withRSA
主体公共密钥算法: 2048 位 RSA 密钥
版本: 3
扩展:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 27 17 4F C8 0C 3D 40 A7 28 22 77 27 C8 15 70 74 '.O..=@.("w'..pt
0010: B0 2F 33 B7 ./3.
]
]
是否信任此证书? [否]: y
证书已添加到密钥库中
$ keytool -list -v -keystore %JAVA_HOME%\jre\lib\security\cacerts -storepass changeit
密钥库类型: jks
密钥库提供方: SUN
您的密钥库包含 1 个条目
别名: caspublickey1
创建日期: 2020-3-19
条目类型: trustedCertEntry
所有者: CN=sso.cas.com, OU=com, O=cas, L=c17, ST=GZ, C=CN
发布者: CN=sso.cas.com, OU=com, O=cas, L=c17, ST=GZ, C=CN
序列号: 5918146d
有效期为 Thu Mar 19 08:04:35 CST 2020 至 Wed Jun 17 08:04:35 CST 2020
证书指纹:
MD5: D3:85:42:D4:BB:46:DE:BF:3C:DA:88:E7:B1:E8:44:48
SHA1: E4:7D:8D:BB:10:55:15:E3:5E:0A:18:BD:9D:92:A3:15:4B:83:31:CA
SHA256: 64:BB:1E:4D:2C:22:4E:F0:51:4F:97:EE:01:2B:11:21:B9:D9:E4:81:0C:D1:DF:51:16:72:B9:51:DF:37:BE:68
签名算法名称: SHA256withRSA
主体公共密钥算法: 2048 位 RSA 密钥
版本: 3
扩展:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 27 17 4F C8 0C 3D 40 A7 28 22 77 27 C8 15 70 74 '.O..=@.("w'..pt
0010: B0 2F 33 B7 ./3.
]
]
*******************************************
*******************************************
linux/git-bash
$ keytool -import -alias caspublickey2 -keystore "$JAVA_HOME\jre\lib\security\cacerts" -file cas.crt -trustcacerts -storepass changeit
在别名 <caspublickey1> 之下, 证书已经存在于密钥库中
是否仍要添加? [否]: y
证书已添加到密钥库中
View git-bash
uu@DESKTOP-2MCTHDA MINGW64 ~
$ keytool -list -keystore "$JAVA_HOME/jre/lib/security/cacerts" -storepass changeit | grep cas
caspublickey2, 2020-3-19, trustedCertEntry,
caspublickey1, 2020-3-19, trustedCertEntry,
uu@DESKTOP-2MCTHDA MINGW64 ~
$ keytool -list -v -keystore "$JAVA_HOME/jre/lib/security/cacerts" -storepass changeit -alias caspublickey1
别名: caspublickey1
创建日期: 2020-3-19
条目类型: trustedCertEntry
所有者: CN=sso.cas.com, OU=com, O=cas, L=c17, ST=GZ, C=CN
发布者: CN=sso.cas.com, OU=com, O=cas, L=c17, ST=GZ, C=CN
序列号: 5918146d
有效期为 Thu Mar 19 08:04:35 CST 2020 至 Wed Jun 17 08:04:35 CST 2020
证书指纹:
MD5: D3:85:42:D4:BB:46:DE:BF:3C:DA:88:E7:B1:E8:44:48
SHA1: E4:7D:8D:BB:10:55:15:E3:5E:0A:18:BD:9D:92:A3:15:4B:83:31:CA
SHA256: 64:BB:1E:4D:2C:22:4E:F0:51:4F:97:EE:01:2B:11:21:B9:D9:E4:81:0C:D1:DF:51:16:72:B9:51:DF:37:BE:68
签名算法名称: SHA256withRSA
主体公共密钥算法: 2048 位 RSA 密钥
版本: 3
扩展:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 27 17 4F C8 0C 3D 40 A7 28 22 77 27 C8 15 70 74 '.O..=@.("w'..pt
0010: B0 2F 33 B7 ./3.
]
]
Modify hosts
git-bash
$ vim /c/Windows/System32/drivers/etc/hosts
Add to
127.0.0.1 sso.cas.com
test
$ ping sso.cas.com
正在 Ping sso.cas.com [127.0.0.1] 具有 32 字节的数据:
来自 127.0.0.1 的回复: 字节=32 时间<1ms TTL=128
来自 127.0.0.1 的回复: 字节=32 时间<1ms TTL=128
来自 127.0.0.1 的回复: 字节=32 时间<1ms TTL=128
来自 127.0.0.1 的回复: 字节=32 时间<1ms TTL=128
127.0.0.1 的 Ping 统计信息:
数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms
Change configuration
And other dependent downloaded
carried out
build.cmd clean package
Create a directory structure
Will be /target/cas/WEB-INF/classes
under
- application.properties - (total configuration file)
- log4j2.xml - (log configuration file)
Copy to /src/main/resources
directory
Will be /target/cas/WEB-INF/classes/META-INF
under
- spring.factories - (springboot automatically inject file)
Finally, the resulting thekeystore put /src/main/resources
under
Modify the file application.properties
Modify the file header
##
# CAS Server Context Configuration
#
server.context-path=/cas
server.port=8443
#SSL配置
server.ssl.enabled=true
server.ssl.key-store=classpath:thekeystore
server.ssl.key-store-password=javacas
server.ssl.key-password=casserver
server.ssl.keyAlias=caspublickey
Note under the tail, we are still behind the login password
run
build.cmd debug
access