1. Because it is a local simulated sso environment, and the sso environment test requires a domain name, it is necessary to virtualize several domain names. The steps are as follows:
2. Enter the directory C:\Windows\System32\drivers\etc
3. Modify the hosts file
127.0.0.1 jeesz.cn
127.0.0.1 sso1.jeesz.cn
127.0.0.1 sso2.jeesz.cn
4. Generate an authentication certificate
Note: We can see from the architecture diagram of sso single sign-on that authentication is required when the client interacts with the server. Here we use the keytool scheme in jdk to generate a certificate (generally formal environment, use formal Certificate issued by the agency, you can go to buy)
(1) Create a caskey directory, such as: D:\sso-cas\caskey
(2) Open the command window of cmd:
(3) Enter the installation directory of jdk bin
(4) Use keytool -genkey -alias mycacerts -keyalg RSA -keystore D: / sso-cas / cascade / keycard Generated key
Note: Enter the relevant information to generate the certificate. The first name and last name use your domain name, keep the same as the mapped domain name in the C:\Windows\System32\drivers\etc\hosts file, be careful not to write IP.
The password I use here is minglisoft (remember this, it will be used later)
The first name and last name are jeesz.cn (corresponding to the domain name configuration in the host)
(5) Use the command keytool -export -file D:/sso-cas/caskey/keycard.crt -alias mycacerts -keystore D:/sso-cas/caskey/keycard to export the certificate:
Note: The password is minglisoft
(6) Import the certificate into the JDK installation directory
Keytool -import -keystore C:/"Program Files"/Java/jdk1.8.0_131/jre/lib/security/cacerts -file D:/sso-cas/caskey/keycard.crt -alias mycacerts
Note: I have helped to generate it, and finally copy cacerts to the C:\Program Files\Java\jdk1.8.0_131\jre\lib\security directory
Note the password: minglisoft
5. Prepare the tomcat container on the server side. Here we use tomcat8 for testing (first ensure that tomcat can run after it is started), as follows:
6. Modify the server.xml file as follows:
Note: The authentication method of https is used here. You need to release this configuration and make the following modifications:
<Connector
port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/sso-cas/caskey/keycard"
keystorePass="minglisoft"
/>
Note: keystoreFile="D:/sso-cas/caskey/keycard" -- certificate path
keystorePass="minglisoft" --certificate password
7. Test whether the port 8443 of https can be accessed: https://localhost:8443
Configuration is fine
8. You can configure access only through the domain name, or modify the server.xml file, and modify the configuration of localhost to jeesz.cn as follows:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Host name="jeesz.cn" appBase="webapps"
unpackWARs="true" autoDeploy="true">
Restart the tomcat container and visit the following: http://jeesz.cn:8080
9. Copy the cas-server-webapp-4.2.7.war package to the tomcat container and name it cas.war as follows:
10. Restart the tomcat container and visit cas, https://jeesz.cn:8443/cas
Default username: casuser
The default password is: Mellon
The following are all the cas sso single sign-on deliverables and source code
. Friends who need all the source code and documentation for sso single sign-on can add me Q penguin: 3377589122
The server test of this cas is successful! !