Recently, the project is relatively large, there are many subsystems, and there is a need to use single sign-on, so I use cas serive
Integration steps:
You can download cas-server directly and run it.
The steps are roughly as follows:
1. Run the cas-server service2
. Let the cas-server authenticate through jdbc3
. Modify the login page
of the cas-server4. Integrate the business system with the cas-client
A concise tutorial on implementing SSO using CAS
The principle of single sign-on is to intercept the URL you set and jump to the CAS SERVER login page you specify. When you log in successfully, take TICKET and return to the URL you opened. Then you can have one vote in hand and unimpeded.
Description: cas-server: Version 4.0.0 has been directly provided by the previous version 3.x
However, after 4 and 5, the war package is not provided at the beginning, and you need to use the tools on the official website to make a war package; (maven and gradle) are supported, two tools
cas 5.x starts to use spring boot and it is completely different from before.
Learning Materials - Apereo CAS 5.0
Error: Failed to identify target 'ST-11-b5ol1MCscnxEXXrNxTgp-cas01.example.org' ticket stub
The ticket has expired . Solve the problem of TicketValidationException when the CAS client validates the ST ticket
Request login; verify ticket; login successful;
Log in to the client, redirect 302 to serve
http://xx.com:82/cas/login?service=http://xx.com:82/safety/shiro-cas
http://xx.com:82/safety/shiro-cas?ticket=ST-12-FE3tWTyKbvkqda3V4MIq-cas01.example.org
Status code 302 indicates that the resource was redirected to a new address:
For the pit I encountered, both the cas client and the cas server were configured, but different systems still could not log in and log out at the same time. As a result, the reason for the error was:
http://www.baidu.com and http://baidu.com are different;
cas 3.0/4.0 learning:
1: Default account password cas/cas, account and password are the same, processing class SimpleTestUsernamePasswordAuthenticationHandler
2:
<!--dazer Duan Dazhi removes the original authentication login processor -->
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
<!--dazer start -->
<bean id="testAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"/>
<bean id="databaseAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource"/>
<property name="sql" value="select ac.password from account_info ai,account_credential ac where ai.username=? and ai.id=ac.account_id"/>
<property name="passwordEncoder" ref="md5PasswordEncoder"/>
</bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName"><value>oracle.jdbc.OracleDriver</value></property>
<property name="url"><value>jdbc:oracle:thin:@121.196.194.52:1521:orcl</value></property>
<property name="username"><value>CBL_OA</value></property>
<property name="password"><value>W1Q2W3E4R5T88cbl</value></property>
</bean>
<bean id="md5PasswordEncoder" class="demo.CustomPasswordEncoder"/>
<!--dazer end -->
See screenshot for details:
http://blog.csdn.net/matthewei6/article/details/50709252 Single sign-on cas FAQ series - continuous update