CAS 5.3.2 integration OAUTH2.0
- War package constructed based cas-overlay-template-5.3, an increase in pom.xml:
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-oauth-webflow</artifactId>
<version>${cas.version}</version>
</dependency>
2. The directory execute mvn clean package build war packages.
3. In the C: \ Windows \ System32 \ drivers \ etc \ hosts to add the following configuration:
127.0.0.1 cas.demo.org
- In the WEB-INF \ classes \ application.properties add the following configuration:
cas.server.name=https://cas.demo.org:8443
cas.server.prefix=https://cas.demo.org:8443/cas
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
4. Integrated SSO be accessed with HTTPS, the certificate and the domain name must match, the CN generates the certificate must match the current domain name (the test error found unable to find valid certification path to requested target, and therefore must be trusted certificate may be Ali cloud free to apply for a digital certificate).
cd %JAVA_HOME%\bin
keytool -genkey -alias cas -keyalg RSA -keysize 2048 -keypass 123456 -storepass 123456 -keystore C:\demo.keystore -dname "CN=*.demo.org,OU=casexample.com,O=casexample,L=casexample,ST=casexample,C=CN" -deststoretype pkcs12
5. The certificate demo.keystore copied to tomcat conf directory, and the certificate tomcat configuration.
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/demo.keystore" keystorePass="jpsoft"/>
6. New service-auth-all-10000003.json the WEB-INF \ classes \ services (note need to be able to match the subsequent serviceId redirect_uri):
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "helloworld",
"clientSecret": "123456",
"bypassApprovalPrompt": false,
"generateRefreshToken": false,
"serviceId" : "^(http|https|imaps)://.*",
"name" : "My OAuth service ",
"id" : 10000003,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
7. Start tomcat, in the browser access:
acquiring code:
https://cas.demo.org:8443/cas/oauth2.0/authorize?response_type=code&client_id=helloworld&redirect_uri=http://www.baidu.com
获取accessToken:
https://cas.demo.org:8443/cas/oauth2.0/accessToken?grant_type=authorization_code&client_id=helloworld&client_secret=123456&code=OC-2-3M6BedCz7TLIz0rpJUm-uLzPoFBbPOO0&redirect_uri=http://www.baidu.com
access_token=AT-1-ty4OH9pVHfZJPvcG7foejTPIFyepmxP1&expires_in=28800
Get Profile:
https://cas.demo.org:8443/cas/oauth2.0/profile?access_token=AT-1-ty4OH9pVHfZJPvcG7foejTPIFyepmxP1