Yale CAS 安装配置过程指导书

1、配置Maven repo mirror

可以使用如下2个链接作为Maven的镜像地址。否则，整个编译过程会因为下载超时面失败。

http://maven.oschina.net/content/groups/public/

http://mirrors.aliyun.com/

#mvn clean install -Dmaven.test.skip
#mvn eclipse:eclipse

2、配置https protocol in server.xml.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/home/cas/cas.allinone.statcks.keystore" keystorePass="cas123"
truststoreFile="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.91.x86_64/jre/lib/security/cacerts"
clientAuth="false" sslProtocol="TLS" />

3、使用 JAVA keytool to generate CA

3.1 List all CAs in system

keytool -list -v -alias cas -keystore cas.allinone.keystore
keytool -list -keystore $JAVA_HOME/lib/security/cacerts

3.2 Clear the previously CA

keytool -delete -alias cas -keystore $JAVA_HOME/lib/security/cacerts
cacerts password: changeit

3.3 Genereate the new CA

keytool -genkey -alias cas -keypass cas123 -keyalg RSA -keystore cas.njsdb.keystore

The first CN should be the value as the HOST name.

3.4 Export CA to CA files

keytool -export -alias cas -keypass cas123 -file cas.njsdb.crt -keystore cas.njsdb.keystore

3.5 Import CA file to system

On linux

keytool -import -alias cas -file cas.njsdb.crt -keystore
$JAVA_HOME/lib/security/cacerts -keypass changeit

On windows

keytool -import -alias cas -file cas.njsdb.crt -keystore %JAVA_HOME%\lib\security\cacerts -keypass changeit

4、在cas-management 中启用 casuser

At location: /home/cas/tomcat/webapps/cas-management/WEB-INF/classes, open file ‘user-detail.properties’ and uncommnet the line to let the casuser has the privilledge of ROLE_ADMIN or add a new line of your new user name.

C:\Windows\System32\drivers\etc

5、注册 CAS service.

In $CAS_HOME/tomcat/webapps/cas/WEB-INF/classes/services

add a JSON file with file name {ServiceName}-{ServiceID}.json.

For example:

iPortal-172428224375258.json

{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "^http://localhost:8080/iportal",
"name" : "iPortal",
"id" : 172428224375258,
"description" : "Apereo foundation sample service",
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"logoutType" : "BACK_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"principalAttributesRepository" : {
"@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository"
},
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : false
},
"accessStrategy" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}