（原创）LDAP与CAS单点登录集成

最新推荐文章于 2025-07-07 09:42:17 发布

原创最新推荐文章于 2025-07-07 09:42:17 发布 · 7.2k 阅读

3 ·

CC 4.0 BY-SA版权

文章标签：

#bean #credentials #class #list #system #object

单点登录专栏收录该内容

2 篇文章

订阅专栏

本文介绍如何配置CAS使用LDAP作为认证源，并详细展示了deployerConfigContext-ldap.xml配置文件的内容。文章通过对比不同搜索基节点的影响，揭示了多账户认证的问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

我的百度空间中也可以访问到这些文章：hi.baidu.com/five00

编写CAS的配置文件deployerConfigContext-ldap.xml，这里配置了关于Ldap认证源的各种信息，代码如下：

<? xml version = "1.0" encoding = "UTF-8" ?>

<! DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd" >

< beans >

< bean id = "authenticationManager" class = "org.jasig.cas.authentication.AuthenticationManagerImpl" >

< property name = "credentialsToPrincipalResolvers" >

< list >

< bean

class = "org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />

< bean

class = "org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />

</ list >

</ property >

< property name = "authenticationHandlers" >

< list >

< bean class = "org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />

< bean class = "org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >

< property name = "filter" value = "uid=%u" />

< property name = "searchBase" value = "ou=People,ou=rootOrg,o=sevenSeas" />

< property name = "contextSource" ref = "contextSource" />

</ bean >

</ list >

</ property >

</ bean >

< bean id = "contextSource" class = "org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource" >

< property name = "password" value = "secret" />

< property name = "pooled" value = "true" />

< property name = "urls" >

< list >

< value > ldap://localhost:10389/ </ value >

</ list >

</ property >

<!— 管理员 -->

< property name = "userName" value = "uid=admin,ou=system" />

< property name = "baseEnvironmentProperties" >

< map >

< entry >

< key >< value > java.naming.security.authentication </ value ></ key >

< value > simple </ value >

</ entry >

</ map >

</ property >

</ bean >

</ beans >

如果使用 ou=People,ou=rootOrg,o=sevenSeas 节点，如第7章的图所示，输出日志信息为：

[DEBUG] 2007-12-20 13:28:51,675 org.jasig.cas.web.flow.AuthenticationViaFormAction - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow

[DEBUG] 2007-12-20 13:28:51,675 org.jasig.cas.CentralAuthenticationServiceImpl - Attempting to create TicketGrantingTicket for admin

username is [admin]

password is [secret]

[DEBUG] 2007-12-20 13:28:51,722 org.springframework.ldap.support.LdapContextSource - Principal: 'uid=admin,ou=system'

[DEBUG] 2007-12-20 13:28:52,113 org.springframework.ldap.support.LdapContextSource - Got Ldap context on server 'ldap://localhost:10389/'

cns is [[cn=admin]]

cns.isEmpty() is [false]

cns.size() is [1]

!this.allowMultipleAccounts is [true]

这是日志信息显示只有一个cn=admin的用户，可以进行Ldap认证。

如果将节点改为o=sevenSeas的话，如图：

以sevenSeas为基节点

再次验证日志信息会出现如下显示：

[DEBUG] 2007-12-20 13:43:56,347 org.jasig.cas.web.flow.AuthenticationViaFormAction - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow

[DEBUG] 2007-12-20 13:43:56,347 org.jasig.cas.CentralAuthenticationServiceImpl - Attempting to create TicketGrantingTicket for admin

username is [admin]

password is [secret]

[DEBUG] 2007-12-20 13:43:56,363 org.springframework.ldap.support.LdapContextSource - Principal: 'uid=admin,ou=system'

[DEBUG] 2007-12-20 13:43:56,394 org.springframework.ldap.support.LdapContextSource - Got Ldap context on server 'ldap://localhost:10389/'

cns is [[cn=admin,ou=Roles,ou=rootOrg, cn=admin,ou=People,ou=rootOrg]]

cns.isEmpty() is [false]

cns.size() is [2]

!this.allowMultipleAccounts is [true]

这时我们看到people和role节点下面都有cn=admin，这时候 allowMultipleAccounts 的值为 true ，意味着当前有多歌同名帐号，系统不知道该选择哪个，所以会验证失败。这是需要注意的地方。v