本文介绍如何通过整合Liferay Portal与CAS Server来实现单点登录(SSO)功能。主要内容包括配置CAS Server、安装CAS Client、设置数字签名、配置Liferay Portal以及测试SSO流程。
Lieferay和web项目中整合Liferay CAS server建立SSO,针对4.3版本进行如下操作
1、设置CAS server
首先下载cas-server WAR包,并将cas-web.war文件放入Tomcat's webapps目录下
编辑 tomcat 下的server.xml
<
Connector port
=
"
8443
"
maxHttpHeaderSize
=
"
8192
"
maxThreads
=
"
150
"
minSpareThreads
=
"
25
"
maxSpareThreads
=
"
75
"
enableLookups
=
"
false
"
disableUploadTimeout
=
"
true
"
acceptCount
=
"
100
"
scheme
=
"
https
"
secure
=
"
true
"
clientAuth
=
"
false
"
sslProtocol
=
"
TLS
"
/>
2、设置CAS client
下载cas-client-2.0.11,放至lib下
3、设置数字签名
在java环境中用使用keytool 进行设置
D:\Java\jdk1.
5
\bin
>
keytool
-
genkey
-
alias tomcat
-
keypass changeit
-
keyalg RSA 输入keystore密码: changeit 您的名字与姓氏是什么? [Unknown]: localhost 您的组织单位名称是什么? [Unknown]: 您的组织名称是什么? [Unknown]: 您所在的城市或区域名称是什么? [Unknown]: 您所在的州或省份名称是什么? [Unknown]: 该单位的两字母国家代码是什么 [Unknown]: CN
=
localhost, OU
=
Unknown, O
=
Unknown, L
=
Unknown, ST
=
Unknown, C
=
Unknown 正确吗? [否]: y
keytool -export -alias tomcat -keypass changeit -file %FILE_NAME%
keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
D:\Java\jdk1.
5
\bin
>
keytool
-
export
-
alias tomcat
-
keypass changeit
-
file c:
/
server.cart 输入keystore密码: changeit 保存在文件中的认证
<
c:
/
server.cart
>
D:\Java\jdk1.
5
\bin
>
keytool
-
import
-
alias tomcat
-
file c:
/
server.cart
-
keypass changeit
-
keystore c:
/
cacerts 输入keystore密码: changeit Owner: CN
=
localhost, OU
=
Unknown, O
=
Unknown, L
=
Unknown, ST
=
Unknown, C
=
Unknown 发照者: CN
=
localhost, OU
=
Unknown, O
=
Unknown, L
=
Unknown, ST
=
Unknown, C
=
Unknown 序号: 46d28617 有效期间: Mon Aug
27
16
:
06
:
47
CST
2007
至: Sun Nov
25
16
:
06
:
47
CST
2007
认证指纹: MD5: 0E:
27
:
55
:
74
:D0:
56
:E8:
39
:B8:0D:
58
:1E:
69
:7B:C6:C5 SHA1: AD:7F:
90
:
87
:2B:
18
:
99
:
07
:DE:A6:A8:
78
:
90
:9F:
86
:CB:
18
:A8:
67
:
03
信任这个认证? [否]: y 认证已添加至keystore中
4、设置Liferay Portal
<
filter
>
<
filter
-
name
>
CAS Filter
</
filter
-
name
>
<
filter
-
class
>
edu.yale.its.tp.cas.client.filter.CASFilter
</
filter
-
class
>
<
init
-
param
>
<
param
-
name
>
edu.yale.its.tp.cas.client.filter.loginUrl
</
param
-
name
>
<
param
-
value
>
https:
//
localhost:8443/cas-web/login</param-value>
</
init
-
param
>
<
init
-
param
>
<
param
-
name
>
edu.yale.its.tp.cas.client.filter.validateUrl
</
param
-
name
>
<
param
-
value
>
https:
//
localhost:8443/cas-web/proxyValidate</param-value>
</
init
-
param
>
<
init
-
param
>
<
param
-
name
>
edu.yale.its.tp.cas.client.filter.serviceUrl
</
param
-
name
>
<
param
-
value
>
http:
//
localhost:8080/c/portal/login</param-value>
</
init
-
param
>
</
filter
>
5、test SSO
相关问题汇总:
http://wiki.liferay.com/index.php/Single_SignOn_-_Integrating_Liferay_With_CAS_Server#Instructions_for_Liferay_4.2
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
