原本主要详细是介绍CAS和LDAP整合实现单点登陆的步骤。
1. 依《SSO之安装CAS Server》所述安装好CAS Server。
2. 安装ApacheDS。安装好ApacheDS后能够用Apache Directory Studio对其进行维护。须要注意的是ApacheDS端口号是10389,默认用户uid=admin,ou=system,密码secret。
3. 创建组织架构。全部人员创建在ou=people,dc=comple,dc=com下面,第一阶是部门,再下面能够是职员,也能够是子部门。
4. 打开tomcat/webapps/cas/WEB-INF/deployerConfigContext.xml,找到以下内容:html
<!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
修改为以下:java
<!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="filter" value="cn=%u" /> <property name="searchBase" value="ou=people,dc=example,dc=com" /> <property name="contextSource" ref="contextSource" /> <property name="allowMultipleAccounts" value="true" /> </bean>
还要在最后加上contextSource定义:web
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="userDn" value="uid=admin,ou=system" /> <property name="password" value="secret" /> <property name="pooled" value="true" /> <property name="urls"> <list> <value>ldap://192.168.12.250:10389</value> </list> </property> <property name="baseEnvironmentProperties"> <map> <entry key="java.naming.security.authentication" value="simple" /> </map> </property> </bean>
5. 将cas-server-3.5.2.1-release.zip里面的modules/cas-server-support-ldap-3.5.2.1.jar复制到cas/WEB-INF/lib。下载spring-ldap-core和spring-ldap-core-tiger到cas/WEB-INF/lib,注意对当前cas server来讲,最好用1.3.2的版本。具体能够参考《Eclipse调试cas server 3.5.2.1》。spring
6. 重启tomcat,登陆cas/login测试。
注意事项:
1. CAS验证有问题时能够经过cas.log查询一下。
2. LDAP不须要uid属性,但必定须要userPassword属性。
参考:
SSO之CAS+LDAP实现单点登陆认证
SSO之CAS单点登陆实例演示
Eclipse调试cas server 3.5.2.1tomcat