Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
сервис_cas

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
сервис_cas [2014/07/15 14:55]
val 		сервис_cas [2019/02/11 12:06] (current)
val
Line 1: Line 1:
 ====== Сервис CAS ====== ====== Сервис CAS ======
  
 +  * [[https://​wiki.jasig.org/​display/​casc/​mod_auth_cas]]
   * [[http://​www.howtoforge.com/​configuring-cas-3.5.2-on-ubuntu-12.04-for-two-factor-authentication-from-wikid]]   * [[http://​www.howtoforge.com/​configuring-cas-3.5.2-on-ubuntu-12.04-for-two-factor-authentication-from-wikid]]
   * [[https://​wiki.jasig.org/​display/​CASUM/​RADIUS]]   * [[https://​wiki.jasig.org/​display/​CASUM/​RADIUS]]
 +  * [[http://​mvnrepository.com/​artifact/​org.jasig.cas/​cas-server-support-radius/​4.1.0]]
 +  * [[https://​sonnguyen.ws/​install-jasig-cas-ubuntu-14-04/​https://​sonnguyen.ws/​install-jasig-cas-ubuntu-14-04/​]]
 +  * [[http://​habrahabr.ru/​company/​tcsbank/​blog/​142407/​|Единая авторизация (SSO) средствами JASIG CAS. Часть 1]]
 +  * [[http://​jasig.github.io/​cas/​4.1.x/​protocol/​OpenID-Protocol.html]]
 +
 +===== Сервер CAS =====
 +
 +==== Компиляция ====
 +
 +<​code>​
 +casserver# wget http://​developer.ja-sig.org/​maven2/​org/​jasig/​cas/​cas-server-support-radius/​3.5.2/​cas-server-support-radius-3.5.2.jar
 +
 +casserver# tar -xvzf cas-server-3.5.2-release.tar.gz
 +
 +casserver# cd cas-server-3.5.2/​cas-server-webapp/​
 +
 +casserver:​~/​cas-server-3.5.2/​cas-server-webapp#​ find . -name '​*,​v'​
 +</​code><​code>​
 +./​src/​main/​webapp/​WEB-INF/​cas.properties,​v
 +./​src/​main/​webapp/​WEB-INF/​deployerConfigContext.xml,​v
 +./pom.xml,v
 +</​code><​code>​
 +casserver:​~/​cas-server-3.5.2/​cas-server-webapp#​ mvn clean package
 +</​code>​
 +Смотрим на ошибки компиляции и для каждой выполняем примерно следующее:​
 +<​code>​
 +# wget  http://​developer.ja-sig.org/​maven2/​org/​jasig/​parent/​jasig-parent/​39/​jasig-parent-39.pom
 +
 +# mv jasig-parent-39.pom /​root/​.m2/​repository/​org/​jasig/​parent/​jasig-parent/​39/​jasig-parent-39.pom
 +...
 +</​code>​
 +
 +==== Привязка серификата к Tomcat ====
 +
 +  * !!! Пароли на PKCS12 и на keystore должны совпадать !!!
 +
 +<​code>​
 +casserver# cat int.geotrust.crt /​etc/​ssl/​certs/​ca-certificates.crt > int.crt
 +
 +casserver# openssl pkcs12 -export -chain -inkey bmstu.ru.clkey -in bmstu.ru.crt -name "​tomcat"​ -CAfile int.crt -out bmstu.ru_int.p12
 +
 +casserver# keytool -importkeystore -srckeystore bmstu.ru_int.p12 -srcstoretype PKCS12 -alias tomcat -keystore /​usr/​share/​tomcat7/​.keystore
 +
 +casserver# keytool -list -v -keystore /​usr/​share/​tomcat7/​.keystore
 +</​code>​
 +
 +  * Проблема с сертификатами в Tomcat [[http://​georgik.sinusgear.com/​2012/​02/​19/​tomcat-7-and-curl-ssl23_get_server_hellotlsv1-alert-internal-error/​comment-page-1/​]]
 +
 +<​code>​
 +casclient# openssl s_client -showcerts -CAfile /​etc/​ssl/​certs/​ca-certificates.crt -connect proxy.bmstu.ru:​8443
 +
 +casserver# cat /​etc/​tomcat7/​server.xml
 +</​code><​code>​
 +...
 +    <​Connector port="​8443"​
 +...
 +                ciphers="​SSL_RSA_WITH_RC4_128_SHA"​
 +...
 +</​code>​
 +
 +===== Клиент CAS =====
 +
 +
 +==== Ubuntu 16.04 ====
 +
 +<​code>​
 +http://​casval.bmstu.ru/​test.cgi
 +
 +# apt install libapache2-mod-auth-cas
 +
 +
 +# cat /​etc/​apache2/​mods-available/​auth_cas.conf
 +CASCookiePath /​var/​cache/​apache2/​mod_auth_cas/​
 +CASLoginURL https://​proxy.bmstu.ru:​8443/​cas/​login
 +CASValidateURL https://​proxy.bmstu.ru:​8443/​cas/​serviceValidate
 +
 +
 +# a2enmod auth_cas
 +
 +
 +# cat /​etc/​apache2/​sites-available/​casval.conf
 +<​VirtualHost *:80>
 +     ​ServerName casval.bmstu.ru
 +     ​DocumentRoot /​home/​val/​casval/​
 +     <​Directory /​home/​val/​casval/>​
 +         ​Options ExecCGI Indexes FollowSymLinks
 +         ​AddHandler cgi-script .cgi
 +         ​Authtype CAS
 +         ​Require valid-user
 +     </​Directory>​
 +</​VirtualHost>​
 +
 +
 +# a2ensite casval
 +
 +
 +root@val:~# cat /​home/​val/​casval/​test.cgi
 +#!/bin/sh
 +echo Content-type:​ text/plain
 +echo
 +env
 +</​code>​
 +
 +==== Ubuntu 12.04 ====
 +
 +<​code>​
 +casclient# apt-get install libapache2-mod-auth-cas
 +
 +casclient# a2enmod auth_cas
 +
 +casclient# cp int.geotrust.crt /​etc/​ssl/​certs/​
 +casclient# cp bmstu.ru.crt /​etc/​ssl/​certs/​
 +casclient# c_rehash /​etc/​ssl/​certs/​
 +
 +casclient# cat /​etc/​apache2/​mods-enabled/​auth_cas.conf
 +</​code><​code>​
 +CASCookiePath /​var/​cache/​apache2/​mod_auth_cas/​
 +CASCertificatePath /​etc/​ssl/​certs/​
 +CASLoginURL https://​proxy.bmstu.ru:​8443/​cas/​login
 +CASValidateURL https://​proxy.bmstu.ru:​8443/​cas/​serviceValidate
 +CASAllowWildcardCert On
 +</​code>​
 +
 +==== FreeBSD 10.1 ====
 +
 +<​code>​
 +casclient# pkg install ap24-mod_auth_cas
 +
 +casclient# cat /​usr/​local/​etc/​apache24/​Includes/​auth_cas.conf
 +</​code><​code>​
 +LoadModule auth_cas_module ​   libexec/​apache24/​mod_auth_cas.so
 +CASCookiePath ​  /tmp/
 +CASLoginURL https://​proxy.bmstu.ru:​8443/​cas/​login
 +CASValidateURL https://​proxy.bmstu.ru:​8443/​cas/​serviceValidate
 +CASAllowWildcardCert On
 +CASCertificatePath /​usr/​local/​share/​certs/​
 +</​code>​
 +
 +==== Настройка аутентификации ====
 +
 +<​code>​
 +# cat default
 +
 +# cat default-ssl
 +</​code><​code>​
 +...
 +        <​Directory "/​.../​cgi-bin">​
 +...
 +                Order allow,deny
 +                Allow from all
 +                AuthType CAS
 +                AuthName "TEST CAS AUTH"
 +                Require valid-user
 +        </​Directory>​
 +...
 +</​code>​
сервис_cas.1405421709.txt.gz · Last modified: 2014/07/15 14:55 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki