====== Сервис CAS ======
* [[https://wiki.jasig.org/display/casc/mod_auth_cas]]
* [[http://www.howtoforge.com/configuring-cas-3.5.2-on-ubuntu-12.04-for-two-factor-authentication-from-wikid]]
* [[https://wiki.jasig.org/display/CASUM/RADIUS]]
* [[http://mvnrepository.com/artifact/org.jasig.cas/cas-server-support-radius/4.1.0]]
* [[https://sonnguyen.ws/install-jasig-cas-ubuntu-14-04/https://sonnguyen.ws/install-jasig-cas-ubuntu-14-04/]]
* [[http://habrahabr.ru/company/tcsbank/blog/142407/|Единая авторизация (SSO) средствами JASIG CAS. Часть 1]]
* [[http://jasig.github.io/cas/4.1.x/protocol/OpenID-Protocol.html]]
===== Сервер CAS =====
==== Компиляция ====
casserver# wget http://developer.ja-sig.org/maven2/org/jasig/cas/cas-server-support-radius/3.5.2/cas-server-support-radius-3.5.2.jar
casserver# tar -xvzf cas-server-3.5.2-release.tar.gz
casserver# cd cas-server-3.5.2/cas-server-webapp/
casserver:~/cas-server-3.5.2/cas-server-webapp# find . -name '*,v'
./src/main/webapp/WEB-INF/cas.properties,v
./src/main/webapp/WEB-INF/deployerConfigContext.xml,v
./pom.xml,v
casserver:~/cas-server-3.5.2/cas-server-webapp# mvn clean package
Смотрим на ошибки компиляции и для каждой выполняем примерно следующее:
# wget http://developer.ja-sig.org/maven2/org/jasig/parent/jasig-parent/39/jasig-parent-39.pom
# mv jasig-parent-39.pom /root/.m2/repository/org/jasig/parent/jasig-parent/39/jasig-parent-39.pom
...
==== Привязка серификата к Tomcat ====
* !!! Пароли на PKCS12 и на keystore должны совпадать !!!
casserver# cat int.geotrust.crt /etc/ssl/certs/ca-certificates.crt > int.crt
casserver# openssl pkcs12 -export -chain -inkey bmstu.ru.clkey -in bmstu.ru.crt -name "tomcat" -CAfile int.crt -out bmstu.ru_int.p12
casserver# keytool -importkeystore -srckeystore bmstu.ru_int.p12 -srcstoretype PKCS12 -alias tomcat -keystore /usr/share/tomcat7/.keystore
casserver# keytool -list -v -keystore /usr/share/tomcat7/.keystore
* Проблема с сертификатами в Tomcat [[http://georgik.sinusgear.com/2012/02/19/tomcat-7-and-curl-ssl23_get_server_hellotlsv1-alert-internal-error/comment-page-1/]]
casclient# openssl s_client -showcerts -CAfile /etc/ssl/certs/ca-certificates.crt -connect proxy.bmstu.ru:8443
casserver# cat /etc/tomcat7/server.xml
...
===== Клиент CAS =====
==== Ubuntu 16.04 ====
http://casval.bmstu.ru/test.cgi
# apt install libapache2-mod-auth-cas
# cat /etc/apache2/mods-available/auth_cas.conf
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://proxy.bmstu.ru:8443/cas/login
CASValidateURL https://proxy.bmstu.ru:8443/cas/serviceValidate
# a2enmod auth_cas
# cat /etc/apache2/sites-available/casval.conf
ServerName casval.bmstu.ru
DocumentRoot /home/val/casval/
Options ExecCGI Indexes FollowSymLinks
AddHandler cgi-script .cgi
Authtype CAS
Require valid-user
# a2ensite casval
root@val:~# cat /home/val/casval/test.cgi
#!/bin/sh
echo Content-type: text/plain
echo
env
==== Ubuntu 12.04 ====
casclient# apt-get install libapache2-mod-auth-cas
casclient# a2enmod auth_cas
casclient# cp int.geotrust.crt /etc/ssl/certs/
casclient# cp bmstu.ru.crt /etc/ssl/certs/
casclient# c_rehash /etc/ssl/certs/
casclient# cat /etc/apache2/mods-enabled/auth_cas.conf
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASCertificatePath /etc/ssl/certs/
CASLoginURL https://proxy.bmstu.ru:8443/cas/login
CASValidateURL https://proxy.bmstu.ru:8443/cas/serviceValidate
CASAllowWildcardCert On
==== FreeBSD 10.1 ====
casclient# pkg install ap24-mod_auth_cas
casclient# cat /usr/local/etc/apache24/Includes/auth_cas.conf
LoadModule auth_cas_module libexec/apache24/mod_auth_cas.so
CASCookiePath /tmp/
CASLoginURL https://proxy.bmstu.ru:8443/cas/login
CASValidateURL https://proxy.bmstu.ru:8443/cas/serviceValidate
CASAllowWildcardCert On
CASCertificatePath /usr/local/share/certs/
==== Настройка аутентификации ====
# cat default
# cat default-ssl
...
...
Order allow,deny
Allow from all
AuthType CAS
AuthName "TEST CAS AUTH"
Require valid-user
...