Differences

This shows you the differences between two versions of the page.

--- сервис_cas [2014/07/15 14:55]
val
+++ сервис_cas [2016/11/11 10:33]
val [Привязка серификата к Tomcat]
@@ Line 1: / Line 1: @@
 ====== Сервис CAS ======
+  * [[https://wiki.jasig.org/display/casc/mod_auth_cas]]
   * [[http://www.howtoforge.com/configuring-cas-3.5.2-on-ubuntu-12.04-for-two-factor-authentication-from-wikid]]
   * [[https://wiki.jasig.org/display/CASUM/RADIUS]]
+  * [[http://mvnrepository.com/artifact/org.jasig.cas/cas-server-support-radius/4.1.0]]
+  * [[https://sonnguyen.ws/install-jasig-cas-ubuntu-14-04/https://sonnguyen.ws/install-jasig-cas-ubuntu-14-04/]]
+  * [[http://habrahabr.ru/company/tcsbank/blog/142407/|Единая авторизация (SSO) средствами JASIG CAS. Часть 1]]
+  * [[http://jasig.github.io/cas/4.1.x/protocol/OpenID-Protocol.html]]
+===== Сервер CAS =====
+==== Компиляция ====
+<code>
+casserver# wget http://developer.ja-sig.org/maven2/org/jasig/cas/cas-server-support-radius/3.5.2/cas-server-support-radius-3.5.2.jar
+casserver# tar -xvzf cas-server-3.5.2-release.tar.gz
+casserver# cd cas-server-3.5.2/cas-server-webapp/
+casserver:~/cas-server-3.5.2/cas-server-webapp# find . -name '*,v'
+</code><code>
+./src/main/webapp/WEB-INF/cas.properties,v
+./src/main/webapp/WEB-INF/deployerConfigContext.xml,v
+./pom.xml,v
+</code><code>
+casserver:~/cas-server-3.5.2/cas-server-webapp# mvn clean package
+</code>
+Смотрим на ошибки компиляции и для каждой выполняем примерно следующее:
+<code>
+# wget  http://developer.ja-sig.org/maven2/org/jasig/parent/jasig-parent/39/jasig-parent-39.pom
+# mv jasig-parent-39.pom /root/.m2/repository/org/jasig/parent/jasig-parent/39/jasig-parent-39.pom
+...
+</code>
+==== Привязка серификата к Tomcat ====
+  * !!! Пароли на PKCS12 и на keystore должны совпадать !!!
+<code>
+casserver# cat int.geotrust.crt /etc/ssl/certs/ca-certificates.crt > int.crt
+casserver# openssl pkcs12 -export -chain -inkey bmstu.ru.clkey -in bmstu.ru.crt -name "tomcat" -CAfile int.crt -out bmstu.ru_int.p12
+casserver# keytool -importkeystore -srckeystore bmstu.ru_int.p12 -srcstoretype PKCS12 -alias tomcat -keystore /usr/share/tomcat7/.keystore
+casserver# keytool -list -v -keystore /usr/share/tomcat7/.keystore
+</code>
+  * Проблема с сертификатами в Tomcat [[http://georgik.sinusgear.com/2012/02/19/tomcat-7-and-curl-ssl23_get_server_hellotlsv1-alert-internal-error/comment-page-1/]]
+<code>
+casclient# openssl s_client -showcerts -CAfile /etc/ssl/certs/ca-certificates.crt -connect proxy.bmstu.ru:8443
+casserver# cat /etc/tomcat7/server.xml
+</code><code>
+...
+    <Connector port="8443"
+...
+                ciphers="SSL_RSA_WITH_RC4_128_SHA"
+...
+</code>
+===== Клиент CAS (Ubuntu 12.04) =====
+<code>
+casclient# apt-get install libapache2-mod-auth-cas
+casclient# a2enmod auth_cas
+casclient# cp int.geotrust.crt /etc/ssl/certs/
+casclient# cp bmstu.ru.crt /etc/ssl/certs/
+casclient# c_rehash /etc/ssl/certs/
+casclient# cat /etc/apache2/mods-enabled/auth_cas.conf
+</code><code>
+CASCookiePath /var/cache/apache2/mod_auth_cas/
+CASCertificatePath /etc/ssl/certs/
+CASLoginURL https://proxy.bmstu.ru:8443/cas/login
+CASValidateURL https://proxy.bmstu.ru:8443/cas/serviceValidate
+CASAllowWildcardCert On
+</code>
+===== Клиент CAS (FreeBSD 10.1) =====
+<code>
+casclient# pkg install ap24-mod_auth_cas
+casclient# cat /usr/local/etc/apache24/Includes/auth_cas.conf
+</code><code>
+LoadModule auth_cas_module    libexec/apache24/mod_auth_cas.so
+CASCookiePath   /tmp/
+CASLoginURL https://proxy.bmstu.ru:8443/cas/login
+CASValidateURL https://proxy.bmstu.ru:8443/cas/serviceValidate
+CASAllowWildcardCert On
+CASCertificatePath /usr/local/share/certs/
+</code>
+===== Настройка Аутенитификации =====
+<code>
+# cat default
+# cat default-ssl
+</code><code>
+...
+        <Directory "/.../cgi-bin">
+...
+                Order allow,deny
+                Allow from all
+                AuthType CAS
+                AuthName "TEST CAS AUTH"
+                Require valid-user
+        </Directory>
+...
+</code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools