Table of Contents

Сервис CAS

Сервер CAS

Компиляция

casserver# wget http://developer.ja-sig.org/maven2/org/jasig/cas/cas-server-support-radius/3.5.2/cas-server-support-radius-3.5.2.jar

casserver# tar -xvzf cas-server-3.5.2-release.tar.gz

casserver# cd cas-server-3.5.2/cas-server-webapp/

casserver:~/cas-server-3.5.2/cas-server-webapp# find . -name '*,v'
./src/main/webapp/WEB-INF/cas.properties,v
./src/main/webapp/WEB-INF/deployerConfigContext.xml,v
./pom.xml,v
casserver:~/cas-server-3.5.2/cas-server-webapp# mvn clean package

Смотрим на ошибки компиляции и для каждой выполняем примерно следующее:

# wget  http://developer.ja-sig.org/maven2/org/jasig/parent/jasig-parent/39/jasig-parent-39.pom

# mv jasig-parent-39.pom /root/.m2/repository/org/jasig/parent/jasig-parent/39/jasig-parent-39.pom
...

Привязка серификата к Tomcat

casserver# cat int.geotrust.crt /etc/ssl/certs/ca-certificates.crt > int.crt

casserver# openssl pkcs12 -export -chain -inkey bmstu.ru.clkey -in bmstu.ru.crt -name "tomcat" -CAfile int.crt -out bmstu.ru_int.p12

casserver# keytool -importkeystore -srckeystore bmstu.ru_int.p12 -srcstoretype PKCS12 -alias tomcat -keystore /usr/share/tomcat7/.keystore

casserver# keytool -list -v -keystore /usr/share/tomcat7/.keystore
casclient# openssl s_client -showcerts -CAfile /etc/ssl/certs/ca-certificates.crt -connect proxy.bmstu.ru:8443

casserver# cat /etc/tomcat7/server.xml
...
    <Connector port="8443"
...
                ciphers="SSL_RSA_WITH_RC4_128_SHA"
...

Клиент CAS

Ubuntu 16.04

http://casval.bmstu.ru/test.cgi

# apt install libapache2-mod-auth-cas


# cat /etc/apache2/mods-available/auth_cas.conf
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://proxy.bmstu.ru:8443/cas/login
CASValidateURL https://proxy.bmstu.ru:8443/cas/serviceValidate


# a2enmod auth_cas


# cat /etc/apache2/sites-available/casval.conf
<VirtualHost *:80>
     ServerName casval.bmstu.ru
     DocumentRoot /home/val/casval/
     <Directory /home/val/casval/>
         Options ExecCGI Indexes FollowSymLinks
         AddHandler cgi-script .cgi
         Authtype CAS
         Require valid-user
     </Directory>
</VirtualHost>


# a2ensite casval


root@val:~# cat /home/val/casval/test.cgi
#!/bin/sh
echo Content-type: text/plain
echo
env

Ubuntu 12.04

casclient# apt-get install libapache2-mod-auth-cas

casclient# a2enmod auth_cas

casclient# cp int.geotrust.crt /etc/ssl/certs/
casclient# cp bmstu.ru.crt /etc/ssl/certs/
casclient# c_rehash /etc/ssl/certs/

casclient# cat /etc/apache2/mods-enabled/auth_cas.conf
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASCertificatePath /etc/ssl/certs/
CASLoginURL https://proxy.bmstu.ru:8443/cas/login
CASValidateURL https://proxy.bmstu.ru:8443/cas/serviceValidate
CASAllowWildcardCert On

FreeBSD 10.1

casclient# pkg install ap24-mod_auth_cas

casclient# cat /usr/local/etc/apache24/Includes/auth_cas.conf
LoadModule auth_cas_module    libexec/apache24/mod_auth_cas.so
CASCookiePath   /tmp/
CASLoginURL https://proxy.bmstu.ru:8443/cas/login
CASValidateURL https://proxy.bmstu.ru:8443/cas/serviceValidate
CASAllowWildcardCert On
CASCertificatePath /usr/local/share/certs/

Настройка аутентификации

# cat default

# cat default-ssl
...
        <Directory "/.../cgi-bin">
...
                Order allow,deny
                Allow from all
                AuthType CAS
                AuthName "TEST CAS AUTH"
                Require valid-user
        </Directory>
...