CAS 5.3.2 集成OAUTH2.0

CAS 5.3.2 集成OAUTH2.0

  1. 基于cas-overlay-template-5.3来构建war包,在pom.xml增加:
		<dependency>
			<groupId>org.apereo.cas</groupId>
			<artifactId>cas-server-support-oauth-webflow</artifactId>
			<version>${cas.version}</version>
		</dependency>

2.所在目录执行mvn clean package 构建war包。
3. 在C:\Windows\System32\drivers\etc\hosts增加如下配置:

127.0.0.1 cas.demo.org
  1. 在WEB-INF\classes\application.properties增加如下配置:
cas.server.name=https://cas.demo.org:8443
cas.server.prefix=https://cas.demo.org:8443/cas
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true

4.集成SSO必须用https访问,且证书必须与域名匹配,所以生成证书中的CN必须与当前域名匹配(测试发现报错unable to find valid certification path to requested target,因此证书必须是可信任的,可以在阿里云中免费申请一个数字证书)。

cd %JAVA_HOME%\bin
keytool -genkey -alias cas -keyalg RSA -keysize 2048 -keypass 123456 -storepass 123456 -keystore C:\demo.keystore -dname "CN=*.demo.org,OU=casexample.com,O=casexample,L=casexample,ST=casexample,C=CN" -deststoretype pkcs12

5.将证书demo.keystore拷贝到tomcat的conf目录下,并配置tomcat证书。

	<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="conf/demo.keystore" keystorePass="jpsoft"/>

6.在WEB-INF\classes\services中新增service-auth-all-10000003.json(注意serviceId需要与后续redirect_uri能匹配):

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "helloworld",
  "clientSecret": "123456",
  "bypassApprovalPrompt": false,
  "generateRefreshToken": false,
  "serviceId" : "^(http|https|imaps)://.*",
  "name" : "My OAuth service ",
  "id" : 10000003,
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }
}

7.启动tomcat,在浏览器中访问:
获取code:
https://cas.demo.org:8443/cas/oauth2.0/authorize?response_type=code&client_id=helloworld&redirect_uri=http://www.baidu.com

获取accessToken:
https://cas.demo.org:8443/cas/oauth2.0/accessToken?grant_type=authorization_code&client_id=helloworld&client_secret=123456&code=OC-2-3M6BedCz7TLIz0rpJUm-uLzPoFBbPOO0&redirect_uri=http://www.baidu.com
access_token=AT-1-ty4OH9pVHfZJPvcG7foejTPIFyepmxP1&expires_in=28800

获取profile:
https://cas.demo.org:8443/cas/oauth2.0/profile?access_token=AT-1-ty4OH9pVHfZJPvcG7foejTPIFyepmxP1

CAS 5.3.2 集成OAUTH2.0CAS 5.3.2 集成OAUTH2.0 tomatozq 发布了38 篇原创文章 · 获赞 4 · 访问量 19万+ 私信 关注
上一篇:防火墙双机热备实验


下一篇:Tomcat性能优化若干建议