接着上一篇文章 : https://blog.csdn.net/lwlfox/article/details/106838154
1.配置cas-server,將下面的配置內容放入/etc/cas/config/cas.properties文件中(一定要是這個路徑,SpringBoot也支持命令行指定配置文件,有興趣的同學可以研究)
cas.server.name=https://mycas.yourdomain.cn:7998 #使用你的域名地址,這個端口號和下面的server.port保存一致
cas.server.prefix=${cas.server.name}/cas
logging.config=file:/data/cas/log4j2.xml
logging.level.org.apereo.cas=DEBUG
endpoints.enabled=true
endpoints.sensitive=false
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
management.contextPath=/status
management.security.roles=ACTUATOR,ADMIN
endpoints.restart.enabled=true
endpoints.shutdown.enabled=true
endpoints.autoconfig.enabled=true
endpoints.beans.enabled=true
endpoints.bus.enabled=true
endpoints.configprops.enabled=true
endpoints.dump.enabled=true
endpoints.env.enabled=true
endpoints.health.enabled=true
endpoints.features.enabled=true
endpoints.info.enabled=true
endpoints.loggers.enabled=true
endpoints.logfile.enabled=true
endpoints.trace.enabled=true
endpoints.docs.enabled=true
endpoints.heapdump.enabled=true
cas.adminPagesSecurity.ip=^10\\.64\\.1\\.[0-9]{1,3}$
cas.adminPagesSecurity.loginUrl=${cas.server.prefix}/login
cas.adminPagesSecurity.service=${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=true
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.schedule.repeatInterval=120000
cas.serviceRegistry.schedule.startDelay=150000
cas.serviceRegistry.initFromJson=true
server.contextPath=/cas
server.port=7998
server.ssl.keyStore=file:/data/cas/server.keystore #這個文件是生成的新的JKS格式的阿里雲證書路徑
server.ssl.keyStorePassword=Password123! #<你的密碼>
server.ssl.keyPassword=Password123! #<你的密碼>
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
server.ssl.enabled=true
server.ssl.keyAlias=cas
server.ssl.keyStoreType=jks
server.ssl.protocol=TLS
server.maxHttpHeaderSize=2097152
server.useForwardHeaders=true
server.connectionTimeout=20000
cas.tgc.secure=true
cas.tgc.httpOnly=true
cas.tgc.rememberMeMaxAge=1209600
cas.ticket.tgt.maxTimeToLiveInSeconds=1296000
cas.ticket.tgt.timeToKillInSeconds=43200
cas.ticket.tgt.rememberMe.enabled=true
cas.ticket.tgt.rememberMe.timeToKillInSeconds=1209600
cas.messageBundle.encoding=UTF-8
cas.messageBundle.commonNames=file:/data/cas/messages_zh_CN.properties #文件內容在下面
cas.tgc.crypto.encryption.key=UNkH3oyQiotvxZlEoKuN68PmeZdhSJgNxVoLNtsCVd0
cas.tgc.crypto.signing.key=GUBgJdTLA7mVdFAE7iZjls4PRqr-do8SrYwrdVnj3uLs2xCHZXp5lIxA4YC0SxKrR0KFbE5hvfC2oLSkcAZefA
cas.webflow.crypto.signing.key=hokBx2JcUxBU1qg6ousNfxqPxq6CRE8bPeZZugZuzJGMQYKygbYhjqCNGqXTnp6CqH6id_z0WRt86wnY41sU7Q
cas.webflow.crypto.encryption.key=zjFbXXEaa_VsH3CA2QKwyA
cas.authn.token.crypto.encryption.key=NIPZxwVwveB017VDuZTcZnR1MaCqscSaJmivFOA7d_c
cas.authn.token.crypto.signing.key=heX91m6vPc2Miu3iPD-HlOBqsA_LwQMKDlfPp0pLelPeRHmllJrrd99ThrltYcLZCQ05TC2OaPxSyE6HnsyqLw
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://ldap.yourdomain.com #ldap的服務器地址,我使用了ssl,所以地址是ldaps://,如果沒有ssl,應該是ldap://
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].baseDn=dc=ad,dc=yc
cas.authn.ldap[0].userFilter=(|(sAMAccountName={user})(description={user})(mail={user}))
cas.authn.ldap[0].bindDn=CN=ldapconnection,CN=Users,DC=yourdomain,DC=com #ldap的登錄賬號
cas.authn.ldap[0].bindCredential=ldap@yourpassword #ldap的登錄密碼
cas.authn.ldap[0].enhanceWithEntryResolver=true
cas.authn.ldap[0].principalAttributeId=sAMAccountName
cas.authn.ldap[0].principalAttributeList=sAMAccountName,cn,mail,distinguishedName:dn,title,memberOf
cas.authn.ldap[0].collectDnAttribute=false
cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
cas.authn.ldap[0].trustCertificates=file:/data/cas/ldap-CA.cer #如果你的ldap服務器需要ssl,需要配置證書,如果不需要就不配置。
cas.authn.ldap[0].keystore=file:/data/cas/cas.keystore #ldap證書文件
cas.authn.ldap[0].keystorePassword=changeit #ldap證書密碼
cas.authn.ldap[0].keystoreType=PKCS12
cas.authn.ldap[0].minPoolSize=3
cas.authn.ldap[0].maxPoolSize=50
cas.authn.ldap[0].validateOnCheckout=true
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=600
cas.authn.ldap[0].failFast=true
cas.authn.ldap[0].idleTime=5000
cas.authn.ldap[0].prunePeriod=5000
cas.authn.ldap[0].blockWaitTime=5000
spring.mail.host=smtp.exmail.qq.com #郵箱smtp服務器地址
spring.mail.port=465 #郵箱smtp服務器端口
[email protected] #郵箱賬戶
spring.mail.password=yourpassword #你的郵箱密碼
spring.mail.testConnection=false
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.ssl.enable=true #是否開啓ssl,不開啓端口是25
cas.logout.followServiceRedirects=true
cas.logout.redirectParameter=service
cas.logout.confirmLogout=false
cas.logout.removeDescendantTickets=false
mongo.db=casdb #mongodb數據庫名稱
mongo.opts=ssl=false&authSource=admin #參數,使用默認的admin集合來做認證
mongo.creds=admin:yourpassword #用戶名:密碼
mongo.hosts=10.128.146.163 #mongodb數據庫服務器IP
mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?${mongo.opts}
cas.ticket.registry.mongo.clientUri=${mongo.uri}
cas.serviceRegistry.mongo.clientUri=${mongo.uri}
cas.serviceRegistry.mongo.collection=casServiceRegistry
/data/cas/messages_zh_CN.properties, 我的文件都放在/data/cas/目錄下面
#Welcome Screen Messages
screen.welcome.welcome=\u6b22\u8fce\u6765\u5230\u4e2d\u592e\u8ba4\u8bc1\u7cfb\u7edf\u3002\u9ed8\u8ba4\u7684\u8ba4\u8bc1\u5904\u7406\u5668\u652f\u6301\u90a3\u4e9b\u7528\u6237\u540d\u7b49\u4e8e\u5bc6\u7801\u7684\u8d26\u53f7\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u8bd5\u8bd5\u770b\u3002
screen.welcome.security=\u51FA\u4E8E\u5B89\u5168\u8003\u8651\uFF0C\u4E00\u65E6\u60A8\u8BBF\u95EE\u8FC7\u90A3\u4E9B\u9700\u8981\u60A8\u63D0\u4F9B\u51ED\u8BC1\u4FE1\u606F\u7684\u5E94\u7528\u65F6\uFF0C\u8BF7\u64CD\u4F5C\u5B8C\u6210\u4E4B\u540E<a href="logout">\u767B\u51FA</a>\u5E76\u5173\u95ED\u6D4F\u89C8\u5668\u3002
screen.welcome.instructions=\u8bf7\u8f93\u5165\u60a8\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801.
screen.welcome.label.netid=\u7528\u6237\u540d:
screen.welcome.label.netid.accesskey=n
screen.welcome.label.password=\u5bc6\u3000\u7801:
screen.welcome.label.password.accesskey=p
screen.welcome.label.warn=\u8f6c\u5411\u5176\u4ed6\u7ad9\u70b9\u524d\u63d0\u793a\u6211\u3002
screen.welcome.label.warn.accesskey=w
screen.welcome.button.login=\u767b\u5f55
screen.welcome.button.clear=\u91cd\u7f6e
logo.title=\u8f6c\u5230Apereo\u7f51\u7ad9\u9996\u9875
copyright=\u7248\u6743\u6240\u6709 © 2005–2012 Apereo, Inc. \u4fdd\u7559\u5168\u90e8\u6743\u5229\u3002
# Blocked Errors Page
screen.blocked.header=\u8bbf\u95ee\u88ab\u62d2\u7edd
screen.blocked.message=\u8f93\u9519\u5bc6\u7801\u6b21\u6570\u592a\u591a\uff0c\u8d26\u53f7\u88ab\u9501\u5b9a\u3002
#Confirmation Screen Messages
screen.confirmation.message=\u5355\u51fb <a href="{0}">\u8fd9\u91cc</a> \uff0c\u4fbf\u80fd\u591f\u8bbf\u95ee\u5230\u76ee\u6807\u5e94\u7528\u3002
#Generic Success Screen Messages
screen.success.header=\u767b\u5f55\u6210\u529f
screen.success.success=\u60a8\u5df2\u7ecf\u6210\u529f\u767b\u5f55\u4e2d\u592e\u8ba4\u8bc1\u7cfb\u7edf\u3002
screen.success.security=\u51FA\u4E8E\u5B89\u5168\u8003\u8651\uFF0C\u4E00\u65E6\u60A8\u8BBF\u95EE\u8FC7\u90A3\u4E9B\u9700\u8981\u60A8\u63D0\u4F9B\u51ED\u8BC1\u4FE1\u606F\u7684\u5E94\u7528\u65F6\uFF0C\u8BF7\u64CD\u4F5C\u5B8C\u6210\u4E4B\u540E<a href="logout">\u767B\u51FA</a>\u5E76\u5173\u95ED\u6D4F\u89C8\u5668\u3002
#Logout Screen Messages
screen.logout.header=\u6ce8\u9500\u6210\u529f
screen.logout.success=\u60a8\u5df2\u7ecf\u6210\u529f\u9000\u51faCAS\u7cfb\u7edf\uff0c\u8c22\u8c22\u4f7f\u7528\uff01
screen.logout.security=\u51fa\u4e8e\u5b89\u5168\u8003\u8651\uff0c\u8bf7\u5173\u95ed\u60a8\u7684\u6d4f\u89c8\u5668\u3002
screen.service.sso.error.header=\u5728\u8bbf\u95ee\u5230\u5230\u76ee\u6807\u670d\u52a1\u524d\uff0c\u4f60\u5fc5\u987b\u7ecf\u8fc7\u91cd\u65b0\u8ba4\u8bc1\u7684\u8003\u9a8c
screen.service.sso.error.message=\u4f60\u6b63\u8bd5\u56fe\u8bbf\u95ee\u8981\u6c42\u91cd\u65b0\u8ba4\u8bc1\u7684\u670d\u52a1\u3002\u8bf7\u5c1d\u8bd5\u8fdb\u884c<a href="{0}">\u518d\u6b21\u8ba4\u8bc1</a>\u3002
username.required=\u5fc5\u987b\u5f55\u5165\u7528\u6237\u540d\u3002
password.required=\u5fc5\u987b\u5f55\u5165\u5bc6\u7801\u3002
# Authentication failure messages
authenticationFailure.AccountDisabledException=\u8fd9\u4e2a\u8d26\u6237\u88ab\u7981\u7528\u4e86\u3002
authenticationFailure.AccountLockedException=\u8fd9\u4e2a\u8d26\u6237\u88ab\u4e0a\u9501\u4e86\u3002
authenticationFailure.CredentialExpiredException=\u4f60\u7684\u5bc6\u7801\u8fc7\u671f\u4e86\u3002
authenticationFailure.InvalidLoginLocationException=\u4f60\u4e0d\u80fd\u4ece\u8fd9\u4e2a\u5de5\u4f5c\u7ad9\u767b\u5f55\u3002
authenticationFailure.InvalidLoginTimeException=\u4f60\u7684\u8d26\u6237\u73b0\u5728\u88ab\u7981\u6b62\u767b\u5f55\u4e86\u3002
authenticationFailure.AccountNotFoundException=\u8ba4\u8bc1\u4fe1\u606f\u65e0\u6548\u3002
authenticationFailure.FailedLoginException=\u8ba4\u8bc1\u4fe1\u606f\u65e0\u6548\u3002
authenticationFailure.UNKNOWN=\u8ba4\u8bc1\u4fe1\u606f\u65e0\u6548\u3002
INVALID_REQUEST_PROXY=\u5fc5\u987b\u540c\u65f6\u63d0\u4f9b'pgt'\u548c'targetService'\u53c2\u6570
INVALID_TICKET_SPEC=\u6821\u9a8c\u7968\u6839\u5931\u8d25\u3002\u60a8\u53ef\u80fd\u91c7\u7528\u670d\u52a1\u7968\u6839\u6765\u6821\u9a8c\u4ee3\u7406\u7968\u6839\uff0c\u6216\u6ca1\u6709\u5c06renew\u8bbe\u4e3atrue\u3002
INVALID_REQUEST=\u5fc5\u987b\u540c\u65f6\u63d0\u4f9b'service'\u548c'ticket'\u53c2\u6570
INVALID_TICKET=\u672a\u80fd\u591f\u8bc6\u522b\u51fa\u76ee\u6807 ''{0}''\u7968\u6839
INVALID_SERVICE=\u7968\u6839''{0}''\u4e0d\u7b26\u5408\u76ee\u6807\u670d\u52a1
INVALID_PROXY_CALLBACK=\u6240\u63d0\u4f9b\u7684\u4ee3\u7406\u56de\u8c03\u7f51\u5740''{0}''\u4e0d\u80fd\u63d0\u4f9b\u8ba4\u8bc1\u3002
UNAUTHORIZED_SERVICE_PROXY=\u6240\u63d0\u4f9b\u7684\u670d\u52a1''{0}''\u6ca1\u6709\u6743\u9650\u4f7f\u7528CAS\u4ee3\u7406\u7684\u8ba4\u8bc1\u65b9\u5f0f\u3002
screen.service.error.header=\u672a\u8ba4\u8bc1\u6388\u6743\u7684\u670d\u52a1
screen.service.error.message=\u4e0d\u5141\u8bb8\u4f7f\u7528CAS\u6765\u8ba4\u8bc1\u60a8\u8bbf\u95ee\u7684\u76ee\u6807\u5e94\u7528\u3002
screen.service.empty.error.message=CAS\u7684\u670d\u52a1\u8bb0\u5f55\u662f\u7a7a\u7684\uff0c\u6ca1\u6709\u5b9a\u4e49\u670d\u52a1\u3002 \
\u5e0c\u671b\u901a\u8fc7CAS\u8fdb\u884c\u8ba4\u8bc1\u7684\u5e94\u7528\u7a0b\u5e8f\u5fc5\u987b\u5728\u670d\u52a1\u8bb0\u5f55\u4e2d\u660e\u786e\u5b9a\u4e49\u3002
# Password policy
password.expiration.warning=\u4f60\u7684\u5bc6\u7801\u4f1a\u5728{0}\u5929\u5185\u8fc7\u671f\u3002\u8bf7\u7acb\u523b<a href="{1}">\u4fee\u6539\u4f60\u7684\u5bc6\u7801</a>\u3002
password.expiration.loginsRemaining=\u5728<strong>\u5fc5\u987b</strong>\u4fee\u6539\u5bc6\u7801\u4e4b\u524d\uff0c\u4f60\u8fd8\u5269{0}\u6b21\u767b\u5f55\u3002
screen.accountdisabled.heading=\u8fd9\u4e2a\u8d26\u6237\u5df2\u7ecf\u88ab\u7981\u7528\u4e86\u3002
screen.accountdisabled.message=\u8bf7\u8054\u7cfb\u7cfb\u7edf\u7ba1\u7406\u5458\u6765\u91cd\u65b0\u83b7\u5f97\u8bbf\u95ee\u6743\u9650\u3002
screen.accountlocked.heading=\u8fd9\u4e2a\u8d26\u6237\u5df2\u7ecf\u88ab\u9501\u4f4f\u4e86\u3002
screen.accountlocked.message=\u8bf7\u8054\u7cfb\u7cfb\u7edf\u7ba1\u7406\u5458\u6765\u91cd\u65b0\u83b7\u5f97\u8bbf\u95ee\u6743\u9650\u3002
screen.expiredpass.heading=\u4f60\u7684\u5bc6\u7801\u5df2\u7ecf\u8fc7\u671f\u4e86\u3002
screen.expiredpass.message=\u8bf7<a href="{0}">\u4fee\u6539\u4f60\u7684\u5bc6\u7801</a>\u3002
screen.mustchangepass.heading=\u4f60\u5fc5\u987b\u4fee\u6539\u4f60\u7684\u5bc6\u7801\u3002
screen.mustchangepass.message=\u8bf7<a href="{0}">\u4fee\u6539\u4f60\u7684\u5bc6\u7801</a>\u3002
screen.badhours.heading=\u73b0\u5728\u4f60\u7684\u8d26\u6237\u88ab\u7981\u6b62\u767b\u5f55\u4e86\u3002
screen.badhours.message=\u8bf7\u7a0d\u540e\u518d\u8bd5\u3002
screen.badworkstation.heading=\u4f60\u4e0d\u80fd\u4ece\u8fd9\u4e2a\u5de5\u4f5c\u7ad9\u767b\u5f55\u3002
screen.badworkstation.message=\u8bf7\u8054\u7cfb\u7cfb\u7edf\u7ba1\u7406\u5458\u6765\u91cd\u65b0\u83b7\u5f97\u8bbf\u95ee\u6743\u9650\u3002
# OAuth
screen.oauth.confirm.header=\u6388\u6743
screen.oauth.confirm.message=\u8981\u6388\u6743"{0}"\u8bbf\u95ee\u4f60\u5168\u90e8\u4e2a\u4eba\u4fe1\u606f\u5417\uff1f
screen.oauth.confirm.allow=\u5141\u8bb8
# Unavailable
screen.unavailable.heading=CAS\u65e0\u6cd5\u4f7f\u7528
screen.unavailable.message=\u5728\u8bd5\u56fe\u5b8c\u6210\u4f60\u7684\u8bf7\u6c42\u65f6\u51fa\u9519\u3002\u8bf7\u901a\u77e5\u4f60\u7684\u6280\u672f\u652f\u6301\u6216\u91cd\u8bd5\u3002
2.運行cas-server,我的cas.war文件放在 /data/cas/目錄下
[root@workstation cas]# java -jar cas.war
__ ____ _ ____ __
/ / / ___| / \ / ___| \ \
| | | | / _ \ \___ \ | |
| | | |___ / ___ \ ___) | | |
| | \____| /_/ \_\ |____/ | |
\_\ /_/
CAS Version: 5.2.1
.....省略....
____ _____ _ ____ __ __
| _ \ | ____| / \ | _ \ \ \ / /
| |_) | | _| / _ \ | | | | \ V /
| _ < | |___ / ___ \ | |_| | | |
|_| \_\ |_____| /_/ \_\ |____/ |_|
>
2020-06-19 23:24:01,610 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <>
2020-06-19 23:24:01,610 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <Ready to process requests @ [2020-06-19T15:24:01.605Z]>
2020-06-19 23:24:01,613 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 40.988 seconds (JVM running for 44.747)>
3.驗證cas-server,使用域控登錄
