接上一篇: https://blog.csdn.net/lwlfox/article/details/106865535
1. 配置cas-management,將下面的內容存入/etc/cas/config/management.properties (文件路徑必須是這個,SpringBoot可命令行指定配置,有興趣的同學可以自行研究),配置方式和cas-server類似,應該說和SpringBoot類似
server.port=8443 #服務運行端口號
server.contextPath=/cas-management
logging.config=file:/etc/cas/config/log4j2.xml
logging.level.org.apereo.cas=DEBUG
cas.mgmt.adminRoles[0]=ROLE_ADMIN
cas.mgmt.adminRoles[1]=ROLE_SUPER_USER
server.ssl.enabled=true
server.ssl.keyStore=file:/data/cas/server.keystore #由阿里雲證書生成的JKS文件
server.ssl.keyStorePassword=Password123! #<你的密碼>
server.ssl.keyPassword=Password123! #<你的密碼>
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
server.ssl.enabled=true
server.ssl.keyAlias=cas
server.ssl.keyStoreType=jks
server.ssl.protocol=TLS
cas.mgmt.userPropertiesFile=file:/etc/cas/config/adminusers.properties #cas支持多種認證方式,這個是通過把用戶放入文件認證的方式,有了LDAP應該就取消了。
cas.mgmt.serverName=https://mycas.yourdomain.cn:8443 #cas-management運行的域名
cas.server.name=https://mycas.yourdomain.cn:7998 #cas-server的地址
cas.server.prefix=${cas.server.name}/cas
mongo.db=casdb #mongodb的數據庫名稱
mongo.opts=&ssl=false&authSource=admin #認證使用的集合名稱admin
mongo.creds=admin:yourpassword #mongodb 用戶名:密碼
mongo.hosts=10.128.146.163 #mongodb數據庫IP
mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?${mongo.opts}
cas.serviceRegistry.mongo.clientUri=${mongo.uri}
cas.serviceRegistry.mongo.collection=casServiceRegistry
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.schedule.repeatInterval=120000
cas.serviceRegistry.schedule.startDelay=150000
2. 運行cas-management,我的war包放在/dat/cas/目錄下
[root@workstation cas]# java -jar cas-management.war
____ _ ____ __ __ _
/ ___| / \ / ___| | \/ | __ _ _ __ __ _ __ _ ___ _ __ ___ ___ _ __ | |_
| | / _ \ \___ \ | |\/| | / _` | | '_ \ / _` | / _` | / _ \ | '_ ` _ \ / _ \ | '_ \ | __|
| |___ / ___ \ ___) | | | | | | (_| | | | | | | (_| | | (_| | | __/ | | | | | | | __/ | | | | | |_
\____| /_/ \_\ |____/ |_| |_| \__,_| |_| |_| \__,_| \__, | \___| |_| |_| |_| \___| |_| |_| \__|
|___/
CAS Version: 5.2.1
.....省略...
____ _____ _ ____ __ __
| _ \ | ____| / \ | _ \ \ \ / /
| |_) | | _| / _ \ | | | | \ V /
| _ < | |___ / ___ \ | |_| | | |
|_| \_\ |_____| /_/ \_\ |____/ |_|
>
2020-06-19 23:46:05,319 INFO [org.apereo.cas.mgmt.DefaultCasManagementEventListener] - <>
2020-06-19 23:46:05,319 INFO [org.apereo.cas.mgmt.DefaultCasManagementEventListener] - <Ready to process requests @ [2020-06-19T15:46:05.314Z]>
2020-06-19 23:46:05,321 INFO [org.apereo.cas.mgmt.web.CasManagementWebApplication] - <Started CasManagementWebApplication in 34.213 seconds (JVM running for 37.13)>
3. 驗證cas-management
4.添加需要執行SSO認證的服務,服務的地址,支持正則表達式
後續就是對接cas-server實現單點登錄的應用了,我是採用django來實現的,其他語言原理類似