接上一篇: https://blog.csdn.net/lwlfox/article/details/106865535
1. 配置cas-management,将下面的内容存入/etc/cas/config/management.properties (文件路径必须是这个,SpringBoot可命令行指定配置,有兴趣的同学可以自行研究),配置方式和cas-server类似,应该说和SpringBoot类似
server.port=8443 #服务运行端口号
server.contextPath=/cas-management
logging.config=file:/etc/cas/config/log4j2.xml
logging.level.org.apereo.cas=DEBUG
cas.mgmt.adminRoles[0]=ROLE_ADMIN
cas.mgmt.adminRoles[1]=ROLE_SUPER_USER
server.ssl.enabled=true
server.ssl.keyStore=file:/data/cas/server.keystore #由阿里云证书生成的JKS文件
server.ssl.keyStorePassword=Password123! #<你的密码>
server.ssl.keyPassword=Password123! #<你的密码>
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
server.ssl.enabled=true
server.ssl.keyAlias=cas
server.ssl.keyStoreType=jks
server.ssl.protocol=TLS
cas.mgmt.userPropertiesFile=file:/etc/cas/config/adminusers.properties #cas支持多种认证方式,这个是通过把用户放入文件认证的方式,有了LDAP应该就取消了。
cas.mgmt.serverName=https://mycas.yourdomain.cn:8443 #cas-management运行的域名
cas.server.name=https://mycas.yourdomain.cn:7998 #cas-server的地址
cas.server.prefix=${cas.server.name}/cas
mongo.db=casdb #mongodb的数据库名称
mongo.opts=&ssl=false&authSource=admin #认证使用的集合名称admin
mongo.creds=admin:yourpassword #mongodb 用户名:密码
mongo.hosts=10.128.146.163 #mongodb数据库IP
mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?${mongo.opts}
cas.serviceRegistry.mongo.clientUri=${mongo.uri}
cas.serviceRegistry.mongo.collection=casServiceRegistry
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.schedule.repeatInterval=120000
cas.serviceRegistry.schedule.startDelay=150000
2. 运行cas-management,我的war包放在/dat/cas/目录下
[root@workstation cas]# java -jar cas-management.war
____ _ ____ __ __ _
/ ___| / \ / ___| | \/ | __ _ _ __ __ _ __ _ ___ _ __ ___ ___ _ __ | |_
| | / _ \ \___ \ | |\/| | / _` | | '_ \ / _` | / _` | / _ \ | '_ ` _ \ / _ \ | '_ \ | __|
| |___ / ___ \ ___) | | | | | | (_| | | | | | | (_| | | (_| | | __/ | | | | | | | __/ | | | | | |_
\____| /_/ \_\ |____/ |_| |_| \__,_| |_| |_| \__,_| \__, | \___| |_| |_| |_| \___| |_| |_| \__|
|___/
CAS Version: 5.2.1
.....省略...
____ _____ _ ____ __ __
| _ \ | ____| / \ | _ \ \ \ / /
| |_) | | _| / _ \ | | | | \ V /
| _ < | |___ / ___ \ | |_| | | |
|_| \_\ |_____| /_/ \_\ |____/ |_|
>
2020-06-19 23:46:05,319 INFO [org.apereo.cas.mgmt.DefaultCasManagementEventListener] - <>
2020-06-19 23:46:05,319 INFO [org.apereo.cas.mgmt.DefaultCasManagementEventListener] - <Ready to process requests @ [2020-06-19T15:46:05.314Z]>
2020-06-19 23:46:05,321 INFO [org.apereo.cas.mgmt.web.CasManagementWebApplication] - <Started CasManagementWebApplication in 34.213 seconds (JVM running for 37.13)>
3. 验证cas-management
4.添加需要执行SSO认证的服务,服务的地址,支持正则表达式
后续就是对接cas-server实现单点登录的应用了,我是采用django来实现的,其他语言原理类似