Central Authentication Service

简介: 国内私募机构九鼎控股打造APP,来就送 20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送)国内私募机构九鼎控股打造,九鼎投资是在全国股份转让系统挂牌的公众公司,股票代码为430719,为“中国PE第一股”,市值超1000亿元。

 

国内私募机构九鼎控股打造APP,来就送 20元现金领取地址: http://jdb.jiudingcapital.com/phone.html
内部邀请码: C8E245J (不写邀请码,没有现金送)
国内私募机构九鼎控股打造,九鼎投资是在全国股份转让系统挂牌的公众公司,股票代码为430719,为“中国PE第一股”,市值超1000亿元。 

 

 

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

 

http://docs.jboss.com/jbportal/v2.7.1/referenceGuide/html/sso.html#d0e11667

21.3. CAS - Central Authentication Service

This Single Sign On plugin enables seamless integration between JBoss Portal and the CAS Single Sign On Framework. Details about CAS can be found here

21.3.1. Integration steps

Note

The steps below assume that CAS server and JBoss Portal will be deployed on the same JBoss Application Server instance. CAS will be configured to leverage identity services exposed by JBoss Portal to perform authentication. Procedure may be slightly different for other deployment scenarios. Both JBoss Portal and CAS will need to be configured to authenticate against same database or LDAP server. Please see CAS documentation to learn how to setup it up against proper identity store.

Note

Configuration below assumes that JBoss Application Server is HTTPS enabled and operates on standard ports: 80 (for HTTP) and 443 (for HTTPS).
  1. Install CAS server (v 3.0.7). This should be as simple as deploying single cas.war file.
  2. Copy portal-identity-lib.jar and portal-identity-sso-lib.jar files from$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib to$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/lib.
  3. Edit $JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/WEB-INF/context.xml file and enable proper Apache Tomcat Valve by uncommenting following lines:
                      
    <Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
       	casLogin="https://localhost/cas/login"
       	casValidate="https://localhost/cas/serviceValidate"
       	casServerName="localhost"
       	authType="FORM"
    />
                      
                   
    Update valve options as follow:
    • casLogin: URL of your CAS Authentication Server
    • casValidate: URL of your CAS Authentication Server validation service
    • casServerName: the hostname:port combination of your CAS Authentication Server

    Note

    CAS client requires to use SSL connection. To learn how to setup JBoss Application Server to use HTTPS see here
  4. Copy casclient.jar into $JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib. You can download this file from CAS homepage or from JBoss repository underhttp://repository.jboss.com/cas/3.0.7/lib/

    Note

    The CAS engine does not accept self-signed SSL certificates. This requirement is fine for production use where a production level SSL certificate is available. However, for testing purposes, this can get a little annoying. Hence, if you are having this issue, you can use casclient-lenient.jar instead.
  5. Edit $JBOSS_HOME/server/default/deploy/jboss-portal.sar/META-INF/jboss-service.xml file and uncomment following lines:
                      
    <mbean
       code="org.jboss.portal.identity.sso.cas.CASAuthenticationService"
       name="portal:service=Module,type=CASAuthenticationService"
       xmbean-dd=""
       xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
       <xmbean/>
       <depends>portal:service=Module,type=IdentityServiceController</depends>
       <attribute name="HavingRole"></attribute>
    </mbean>
                      
                   
    This will expose special service in JBoss Portal that can be leveraged by CAS AuthenticationHandler if the server is deployed on the same application server instance. This AuthenticationHandler will be enabled in next 2 steps.
  6. Edit $JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/deployerConfigContext.xml and add following line in the authenticationHandlers section:
                      
    <bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
                      
                   
    This can replace default SimpleTestUsernamePasswordAuthenticationHandler so whole part of this config file can look as follows:
                      <property name="authenticationHandlers">
      <list>
        <!--
         | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
         | a server side SSL certificate.
         +-->
        <bean
          class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
          <property
            name="httpClient"
            ref="httpClient" />
        </bean>
    
        <!--
         | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
         | into production.  The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
         | where the username equals the password.  You will need to replace this with an AuthenticationHandler that implements your
         | local authentication strategy.  You might accomplish this by coding a new such handler and declaring
         | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
         +-->
        <bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
      </list>
    </property>
                   

To test the integration:

  • Go to your portal. Typically, http://localhost:8080/portal
  • Click on the "Login" link on the main portal page
  • This should bring up the CAS Authentication Server's login screen instead of the default JBoss Portal login screen
  • Input your portal username and password. For built-in portal login try user:user or admin:admin
  • If login is successful, you should be redirected back to the portal with the appropriate user logged in
目录
相关文章
|
2月前
|
存储 JSON API
【Azure Cloud Service】使用Key Vault Secret添加.CER证书到Cloud Service Extended Support中
由于Key Vault仅支持上传pfx格式的证书,而中间证书和根证书通常为crt或cer格式,无法直接转换为pfx。因此,将完整的证书链上传至Key Vault后,只能显示服务器证书的指纹,无法直接在Cloud Service (Extended Support)中修改。解决方法是先将中间证书和根证书存储在Key Vault Secrets中,再通过调用Cloud Service API更新证书配置。具体步骤包括准备证书文件、将证书内容JSON格式化并使用az cli命令设置到Key Vault Secret中,最后通过API更新Cloud Service信息。
|
2月前
|
JSON API 数据安全/隐私保护
【Azure Cloud Service】使用RESTAPI更新Cloud Service(Extended Support) 中所配置的证书
本文介绍了在更新Azure Cloud Service (Extended Support) 证书时,若旧证书(如中间证书、根证书)存储在Key Vault Secret中,而新证书仅匹配到服务器证书时,可能导致的错误及解决方法。建议使用PowerShell或RestAPI进行涉及机密的更新。文章详细描述了使用REST API更新证书的三个步骤:上传证书到Azure Key Vault、获取Cloud Service信息并发送GET请求、更新Cloud Service信息并发送PUT请求。通过这些步骤,可以成功更新证书并在云服务节点中验证证书信息。
|
4月前
|
数据中心 容器
【Azure 应用服务】在创建App Service时,遇见“No available instances to satisfy this request. App Service is attempting to increase capacity.”错误
【Azure 应用服务】在创建App Service时,遇见“No available instances to satisfy this request. App Service is attempting to increase capacity.”错误
|
微服务
03SpringCloud服务的注册与发现(Service Provider)
03SpringCloud服务的注册与发现(Service Provider)
52 0
03SpringCloud服务的注册与发现(Service Provider)
|
7月前
|
数据库 数据中心
AWS 的Application Discovery Service (ADS)
AWS 的Application Discovery Service (ADS)
113 3
|
7月前
|
虚拟化 数据中心 Windows
AWS 的Server Migration Service (SMS)
AWS的 Server Migration Service (SMS)
110 1
|
负载均衡 Java Nacos
Nacos和GateWay路由转发NotFoundException: 503 SERVICE_UNAVAILABLE “Unable to find
Nacos和GateWay路由转发NotFoundException: 503 SERVICE_UNAVAILABLE “Unable to find
423 0
Understanding services:理解服务(Service)
Understanding services:理解服务(Service)
139 0
Understanding services:理解服务(Service)
|
存储 域名解析 Kubernetes
Service、EmptyDir、HostPath | 学习笔记
快速学习 Service、EmptyDir、HostPath
|
Dubbo 应用服务中间件 容器
关于Failed to check the status of the service com.taotao.service.ItemService. No provider available fo
原文:http://www.bubuko.com/infodetail-2250226.html 项目中用dubbo发生:     Failed to check the status of the service com.taotao.service.ItemService. No provider available for the service 原因: Dubbo缺省会在启动时检查依赖的服务是否可用,不可用时会抛出异常,阻止Spring初始化完成,以便上线时,能及早发现问题,默认check=true。
2772 0