`
Eric_liu
  • 浏览: 90918 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

liferay portal 4.2.1 配置sso+cas

阅读更多

liferay portal 4.2.1  配置sso+cas 

按照官方文档配置:

Introduction
The following are a set of instructions for integrating Liferay Portal with CAS Server to setup single sign on (SSO) between Liferay and an existing web application.

[edit]Setting up CAS server
We will begin with setting up JA-SIG CAS server on Tomcat 5.x.x.

Download cas-server WAR from Liferay's download page or the whole distribution from here and drop the cas-web.war file into Tomcat's webapps dir. In a production environment The CAS server should really run on its own tomcat instance but for testing purposes we'll drop it in the same instance as our Liferay portal.

We'll need to edit the server.xml file in tomcat and uncomment the SSL section to open up port 8443.

<connector port="8443" maxhttpheadersize="8192"></connector>

xml 代码
  1. <Connector port="8443" maxHttpHeaderSize="8192"  
  2. maxThreads="150" minSpareThreads="25" maxSpareThreads="75"  
  3. enableLookups="false" disableUploadTimeout="true"  
  4. acceptCount="100" scheme="https" secure="true"  
  5. clientAuth="false" sslProtocol="TLS" />  


[edit]Setting up the CAS client
Next we need to download the Yale CAS client from here. Get cas-client-2.0.11. Place the casclient.jar in ROOT/web-inf/lib of the Liferay install.

[edit]Generate the SSL cert with Java keytool
Now that we have everything we need, it's time to generate an SSL cert for our CAS server. Instructions and more information on SSL certs can be found here(http://www.ja-sig.org/products/cas/downloads/index.html)

(我下载的就是这个版本,3.0应该也是可以的,我没有测试。)

But I found some typos and errors on that page. So following the instructions below should get you what you need.

In any directory ( I use my root ) enter the command:

keytool -genkey -alias tomcat -keypass changeit -keyalg RSA

Answer the questions: (note that your firstname and lastname MUST be hostname of your server and cannot be a IP address; this is very important as an IP address will fail client hostname verification even if it is correct)

Enter keystore password:  changeit
What is your first and last name?
[Unknown]:  localhost
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes

(这点需要注意,都需要添上,否则不能通过,不会生成.keystore目录;下面的文件名随便输入一个)
Then enter the command:

keytool -export -alias tomcat -keypass changeit -file %FILE_NAME%
I use server.cert for %FILE_NAME%. This command exports the cert you generated from your personal keystore (In windows your personal keystore is in C:\Documents and Settings\<username></username>\.keystore)

Finally import the cert into Java's keystore with this command. Tomcat uses the keystore in your JRE (%JAVA_HOME%/jre/lib/security/cacerts)

keytool -import -alias tomcat -file %FILE_NAME% -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
Startup the CAS server

Now you are ready to startup your CAS server. Simply startup Tomcat and access CAS with https://localhost:8443/cas You should see the CAS login screen and no errors in your catalina logs.

[edit]Setting up Liferay Portal
[edit]web.xml
Note: If you are using Liferay 4.2, this filter is already defined. All you have to do is modify the URL parameters, if your CAS server is at a different location.

It's time to move on to configuring Liferay. In the web.xml file you will need to add a new filter and its mapping directly above the first existing auto login filter mapping. This new filter we just added will redirect all login attempts to the CAS server. If your hostname is different you can modify the init-params accordingly. 
<filter-name></filter-name> 

xml 代码
  1. <filter>    
  2.    <filter-name>CAS Filter</filter-name>    
  3.    <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>    
  4.    <init-param>    
  5.       <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>    
  6.       <param-value>https://localhost:8443/cas-web/login</param-value>    
  7.    </init-param>    
  8.    <init-param>    
  9.       <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>    
  10.       <param-value>https://localhost:8443/cas-web/proxyValidate</param-value>    
  11.    </init-param>    
  12.    <init-param>    
  13.       <param-name>edu.yale.its.tp.cas.client.filter.serviceUrl</param-name>    
  14.       <param-value>http://localhost:8080/c/portal/login</param-value>    
  15.    </init-param>    
  16. </filter>  



If you use a ...serviceUrl param like above, after logging in with CAS, the browser will be redirected back to that serviceUrl. However, you can change it to the following and it will redirect back to the full URL that was originally requested. This allows you to have a deep link (e.g. to a certain layout with parameters for a portlet even) that is preserved through the CAS login process:

xml 代码
  1.    <init-param>    
  2.       <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>    
  3.       <param-value>localhost:8080</param-value>    
  4.    </init-param>    
  5.   
  6. <filter-mapping>    
  7.    <filter-name>CAS Filter</filter-name>    
  8.    <url-pattern>/c/portal/login</url-pattern>    
  9. </filter-mapping>  

Then add the following to the rest of the auto login filters <filter-mapping></filter-mapping>

xml 代码
  1. <filter-mapping>    
  2.    <filter-name>Auto Login Filter</filter-name>    
  3.    <url-pattern>/c/portal/login</url-pattern>    
  4.    <dispatcher>FORWARD</dispatcher>    
  5.    <dispatcher>INCLUDE</dispatcher>    
  6.    <dispatcher>REQUEST</dispatcher>    
  7. </filter-mapping>  



[edit]system-ext.properties
Note: this is only needed in Liferay 4.2

Set the com.liferay.filters.sso.cas.CASFilter setting to true.

( system-ext.properties这个文件不存在,新建一个\ROOT\WEB-INF\classes\system-ext.properties,然后填入该内容)

Place the following in system-ext.properties:

   #
   # The CAS filter will redirect the user to the CAS login page for SSO. See
   # http://www.ja-sig.org/products/cas for more information.
   #
   com.liferay.filters.sso.cas.CASFilter=true

(portal-ext.properties 该文件存在,仅仅添加内容即可)
[edit]portal-ext.properties
Put this in portal-ext.properties.

##
## Auto Login
##
#
# Input a list of comma delimited class names that implement
# com.liferay.portal.security.auth.AutoLogin. These classes will run in
# consecutive order for all unauthenticated users until one of them return a
# valid user id and password combination. If no valid combination is
# returned, then the request continues to process normally. If a valid
# combination is returned, then the portal will automatically login that
# user with the returned user id and password combination.
#
# For example, com.liferay.portal.security.auth.BasicAutoLogin reads from a
# cookie to automatically log in a user who previously logged in while
# checking on the "Remember Me" box.
#
# This interface allows deployers to easily configure the portal to work
# with other SSO servers. See com.liferay.portal.security.auth.CASAutoLogin
# for an example of how to configure the portal with Yale's SSO server.
#
#auto.login.hooks=com.liferay.portal.security.auth.BasicAutoLogin
auto.login.hooks=com.liferay.portal.security.auth.BasicAutoLogin,com.liferay.portal.security.auth.CASAutoLogin
Comment the first auto.login.hooks property and uncomment the second to add CASAutoLogin to the list of AutoLogin implementations.

[edit]Startup Liferay and Test
Startup the portal and when the homepage loads up hit the login link. If all goes well you should be redirected to the CAS server's login screen. Login to CAS with liferay.com.1 as your username and liferay.com.1 as your password. You should now be logged into the portal.

The current auth scheme for CAS is quite simple but in production an auth scheme which taps into an LDAP repository or some other auth service will be required.

[edit]Troubleshooting
If you created a cert with the %FILE_NAME%, you'll probably run into problems. Here are 2 commands to delete the tomcat alias from the keystore so you can start fresh:

keytool -delete -alias tomcat -keystore %JAVA_HOME%/jre/lib/security/cacerts
keytool -delete -alias tomcat -file server.cert
You may not be able to get https://localhost:8443/cas up and running after the cert key generation. If so, skip the test and try it after you've finished all the steps. If you can't login at that point, you've probably generated your cert incorrectly.
I've had problems with certs on IE7, make sure you try it out on Firefox and Opera.
[edit]Lifecast
CAS Setup - Integrate Liferay Portal with a CAS server to access multiple applications with a single sign on.

Retrieved from "http://wiki.liferay.com/index.php/Single_SignOn_-_Integrating_Liferay_With_CAS_Server"
Category: Customization


 
分享到:
评论
1 楼 javaray 2010-07-19  
遨豪大连专注于门户信息化服务,擅长于Liferay门户安装,部署和配置实施,快速Theme,基于Liferay门户实施二次开发;移植第三方门户应用系统到Liferay门户及实现企业信息化管理平台;提供必要的Liferay项目开发和管理服务以及性能改进的详细计划以及企业版服务等,更多参考: www.aukcell.com

业务咨询在线联系:eonpeter@gmail.com (msn)

相关推荐

    LifeRay+CAS+LDAP+Tomcat 单点登录门户.pdf

    在搭建 LifeRay+CAS+LDAP+Tomcat SSO 门户的过程中,首先需要配置 CAS 服务器。在本案例中,使用的是 CAS Server 3.2 和 CAS Client 3.1.10 版本。CAS 服务器负责验证用户的身份,而 CAS 客户端集成在 LifeRay 中,...

    liferay + cas + ldap 集成配置

    标题 "Liferay + CAS + LDAP 集成配置" 涉及到的是在企业级内容管理系统 Liferay 中集成 Central Authentication Service (CAS) 和 Lightweight Directory Access Protocol (LDAP) 的过程。这种集成允许用户通过CAS...

    liferay+cas

    - **集成 Liferay**:在 Liferay 中配置 CAS 作为认证提供者,这可能涉及修改 Liferay 的 `portal-ext.properties` 文件,添加 CAS 服务器的相关配置,比如 CAS 服务器的 URL、服务验证 URL 等。 - **测试集成**:...

    liferay开发文档.pdf

    Liferay 的配置文件是portal平台的核心组件,负责管理portal的各个方面。配置文件包括portal.properties、portlet.properties、liferay.properties等。 * Liferay 配置文件的种类 + portal.properties + portlet....

    liferay portal开发大全

    Liferay Portal的配置涉及到多个层次,包括服务器级别的配置、portlet部署配置以及应用级别的设置。学习如何配置Liferay的部署文件(如portal-ext.properties)以定制门户的行为和功能至关重要。 4. **Liferay ...

    Liferay5.2.3和CAS配置成SSO

    本案例中,我们将探讨如何将Liferay 5.2.3与CAS(Central Authentication Service)配置为SSO系统。 Liferay是一款开源的企业级门户平台,它提供了一个灵活的框架来构建和管理Web应用程序。而CAS则是一个开源的身份...

    liferay portal 开发实例

    Liferay Portal是一款开源的企业级门户平台,用于构建和管理复杂的企业级Web应用程序。在这个开发实例中,我们将深入探讨四个Liferay Portal MVC(Model-View-Controller)应用的实践案例,这些实例可以帮助开发者更...

    liferay+cas实现单点登录步骤

    这通常涉及修改Liferay的配置文件,如`portal-ext.properties`,并启用CAS插件或模块。 6. **配置CAS客户端** - 配置Liferay作为CAS客户端,确保它能够识别CAS服务器的票据(ticket)并完成用户认证。这通常涉及到...

    liferay Portal 的学习书籍

    Liferay Portal是一种开源的企业门户解决方案,支持使用Java语言构建企业内部网(intranets)和其他协作平台。根据提供的内容片段,我们可以了解到一些关于Liferay Portal书籍的具体信息,这本书是外国人编写的,受...

    liferay+Portal+二次开发指南

    ### Liferay Portal 二次开发指南 #### 一、Liferay Portal 概览 **Liferay Portal** 是一款开源的企业级门户平台,它基于Java技术构建,支持多种标准,包括JSR 168和WSRP等。Liferay Portal 提供了一个高度可定制...

    liferay-portal配置tomcat使用的jar包

    3. **配置Liferay**:打开`liferay-portal-&lt;version&gt;/WEB-INF/liferay-portal-tomcat-&lt;version&gt;.xml`配置文件,根据你的Tomcat版本和需求进行调整。这可能包括数据库连接、缓存设置、线程池配置等。 4. **添加jar包...

    liferay portal 6 使用文档

    ### Liferay Portal 6 使用文档知识点详述 #### 一、Liferay Portal 6:企业级门户解决方案 Liferay Portal 6是一款先进的企业级门户平台,旨在帮助企业构建和维护高效、安全、用户友好的内部网(Intranets)。它...

    Liferay Portal 内容管理

    在权限配置方面,Liferay Portal允许将权限分配给用户、组织、地区、用户组、社区或Guest。例如,要将权限赋予某个用户,可以选择用户并点击【Update Permissions】,在操作列表中选择所需权限,最后确认设置。同样...

    Liferay Portal 二次开发指南

    ### Liferay Portal 二次开发指南 ...总之,Liferay Portal的二次开发不仅涉及技术层面的编码和配置,还需要深入理解其架构和使用模式,才能充分利用其强大功能,构建出既高效又个性化的门户应用。

    Using Liferay Portal 6.1

    Using Liferay Portal 6.1

    Liferay的CAS SSO实现

    Liferay是一款功能强大的开源企业级门户平台...总之,Liferay的CAS SSO实现是通过集成CAS服务器和配置Liferay的安全策略来完成的,这一功能对于多应用环境的企业级门户至关重要,它可以提供便捷、安全的用户登录体验。

    liferay portal 开发指南

    ### Liferay Portal 开发指南知识点概述 #### 一、简介 **Liferay Portal** 是一款功能强大的企业级门户平台,支持多种应用集成和技术扩展。它不仅提供了丰富的特性满足企业日常需求,同时也支持高度定制化开发。...

    LIFERAY + JAVA WEB START + OSWORKFLOW设计器

    【LIFERAY + JAVA WEB START + OSWORKFLOW设计器】是一个结合了三个关键技术的集成解决方案,用于在Liferay门户平台上构建和管理工作流。Liferay是一个开源的企业级门户平台,提供了一整套内容管理系统、社交协作...

    Liferay Portal Systems Development

    根据提供的文件信息,我们可以提炼出关于《Liferay Portal Systems Development》这本书的以下知识点。 首先,这本书主要介绍如何在Liferay门户平台上构建动态的、内容丰富的、具有社交功能的系统。Liferay Portal...

Global site tag (gtag.js) - Google Analytics