具有多个 web 应用程序的 CAS SSO
[英]CAS SSO with multiple web applications
问题描述
I've spent the last day or so looking in CAS and have managed to get the server working with a simple test application.
我花了最后一天左右的时间研究 CAS,并设法让服务器与一个简单的测试应用程序一起工作。 When I enter a protected area, I'm redirect to a login page - when I log in, I'm taken back to my previous page.当我进入受保护区域时,我被重定向到登录页面 - 当我登录时,我被带回到我之前的页面。
From there, the next step would be deploy two client applications, log into client A, visit the client B protected area and have the system handle the authentication for me (since I'm already logged into client A).从那里开始,下一步将部署两个客户端应用程序,登录到客户端 A,访问客户端 B 的保护区并让系统为我处理身份验证(因为我已经登录到客户端 A)。
This isn't actually working however.然而,这实际上不起作用。 I have to log into the client B site whether I'm logged into the client A site or not.无论我是否登录到客户端 A 站点,我都必须登录到客户端 B 站点。
CAS is running on Tomcat, client A and B are the same project deployed as separate wars on a single instance of JBoss AS 6. CAS 在 Tomcat 上运行,客户端 A 和 B 是同一个项目,部署为 JBoss AS 6 的单个实例上的单独战争。
Any ideas how I can achieve the suggested behavior?有什么想法可以实现建议的行为吗?
EDIT: Yes, both are using CAS.编辑:是的,两者都使用 CAS。 The issue is that it doesn't seem to be recognizing that the user is already logged in. It's as if the CAS isn't able to determine that there is a 'link' between the two services and that when one service has been authenticated, the other service should be automatically authenticated.问题是它似乎没有识别出用户已经登录。就好像 CAS 无法确定两个服务之间存在“链接”,以及当一个服务已经过身份验证时,其他服务应自动进行身份验证。
I should note that at this stage, I am not using SSL within the application.我应该注意,在这个阶段,我没有在应用程序中使用 SSL。 I'm focused on getting a simple example up and going using HTTP before I look at introducing SSL.在介绍 SSL 之前,我专注于创建一个简单的示例并使用 HTTP。
3 个解决方案
解决方案1
1 2011-05-26 07:51:31
Both of your applications need to be configured to use the CAS server for authentication.您的两个应用程序都需要配置为使用 CAS 服务器进行身份验证。 The normal procedure would be that application A redirects you to your CAS login page, lets you log in and redirects you back to A. If you then try to log into B, it checks with the CAs server whether you're already logged in and, if so, sends back information about the logged in user.正常的程序是应用程序 A 将您重定向到您的 CAS 登录页面,让您登录并将您重定向回 A。如果您随后尝试登录 B,它会与 CAs 服务器检查您是否已经登录并且,如果是,则发回有关已登录用户的信息。
Again, both your applications need to support CAS as a login mechanism, which I am not sure about from your description.同样,您的两个应用程序都需要支持 CAS 作为登录机制,从您的描述中我不确定。
Detailed description of the CAS protocol can be found here . CAS 协议的详细描述可以在这里找到。
解决方案2
1 已采纳 2011-05-29 08:24:32
CAS was working without SSL in that it would take you to the login site and authenticate you correctly. CAS 在没有 SSL 的情况下工作,因为它会将您带到登录站点并正确验证您的身份。 The issue was if you tried to access via another site, it would ask you to sign in again.问题是如果您尝试通过其他网站访问,它会要求您再次登录。
Once I enabled SSL and tried it, it was working correctly.一旦我启用 SSL 并尝试它,它就可以正常工作。 Once logged into client A, it would automatically authenticate you in client B. I had spent some time on the wiki and while it spoke of the importance of using SSL, I do not recall it explicitly stating that SSO will not work without SSL enabled.一旦登录到客户端 A,它将自动在客户端 B 中对您进行身份验证。我在 wiki 上花了一些时间,虽然它谈到了使用 SSL 的重要性,但我不记得它明确指出 SSO 在没有启用 SSL 的情况下将无法工作。 Maybe a warning should be added to the wiki?也许应该在 wiki 中添加警告?
解决方案3
-1 2014-08-29 07:26:45
If you want to focus on your applications and make your life easier, use a cloud provider for the CAS server: http://www.casinthecloud.com (free servers are available for tests).如果您想专注于您的应用程序并使您的生活更轻松,请使用 CAS 服务器的云提供商: http://www.casinthecloud.com (免费服务器可用于测试)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.