CAS-SERVER的預設驗證規則：只要使用者名稱和密碼相同就認證通過
（僅僅用於測試，生成環境需要根據實際情況修改），
輸入admin/admin 點選登入，就可以看到登入成功的頁面

Tomcat配置HTTPS

• 建立證書

       這裡使用JDK生成的證書，正式環境需購買專業提供商的證書

       用JDK自帶的keytool工具生成證書：

keytool -genkey -alias xiaokaceng -keyalg RSA -keystore d
:/cas/xiaokaceng

注意：127.0.0.1==sso.xiaokaceng.com 在C:\Windows\System32\drivers\etc\hosts配置，

• 匯出證書

keytool -export -file d:/cas/xiaokaceng.crt -alias xiaoka
ceng -keystore d:/cas/xiaokaceng

特別提示：

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

那麼請輸入密碼：changeit

• 應用到Web容器

       啟用Tomcat的SSL，開啟83和87的註釋，配置keystoreFile和keystorePass

<Connectorport
 
="8443"protocol="HTTP/1.1"SSLEnabled="true"maxThreads="150"scheme="https"secure="true"clientAuth="false"sslProtocol="TLS"keystoreFile="D:/cas/xiaokaceng"keystorePass="123456"/>

注意：keystoreFile和keystorePass有大小寫之分

CAS登入

• 啟動兩個tomcat客戶端，修改其埠
• (tomcat預設自帶的 webapps\examples 作為演示的簡單web專案)

• 整合CAS-Client

修改web.xml

<!-- ======================== 單點登入開始 ======================== -->
    <!-- 用於單點退出，該過濾器用於實現單點登出功能，可選配置-->
    <listener>
      <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

    <!-- 該過濾器用於實現單點登出功能，可選配置。 -->
    <filter>
      <filter-name>CAS Single Sign Out Filter</filter-name>
      <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>CAS Single Sign Out Filter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
      <filter-name>CAS Filter</filter-name>
      <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
      <init-param>
        <param-name>casServerLoginUrl</param-name>
        <param-value>https://sso.xiaokaceng.com:8443/cas/login</param-value>
      </init-param>
      <init-param>
        <param-name>serverName</param-name>
        <param-value>http://localhost:18080</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>CAS Filter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- 該過濾器負責對Ticket的校驗工作，必須啟用它 -->
    <filter>
      <filter-name>CAS Validation Filter</filter-name>
      <filter-class>
        org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
      <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>https://sso.xiaokaceng.com:8443/cas</param-value>
      </init-param>
      <init-param>
        <param-name>serverName</param-name>
        <param-value>http://localhost:18080</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>CAS Validation Filter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!--
      該過濾器負責實現HttpServletRequest請求的包裹，
      比如允許開發者通過HttpServletRequest的getRemoteUser()方法獲得SSO登入使用者的登入名，可選配置。
    -->
    <filter>
      <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
      <filter-class>
        org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!--
    該過濾器使得開發者可以通過org.jasig.cas.client.util.AssertionHolder來獲取使用者的登入名。
    比如AssertionHolder.getAssertion().getPrincipal().getName()。
    -->
    <filter>
      <filter-name>CAS Assertion Thread Local Filter</filter-name>
      <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>CAS Assertion Thread Local Filter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!-- ======================== 單點登入結束 ======================== -->

測試驗證，訪問http://localhost:18080/examples/servlets/servlet/HelloWorldExample

CAS服務介面

• 登入介面：casLoginView.jsp
• 登入成功：casGenericSuccess.jsp
• 登出介面：casLogoutView.jsp