当前位置: 文江博客话题详情

JASIG CAS jira+confluence sso

发布于 2024-11-18 07:18:26 字数 6438 浏览 4 评论 0原文

我有三个不同的 tomcat 实例。 Tomcat 与 cas 服务器 localhost:8050 Tomcat 与 Jira 4.3 本地主机:8080 最后,tomcat 与 confluence 3.5 localhost:8070

我需要通过连接到 LDAP 的 cas 服务器实现 SSO(jira + confluence)。

好的,我使用 jira 和 Confluence 的 cas 客户端,如下所示 https://wiki.jasig.org/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1

现在 jira 和 confluence 都正确地重定向了我到 Cas 登录页面并在 ldap 服务器中进行授权,这几乎可以正常工作(有一些与 confluence 注销有关的错误),但这不是 SSO。如果我登录 jira,我仍然需要输入我的凭证才能进行汇合,反之亦然。我认为这是因为不同的tomcat安装而发生的。当我登录 jira Cas 时,给我一张服务 http://localhost:8080 的票证和另一张 confluence 的票证(http: //本地主机:8070)。我真的被这个愚蠢的问题困扰,我希望有人能指导我正确的方法。

我的配置: 吉拉。 Seraph-config.xml

 <init-param>
            <param-name>login.url</param-name>
            <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}</param-value>
         </init-param>
        <init-param>
             <param-name>link.login.url</param-name>
            <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}                      </param-value>
         </init-param>
        <init-param>
            <param-name>logout.url</param-name>
            <param-value>http://localhost:8050/cas-server-webapp-3.4.8/logout</param-value>
      </init-param>

Web xml:

<filter>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
  <filter-name>CasAuthenticationFilter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>http://localhost:8080</param-value>
  </init-param>
</filter>
<filter>
    <filter-name>CasValidationFilter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>http://localhost:8080</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasValidationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
    <listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

用于汇合:

seraph-config.xml:

<init-param>
        <param-name>login.url</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}</param-value>
    </init-param>
    <init-param>
        <param-name>link.login.url</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}</param-value>
    </init-param>

web.xml:

<filter>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
  <filter-name>CasAuthenticationFilter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>http://localhost:8070</param-value>
  </init-param>
</filter>
<filter>
    <filter-name>CasValidationFilter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>http://localhost:8070</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/login.action</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasValidationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>
原文

I have three different tomcat instance.
Tomcat with cas server localhost:8050
Tomcat with Jira 4.3 localhost:8080
and, finally tomcat with confluence 3.5 localhost:8070

I need to implement SSO(jira + confluence) via cas server, which connected to LDAP.

Ok, im use cas client for jira and Confluence like this https://wiki.jasig.org/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1

Now both jira and confluence correctly redirect me to Cas login page and authtorize in ldap server, thats work almost fine(have some bugs with confluence logout), but this is not SSO. If i logged in jira i still need to enter my cretentials for confluence and vice verca. I think its happend because diferent tomcat installation. When im logging in jira Cas give me a ticket for service http://localhost:8080 and another ticket for confluence(http://localhost:8070). Im really stuck with this stupid problem, and im hope somebody can direct me on right way.

My configs:
Jira.
Seraph-config.xml

 <init-param>
            <param-name>login.url</param-name>
            <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}</param-value>
         </init-param>
        <init-param>
             <param-name>link.login.url</param-name>
            <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}                      </param-value>
         </init-param>
        <init-param>
            <param-name>logout.url</param-name>
            <param-value>http://localhost:8050/cas-server-webapp-3.4.8/logout</param-value>
      </init-param>

Web xml:

<filter>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
  <filter-name>CasAuthenticationFilter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>http://localhost:8080</param-value>
  </init-param>
</filter>
<filter>
    <filter-name>CasValidationFilter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>http://localhost:8080</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasValidationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
    <listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

for confluence:

seraph-config.xml :

<init-param>
        <param-name>login.url</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}</param-value>
    </init-param>
    <init-param>
        <param-name>link.login.url</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}</param-value>
    </init-param>

web.xml:

<filter>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
  <filter-name>CasAuthenticationFilter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>http://localhost:8070</param-value>
  </init-param>
</filter>
<filter>
    <filter-name>CasValidationFilter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>http://localhost:8070</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/login.action</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasValidationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

缱绻入梦 2024-11-25 07:18:26

我注意到上面您的服务是动态的: service=${originalurl}

我认为要使 SSO 工作,您必须使用每个网站都必须使用相同的服务调用 CAS,以便 CAS 服务器上的 TGT 知道谁在调用。否则,我认为您必须调查代理授予票证:

https://wiki.jasig .org/display/CAS/Proxy+CAS+Walkthrough

据我所知,这是一种服务方式,相当于“没关系,其他服务是我的朋友”。

I notice above that your service is dynamic: service=${originalurl}

I think that for SSO to work you have to use the each website has to call CAS using the same service so that the TGT on the CAS server knows who is calling. Otherwise, I think you have to investigate Proxy Granting Tickets:

https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough

Which I understand are a means of a service saying the equivilent of "it's ok, that other service is my friend".

回复 原文
~没有更多了~

关于作者

小ぇ时光︴

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文