1

我有三个不同的 tomcat 实例。带有 cas 服务器 localhost:8050 的 Tomcat 带有 Jira 4.3 localhost:8080 的 Tomcat,最后是带有 confluence 3.5 localhost:8070 的 tomcat

我需要通过连接到 LDAP 的 cas 服务器实现 SSO(jira + confluence)。

好的,我像这样为 jira 和 Confluence 使用 cas 客户端https://wiki.jasig.org/display/CASC/Configuring+Confluence+with+JASIG+CAS+Client+for+Java+3.1

现在 jira 和 confluence 都正确地将我重定向到 Cas 登录页面并在 ldap 服务器中进行授权,这几乎可以正常工作(在 confluence 注销时有一些错误),但这不是 SSO。如果我登录 jira,我仍然需要输入我的凭据以进行融合,反之亦然。我认为它的发生是因为不同的 tomcat 安装。当我登录 jira Cas 时,给我一张服务票http://localhost:8080和一张 confluence(http://localhost:8070) 票。我真的坚持这个愚蠢的问题,我希望有人能指导我正确的方式。

我的配置:Jira。Seraph-config.xml

 <init-param>
            <param-name>login.url</param-name>
            <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}</param-value>
         </init-param>
        <init-param>
             <param-name>link.login.url</param-name>
            <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}                      </param-value>
         </init-param>
        <init-param>
            <param-name>logout.url</param-name>
            <param-value>http://localhost:8050/cas-server-webapp-3.4.8/logout</param-value>
      </init-param>

网页xml:

<filter>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
  <filter-name>CasAuthenticationFilter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>http://localhost:8080</param-value>
  </init-param>
</filter>
<filter>
    <filter-name>CasValidationFilter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>http://localhost:8080</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasValidationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
    <listener>
    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

汇合:

六翼天使-config.xml:

<init-param>
        <param-name>login.url</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}</param-value>
    </init-param>
    <init-param>
        <param-name>link.login.url</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl}</param-value>
    </init-param>

网页.xml:

<filter>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter>
  <filter-name>CasAuthenticationFilter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>http://localhost:8050/cas-server-webapp-3.4.8/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>http://localhost:8070</param-value>
  </init-param>
</filter>
<filter>
    <filter-name>CasValidationFilter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
        <param-name>casServerUrlPrefix</param-name>
        <param-value>http://localhost:8050/cas-server-webapp-3.4.8/</param-value>
    </init-param>
    <init-param>
        <param-name>serverName</param-name>
        <param-value>http://localhost:8070</param-value>
    </init-param>
    <init-param>
        <param-name>redirectAfterValidation</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
   <filter-name>CasSingleSignOutFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/login.action</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasValidationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>
4

1 回答 1

0

我在上面注意到您的服务是动态的: service=${originalurl}

我认为要使 SSO 工作,您必须使用每个网站都必须使用相同的服务调用 CAS,以便 CAS 服务器上的 TGT 知道谁在调用。否则,我认为您必须调查代理授予票证:

https://wiki.jasig.org/display/CAS/Proxy+CAS+演练

据我所知,这是一种服务方式,相当于“没关系,其他服务是我的朋友”。

于 2011-07-06T12:55:02.537 回答