如何实施SSO [英] How to Implement SSO
问题描述
我要实现SSO单一登录.
我发现很多链接和文章都在谈论CAS OpenID以及许多不同的东西,我真的迷路了
所以我应该使用CAS吗?
我安装了CAS Server并将其分发到Tomcat中
你下一步怎么做?
或者这是错误的吗?
您能解释一下我如何开发一个简单的HelloWorld来实现SSO.
I want to implement SSO Single Sign On .
I found a lot of links and articles talking about CAS OpenID and many different things ,I'm really lost
so should i use CAS ?
I installed CAS Server and deplyed it into Tomcat
What is the next step?
Or is this wrong?
Can you explain me how can i develop a simple HelloWorld to implement SSO.
非常感谢
推荐答案
CAS是SSO的流行实现,因此安装CAS服务器是一个不错的第一步.您需要一台服务器来执行任何计划,并且可以在没有任何其他组件的情况下检查它是否正常工作(发行版中的INSTALL.TXT文件中有说明).您打算编写的任何CAS客户端都无法做到这一点.
CAS is a popular implementation of SSO, so installing CAS server is a good first step. You'll need a server for anything you're planning, and you can check that it's working without having any other pieces in place (there are instructions in the INSTALL.TXT file that comes in the distribution). The same can't be said for any CAS clients you intend to write.
一旦CAS服务器启动并运行,您还有两个主要任务:
Once you have CAS server up and running, you have two main tasks left:
- 创建或修改您的应用以使其成为CAS客户端
- 用一个有用的替换默认的身份验证处理程序
如果您像我一样,则希望尽快看到此事(或向经理展示).在这种情况下,请先解决第1步,但不要从真正的应用程序开始.只需做一个快速的Hello World. https://wiki.jasig.org/display/CASUM/Demo对此有特定说明.您已经安装了Tomcat,因此跳过步骤1和3.如果还启用了HTTPS,则也可以跳过步骤2和4,直接转到步骤5.假设您将用Java实现CAS客户端,那么您对实际应用需要做什么的一个好主意.
If you're like me, you want to see this thing in action as quickly as you can (or have something to show your manager). In that case, tackle step 1 first, but don't start with the real app. Just do a quick Hello World. There are specific instructions for this at https://wiki.jasig.org/display/CASUM/Demo. You've already got Tomcat installed, so skip steps 1 and 3. If you've also enabled HTTPS you can skip steps 2 and 4 as well and go straight to step 5. Once you get this going, you'll have a pretty good idea of what you need to do for the real app, assuming you will be implementing your CAS client in Java.
您需要执行步骤2,因为默认身份验证处理程序仅对演示有用.任何匹配的用户名/密码(例如hello/hello)都将成功进行身份验证.您可能将根据SQL数据库或目录(例如Active Directory或LDAP服务器)进行身份验证. CAS包括所有这些用例以及其他用例的身份验证处理程序,但是Jasig将这些用例组织为子项目,因此您必须从源代码进行Maven构建以使用其中的任何一个(如果您这样做,这将是一个很大的麻烦)问我).关于如何操作的文档可以在https://wiki.jasig.org/display/CASUM/Authentication上找到,但是如果您已经使用Maven进行了设置,那还不错.只需将依赖项添加到包含的pom.xml文件中,然后进行构建即可.
You need to do step 2 because the default authentication handler is only useful for demonstration. Any matching userid / password (e.g. hello / hello) will authenticate successfully. You will probably be authenticating either against a SQL database or a directory such as Active Directory or an LDAP server. CAS includes authentication handlers for all these use cases as well as others, but Jasig organizes these as sub-projects so you'll have to do a Maven build from source to use any of them (which is a big pain in the ass if you ask me). Documentation on how can be found at https://wiki.jasig.org/display/CASUM/Authentication, but if you're already set up with Maven, it's not so bad. Just add a dependency to the included pom.xml file and do your build.
如果您是SSO的新手,可能很难把握住自己的位置,因此,请采取一些小步骤并花一些时间来了解自己在做什么.到目前为止,我所见过的CAS的最佳扩展是在https://www.purdue.edu/apps/account/html/cas_presentation_20110407.pdf上.它提供了具体的细节,包括典型的服务器日志条目,请求和响应的细节以及整个流程的非常清晰的图表.这应该是您所需要了解的一切.
SSO can be hard to get your head around if you're new to it, so take small steps and take time to understand what you're doing. The best expanation of CAS I've seen by far is at https://www.purdue.edu/apps/account/html/cas_presentation_20110407.pdf. It gives concrete details including typical server log entries, details of the requests and responses and a very clear diagram of the overall flow. It should be all you need to understand what's going on.
祝你好运.
这篇关于如何实施SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
