search

felix-cao / Blog

A little progress a day makes you a big success!
31 stars 4 forks source link

绿联云安装 apereo/cas #222

Open felix-cao opened 4 months ago

felix-cao commented 4 months ago

在 Centos 环境中安装 CAS

1. 搭建 OS 环境

1.1 拉取 centos 7.8 镜像

docker pull daduber/centos7.8.2003:latest

1.2 进入容器

docker exec -it container_id /bin/bash
image

2. 配置系统环境

2.1 安装 JDK 11 配置 JAVA_HOME

请参考 Linux 环境下 JDK 安装及 JAVA_HOME 配置#224

2.2 安装 git

yum install -y git

3. 安装 CAS

3.1 git 获取 CAS 6.2

git clone -b 6.2 --single-branch git@github.com:apereo/cas-overlay-template.git

3.2 配置 cas.properties

cd cas-overlay-template/etc/cas/config
vi cas.properties

配置如下信息:

cas.server.name=https://localhost:8443
cas.server.prefix=${cas.server.name}/cas
server.ssl.key-store=file:/etc/cas/config/thekeystore
server.ssl.key-store-password=changeit
logging.config=file:/etc/cas/config/log4j2.xml
# cas.authn.accept.users=

3.3 创建 thekeystore

进入目录 {project_root}/etc/cas/config 执行

keytool -genkey -keyalg RSA -alias thekeystore -keystore thekeystore -storepass changeit -validity 20000 -keysize 2048
image

3.4 安装依赖,构建

重启所有 java 应用

install all the dependencies and build CAS (this command will copy configuration files from {project_root}/etc/cas/config to /etc/cas/config folder in your OS, make sure you have permission to create and write in this folder.)

cd /opt/cas-overlay-template/

./gradlew clean copyCasConfiguration build
image

PS, 这里有报错, 

Exception in thread "main" java.io.IOException: Downloading from https://services.gradle.org/distributions/gradle-6.4-bin.zip failed: timeout

解决方法: https://blog.csdn.net/2301_78637586/article/details/136110120

./gradlew run
image

3.4 访问成功

Your CAS server is ready, you can access it at your local system: http://localhost:8443/cas/. Maybe you get an SSL error when open this URL. to ignore this error, in Chrome, when you are on the page, type “thisisunsafe”.

You can see the login page of the CAS. There is a default user that you can use to login. Enter “casuser” as the username and “Mellon” as the password.

4. 连接 MySQL 支持账号登录

取消静态配置

#cas.authn.accept.users=casuser::Mellon
#cas.authn.accept.name=Static Credentials

以下为本地数据库配置

cas.authn.jdbc.query[0].url=jdbc:mysql://192.168.0.2:11301/apereo_cas?serverTimezone=UTC&allowMultiQueries=true
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=123456
cas.authn.jdbc.query[0].sql=select password from cas_users where username= ?
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver

建表

CREATE TABLE `cas_users` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `username_UNIQUE` (`username`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;

INSERT INTO `apereo_cas`.`cas_users` (`username`, `password`) VALUES ('aaa', 'e10adc3949ba59abbe56e057f20f883e');
INSERT INTO `apereo_cas`.`cas_users` (`username`, `password`) VALUES ('bbb', 'e10adc3949ba59abbe56e057f20f883e');

参考文档:https://medium.com/swlh/install-cas-server-with-db-authentication-8ff52234f52 CAS github: https://github.com/apereo/cas-overlay-template

felix-cao commented 4 months ago

绿联云安装 Portainer

SSH 登录到绿联NAS 中

docker run -d --restart=always --name="portainer" -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce
felix-cao commented 4 months ago

Docker 方式安装 CAS

拉取镜像

这里最重要的是版本选择 亲试 apereo/cas:7.0.0 这个版本是可以的,对于 apereo/cas:latest 试了很多次都是失败的

制作证书

keytool -genkey -v -keystore cas.keystore -alias androiddebugkey -keyalg RSA -validity 30000

其中密钥密令是: changeit

创建容器

这里最重要的是将证书 cas.keystore 上传至绿联云 space/Docker/apereo_cas/keystore/ 挂载到 /etc/cas/thekeystore

image

其他

官方默认账号登录: 用户名:casuser 密码:Mellon

参考: https://www.cnblogs.com/janes/p/14437787.html

cas 的各个版本: https://hub.docker.com/r/apereo/cas/tags