更新时间:2023-12-04 23:08:16
我在这里做了一些假设,所以请让我知道,如果我要去的目标:
I'm making a few assumptions here, so please let me know if I'm off target:
在你的CAS源代码树,你需要更改下列文件:
Within your CAS source tree, you'll need to make changes to the following files:
的pom.xml:
添加以下在<依赖>
:
<!-- LDAP support -->
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${project.version}</version>
</dependency>
deployerConfigContext.xml里:
重新配置认证左撇子:
Reconfigure your Authentication Handers:
&LT;属性名=authenticationHandlers&GT;
。这里面是一个&LT;列表&gt;
了,里面这是(可能)两个&LT;豆...&GT;
元素请这一个:
<property name="authenticationHandlers">
. Inside this is a <list>
, and inside this are (probably) two <bean ...>
elementsKeep this one:
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" />
其他&LT;豆&GT;
(同样,可能)对应于身份验证您正在使用当前的方法。 (我不清楚依据的问题,因为有几个方法
CAS可以做到这一点,而无需使用外部服务。默认值是SimpleTestUsernamePasswordAuthenticationHandler,这个认证,只要用户名相同的密码)。替换&LT;豆&GT;
与
The other <bean>
(again, probably) corresponds to the current method of authentication you're using. (I'm not clear based upon the question, as there are several ways
CAS can do this without using external services. The default is SimpleTestUsernamePasswordAuthenticationHandler, this authenticates as long as username is equal to password). Replace that <bean>
with:
<!-- LDAP bind Authentication Handler -->
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u" />
<property name="searchBase" value="{your LDAP search path, e.g.: cn=users,dc=example,dc=com}" />
<property name="contextSource" ref="LDAPcontextSource" />
<property name="ignorePartialResultException" value="yes" /> <!-- fix because of how AD returns results -->
</bean>
根据您的广告配置修改searchBase属性。
Modify the "searchBase" property according to your AD configuration.
创建上下文来源为LDAP:
Create a Context Source for LDAP:
添加这个地方的根目录中&LT;豆类&GT;
元素:
<bean id="LDAPcontextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="urls">
<list>
<value>{URL of your AD server, e.g.: ldaps://ad.example.com}/</value>
</list>
</property>
<property name="userDn" value="{your account that has permission to bind to AD, e.g.: uid=someuser, dc=example, dc=com}"/>
<property name="password" value="{your password for bind}"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
修改网址,用户DN和密码相应。
Modify "urls", "userDn" and "password" accordingly.
重建CAS服务器,Web应用和尝试。
Rebuild cas-server-webapp and try it.