致远OA产品在V5.1版本已经内置了大部分的CAS相关的配置,对于CAS服务器来说,OA服务器就是CAS服务器的客户端,具体如下:
-
打开webapps\seeyon\WEB-INF\web.xml文件,在第一个filter前添加如下配置:
<!-- ======================== 单点登录开始 ======================== --> <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置--> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- 该过滤器用于实现单点登出功能,可选配置。 --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责对Ticket的校验工作,必须启用它 --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> com.seeyon.cmp.authentication.cas.client.validation.CMPReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://m1.ssodemo.com:8443/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://oa.ssodemo.com:8082</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 --> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- ======================== 单点登录结束 ======================== -->
注意:有两个变量要根据部署环境的变化进行修改:
casServerUrlPrefix:CAS服务器地址
serverName:OA服务器自己的地址
-
打开webapps\seeyon\WEB-INF\cfgHome\plugin\cmp\login.xml文件,修改配置如下:
<?xml version="1.0" encoding="UTF-8"?> <login> <bean class="com.seeyon.cmp.authentication.CTPUsernamePasswordLoginAuthentication" before="com.seeyon.ctp.login.auth.DefaultLoginAuthentication" /> <!-- <bean class="com.seeyon.cmp.authentication.CTPTicketLoginAuthentication" before="com.seeyon.ctp.portal.sso.login.SSOTicketLoginAuthentication" /> --> </login>
关闭并保存文件。
-
打开webapps\seeyon\WEB-INF\cfgHome\plugin\cmp\spring\spring-cmp-authentication.xml,修改配置如下:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans default-autowire="byName"> <bean id="cmpSSOLogout" class="com.seeyon.cmp.authentication.CMPSSOLogout" singleton="true"> <property name="ssoAuthentication" ref="cmpUsernamePasswordCASAuthentication" /> </bean> <bean id="cmpUsernamePasswordAuthentication" class="com.seeyon.cmp.authentication.cas.CMPUsernamePasswordCASAuthentication" singleton="true"> <property name="serverUrl" value="https://m1.ssodemo.com:8443/cas/v1/tickets/" /> </bean> <bean id="cmpTicketValidation" class="com.seeyon.cmp.authentication.cas.CMPTicketCASValidation" singleton="true"> <property name="serverUrl" value="https://m1.ssodemo.com:8443/cas/v1/tickets/" /> <property name="serviceUrl" value="http://oa.ssodemo.com:8082/seeyon/ajax.do" /> </bean> </beans>
注意:该配置在文件中已经默认存在,这里只需修改serverUrl和serviceUrl地址即可,与web.xml中访问的域名一致,修改完成以后关闭并保存文件。
至此,OA部分的配置已经全部完成,使用OA用户名和密码登录成功,则返回值中会包含ticket,这个ticket将用于其他第三方应用进行登录认证: