Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
siwei
/
web-server
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Branch: master
Branch-ok Tag-ek
web-server
/
doc
/
en
/
user
/
source
/
security
/
tutorials
/
cas
/
index.rst

index.rst 2.2 KB
Állandó hivatkozás Előzmények Nyers

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. .. _security_tutorials_cas:
    2. 

  2. 

  3. Authentication with CAS
    4. 

  4. =======================
    5. 

  5. 

  6. This tutorial introduces GeoServer CAS support and walks through the process of
    7. 

  7. setting up authentication against a CAS server. It is recommended that the 
    8. 

  8. :ref:`security_auth_chain` section be read before proceeding. Reference information on cas setup
    9. 

  9. is also available :ref:`cas`.
    10. 

  10. 

  11. CAS server certificates
    12. 

  12. -----------------------
    13. 

  13. 

  14. A running `CAS server <https://apereo.github.io/cas/5.3.x/index.html>`_ is needed. 
    15. 

  15. 

  16. The first step is to import the server certificates into the GeoServer JVM.
    17. 

  17. 

  18. If you need to export the `CRT` from the CAS server, you must execute the following 
    19. 

  19. command on the server JVM:: 
    20. 

  20. 

  21.   keytool -export -alias <server_name> -keystore <cas_jvm_keystore_path> -file server.crt
    22. 

  22. 

  23. Once you have the `server.crt` file, the procedure to import the certificate into 
    24. 

  24. the JVM is the following one::
    25. 

  25. 

  26.   keytool -import -trustcacerts -alias <server_name> -file server.crt -keystore <path_to_JRE_cacerts>
    27. 

  27. 

  28. Enter the keystore password and confirm the certificate to be trustable.
    29. 

  29. 

  30. Configure the CAS authentication provider
    31. 

  31. ------------------------------------------
    32. 

  32. 

  33. #. Start GeoServer and login to the web admin interface as the ``admin`` user.
    34. 

  34. #. Click the ``Authentication`` link located under the ``Security`` section of
    35. 

  35.    the navigation sidebar.
    36. 

  36. 

  37.     .. figure:: images/cas1.jpg
    38. 

  38.        :align: center
    39. 

  39. 

  40. #. Scroll down to the ``Authentication Filters`` panel and click the ``Add new`` link.
    41. 

  41. 

  42.     .. figure:: images/cas2.jpg
    43. 

  43.        :align: center
    44. 

  44. 

  45. #. Click the ``CAS`` link.
    46. 

  46. 

  47.     .. figure:: images/cas3.jpg
    48. 

  48.        :align: center
    49. 

  49. 

  50. #. Fill in the fields of the settings form as follows:
    51. 

  51. 

  52.     .. figure:: images/cas4.jpg
    53. 

  53.        :align: center
    54. 

  54.    
    55. 

  55. #. Update the filter chains by adding the new CAS filter. 
    56. 

  56. 

  57.    .. figure:: images/cas5.jpg
    58. 

  58.       :align: center
    59. 

  59. 

  60. #. Select the CAS Filter for each filter chain you want to protect with CAS. 
    61. 

  61. 

  62.    .. figure:: images/cas6.jpg
    63. 

  63.       :align: center
    64. 

  64. 

  65.    Be sure to select and order correctly the CAS Filter.
    66. 

  66. 

  67. #. Save.
    68. 

  68. 

  69. Test a CAS login
    70. 

  70. -----------------
    71. 

  71. 

  72. #. Navigate to the GeoServer home page and log out of the admin account. 
    73. 

  73. #. Try to login again, you should be able now to see the external CAS login form.
    74. 

  74. 

  75.    .. figure:: images/cas7.jpg
    76. 

  76.       :align: center
    77.