Hadoop生态圈-单点登录框架之CAS(Central Authentication Service)部署

        Hadoop生态圈-单点登录框架之CAS(Central Authentication Service)部署

                                         作者:尹正杰 

版权声明:原创作品,谢绝转载!否则将追究法律责任。

 

 

 

一.CAS简介

  CAS(Central Authentication Service)是一款十分流行的单点登录框架。单点登录(Single Sign On,SSO)是服务于惬意业务整合的解决方案之一,SSO使得在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。

  CAS从架构上粉我饿CAS Server和CAS client两个部分,CAS Server是统一的认证服务器,所有未经授权的请求都会重定向到这里进行认证。而CAS Client则代表需要通过CAS Server进行认证的用用服务。

  CAS的整个认证流程如下图所示,CAS Client与受保护的客户端应用部署在一起,以Filter(过滤器)的形式保护手保护的资源。 

  1>.对于访问受保护的资源每个Web请求,CAS Clint会分析这些HTTTP请求是否包含Service Ticket ,如果没有则说明当前用户尚未登录;

  2>.如果用户尚未登录,CAS Client会将请求重定向到指定好的CAS Server登录地址,并传递Service地址(也就是要访问的目的资源地址),以便登录成功过后转回该地址;

  3>.用户在第3步认证信息,如果登录成功,CAS Server随机产生一个长度相等且唯一,不可伪造的Service Ticket;

  4>.之后系统自动重定向到Service所在地址,并为客户端浏览器设置一个Ticket Granted Cookie(TGC);

  5>.CAS Client在拿到Service地址和新产生的Ticket之后,在第5步和第6步中与CAS Server进行身份校验以确保Service Ticket的合法性。

  在该协议中,所有与CAS的交互均采用SSL协议,确保Service Ticket 和TGC的安全性。协议在工作过程中会有两次重定向的过程,但CAS Client与CAS Server之间进行Ticket验证的过程对于用户是透明的。

 

 

二.安装CAS-Server

1>.下载安装包

  首先下载CAS的程序包,我们使用CAS 4.0版本进行安装,程序下载地址是:https://github.com/apereo/cas/releases/tag/v4.0.0。下载之后会得到一个名为cas-server-4.0.0-release.zip的压缩包,请确保将其解压到Ambari-Server所在的服务器上的任意目录。这么做的原因是因为在集成单点登录的时候,Ranger,Ambari-Service,Knox Gateway和CAS-Sever需要安装在同一台服务器上。使用unzip命令对其解压,解压之后会生成一个文件夹。进入到modules目录下找到一个名为“cas-server-webapp-4.0.0.war”的文件,这就是CAS Server 程序,如下图所示,原来CAS Server其实是一个War包程序。

[root@node101 ~]# wget https://github.com/apereo/cas/releases/download/v4.0.0/cas-server-4.0.0-release.zip
--2018-12-18 16:40:15--  https://github.com/apereo/cas/releases/download/v4.0.0/cas-server-4.0.0-release.zip
Resolving github.com (github.com)... 52.74.223.119, 13.229.188.59, 13.250.177.223
Connecting to github.com (github.com)|52.74.223.119|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/2352744/3dbe1b3a-8863-11e4-9274-f93d7d695c3f?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20181218%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20181218T102451Z&X-Amz-Expires=300&X-Amz-Signature=4010bdfa010e2790b79fb81fa28dadad52f8499263400dad68100ea4b131ee88&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dcas-server-4.0.0-release.zip&response-content-type=application%2Foctet-stream [following]
--2018-12-18 16:40:16--  https://github-production-release-asset-2e65be.s3.amazonaws.com/2352744/3dbe1b3a-8863-11e4-9274-f93d7d695c3f?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20181218%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20181218T102451Z&X-Amz-Expires=300&X-Amz-Signature=4010bdfa010e2790b79fb81fa28dadad52f8499263400dad68100ea4b131ee88&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dcas-server-4.0.0-release.zip&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.230.235
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.230.235|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 83763248 (80M) [application/octet-stream]
Saving to: ‘cas-server-4.0.0-release.zip100%[=======================================================================================>] 83,763,248   946KB/s   in 1m 44s 

2018-12-18 16:42:01 (788 KB/s) - ‘cas-server-4.0.0-release.zip’ saved [83763248/83763248]

[root@node101 ~]# ll
total 81804
-rw-r--r-- 1 root root 83763248 May 21  2017 cas-server-4.0.0-release.zip
[root@node101 ~]#
[root@node101 ~]# wget https://github.com/apereo/cas/releases/download/v4.0.0/cas-server-4.0.0-release.zip

2>.安装tomcat服务

   我们这里使用的是apache-tomcat-7.0.72版本,下载地址为:http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.72/。

 

[root@node101 ~]# wget  http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.72/bin/apache-tomcat-7.0.72.tar.gz
[root@node101 ~]# 
[root@node101 ~]# ll
total 90532
-rw-r--r--  1 root root  8931288 Sep 14  2016 apache-tomcat-7.0.72.tar.gz
drwxrwxrwx 25 root root     4096 May 12  2014 cas-server-4.0.0
-rw-r--r--  1 root root 83763248 May 21  2017 cas-server-4.0.0-release.zip
[root@node101 ~]# 
[root@node101 ~]# tar -xf apache-tomcat-7.0.72.tar.gz -C /yinzhengjie/softwares/
[root@node101 ~]# 
[root@node101 ~]# cp cas-server-4.0.0/modules/cas-server-webapp-4.0.0.war /yinzhengjie/softwares/apache-tomcat-7.0.72/webapps/ 
[root@node101 ~]# 
[root@node101 ~]# ll /yinzhengjie/softwares/apache-tomcat-7.0.72/webapps/
total 24476
-rw-r--r--  1 root root 25038970 Dec 19 08:53 cas-server-webapp-4.0.0.war
drwxr-xr-x 14 root root     4096 Dec 19 08:51 docs
drwxr-xr-x  7 root root     4096 Dec 19 08:51 examples
drwxr-xr-x  5 root root     4096 Dec 19 08:51 host-manager
drwxr-xr-x  5 root root     4096 Dec 19 08:51 manager
drwxr-xr-x  3 root root     4096 Dec 19 08:51 ROOT
[root@node101 ~]#

 

3>.

 

三.

posted @ 2018-12-14 21:24  尹正杰  阅读(3102)  评论(1编辑  收藏  举报