CAS – unified SSO authentication 3. X connect mysql or postgre for authentication (2)

Time:2022-5-24

CAS – unified SSO authentication 3. X connect mysql or postgre for authentication (2)

background

Single sign on (SSO) is a one-time authentication login of users. When a user logs in on the identity authentication server once, he can gain access to other associated systems and application software in the single sign on system. At the same time, this implementation does not require the administrator to modify the user’s login status or other information, which means that in multiple application systems, users can access all mutually trusted application systems with only one login. This method reduces the time consumption caused by login and assists user management. It is more popular at present.

There are many use scenarios for single sign on. Systems with C / s and B / s architectures can be used. They usually support rapid configuration.

At present, there are many ways to realize SSO in the industry. In the TOC scenario, Internet companies usually use the oauth2 protocol, while in the tob scenario, there are usually hundreds of companies, supporting both oauth2, CAS and LDAP. The main reason is that in the tob scenario, the system that needs to interface with SSO usually supports only one protocol, and this kind of system is not the same protocol.

In my current situation, there are both TOC and tob scenarios. In this case, I began to integrate various protocols in the industry. This series of articles will record various protocols in the industry from foundation to depth, from construction to secondary development, and sort them out and share them with you.

brief introduction

CAS is the abbreviation of central authentication service, central authentication service, an independent open instruction protocol. CAS isYale UniversityAn open source project initiated by Yale University aims to provide a reliable solution for web application systemsSingle sign onMethods CAS officially became a project of ja-sig in December 2004.

Its main structure consists of CAS server and CAS client. The following figure is the official structure diagram, which can be understood as a reference.

CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

Main structure png

environment

In this chapter, we build the CAS server in the figure above. The main environments used are as follows

Server system: Windows 10

Environmental Science:OpenJDK 11

Web middleware:tomcat9

CAS Server:6.3.x

Database: MariaDB or PostgreSQL

Fast packageopenjdk11+tomcat9+CASServer.tar

text

In SSO unified identity authentication – CAS server installation and startup (I), we talked about how to install and start CAS server locally and complete the login behavior with the default account and password. In this article, we will use JDBC protocol to connect to the database and use the users to log in.

1. Create the database and related table structure we need to use in local mysql.

mysql> create database business;
Query OK, 1 row affected (0.00 sec)

mysql> use business;
Database changed
mysql> CREATE TABLE `t_user_info` (
  `id` int(11) NOT NULL AUTO_ Increment comment 'number',
  `Userid ` varchar (20) not null comment 'user account',
  `Username ` varchar (20) default null comment 'username',
  `PWD ` varchar (32) not null comment 'password',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
Query OK, 0 rows affected (0.38 sec)

2. Insert some accounts for our next test in the database, and set their passwords to 123456

mysql> insert into t_user_info (userid,username,pwd) values('test001','aaa',MD5('123456'));
Query OK, 1 row affected (0.05 sec)
mysql> insert into t_user_info (userid,username,pwd) values('test002','bbb',MD5('123456'));
Query OK, 1 row affected (0.05 sec)
mysql> insert into t_user_info (userid,username,pwd) values('test003','ccc',MD5('123456'));
Query OK, 1 row affected (0.04 sec)
mysql> insert into t_user_info (userid,username,pwd) values('test004','ddd',MD5('123456'));
Query OK, 1 row affected (0.02 sec)
mysql> 

3. In the idea – CAS server project, we open Src / main / resources / application Properties file, and add configuration parameters at the bottom to set it to use MD5 algorithm for password verification. Add the configuration according to the PG or MariaDB currently used.

##
#PG database configuration
#
# cas.authn.jdbc.query[0].url=jdbc:mariadb://127.0.0.1:5432/business?application-name=cas
# cas.authn.jdbc.query[0].user=posrtres
# cas.authn.jdbc.query[0].password=123456
# cas.authn.jdbc.query[0].sql=SELECT pwd FROM t_user_info WHERE userid=?
# cas.authn.jdbc.query[0].fieldPassword=pwd
# cas.authn.jdbc.query[0].driverClass=org.postgresql.Driver
# cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
# cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
# cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5

##
#MariaDB database configuration
#
cas.authn.jdbc.query[0].url=jdbc:mariadb://127.0.0.1:3306/business?characterEncoding=UTF-8&application-name=cas
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=123456
cas.authn.jdbc.query[0].sql=SELECT pwd FROM t_user_info WHERE userid=?
cas.authn.jdbc.query[0].fieldPassword=pwd
cas.authn.jdbc.query[0].driverClass=org.mariadb.jdbc.Driver
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5

#Set security to false
cas.tgc.secure=false
#Enable JSON file recognition. The default is false
cas.serviceRegistry.initFromJson=true

4. Open the root directory of the current project/ build. Gradle adds the JDBC package reference and the package reference of the corresponding database.

//Find the position of this part in the file and add the last three lines below at the bottom of the file
dependencies {
    ......
    // CAS dependencies/modules may be listed here statically...
    implementation "org.apereo.cas:cas-server-webapp-init:${casServerVersion}"
    
    implementation "org.apereo.cas:cas-server-support-jdbc:${casServerVersion}"
    implementation "org.apereo.cas:cas-server-support-jdbc-drivers:${casServerVersion}"
    // implementation "org.postgresql:postgresql:42.2.23"
    // https://mvnrepository.com/artifact/org.mariadb.jdbc/mariadb-java-client
    implementation 'org.mariadb.jdbc:mariadb-java-client:2.7.3'
}

If you don’t know what JDBC package you should use, you can go toMaven siteFind.

CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

image-20210715110101351

Note: you can also set the source we download here. The default is the Maven address configured under repositories. If necessary, you can add Alibaba’s source here. If I use a ladder, I won’t set it.

CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

image-20210715110442604

5. Execute recompilation to automatically pull down the JDBC package, and synchronously compile into the configuration just added.

In the terminal at the bottom of the idea, enter the project root directory and execute gradlew bat build

Gradley does not need to be pre installed locally when gradley is executed.

CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

image-20210715111024424

If you have installed gradle, you can click according to the prompt in the figure below.

CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

image-20210715110644740

Select gradle build.

CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

image-20210715110733038

6. Start the program again and conduct the access test. The successful startup method is the same as that in the previous section.

CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

image-20210715111422562

Auto open address:http://localhost:8080/cas_war/login

CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

image-20210715111442603

Enter the test account to access

CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

image-20210715111458079
CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

image-20210715111530915
CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

image-20210715111603224

The generated bill is successfully seen in the background log.

So far, our docking with MariaDB and PostgreSQL has completed the core setting. Using MySQL is the same. Just replace the JDBC string, driver and jar package.

In the next section, we will jointly study how to add HTTPS on this basis and how to apply for a free certificate.

This document declares that:

CAS - unified SSO authentication 3. X connect mysql or postgre for authentication (2)

Knowledge sharing license agreement
This work is byCn HuashaouseCreative Commons Attribution – non commercial use 4.0 international license agreementLicense.