搭建ruby cas server (setting up ruby cas server )

访问量: 6845

公司有几个项目要整合,使用单点登录(sso ),所以我在考虑用哪个服务器。 ( Our company is integrating the existing applications using Single Sign On, so I am considering which CAS server to use) 

java 的 jasig cas 服务器,起源于耶鲁大学。 非常有名,之前我也使用过。不过缺点是配置麻烦,还要使用Maven 来编译,定制。  (the CAS server's java implementation: jasig CAS is created by Yalo University. it's famous and I have used it before. It's powerful but complicated in configuration, especially when you want to do some customization, you have to compile it using Maven and have to know its infrastructure classes and source codes. )

考虑到现有的几个项目都是RUBY 项目,公司不缺少RUBY 技术力量,所以我打算用 RUBY CAS SERVER ( https://github.com/rubycas/rubycas-server/wiki/Installation )      ( Since our company does have good Ruby programmers, I decided to choose RUBY CAS server ) 

步骤如下: (Steps: )

1. 取出代码( checkout the ruby codes ) 

 $git clone git://github.com/rubycas/rubycas-server.git 
 2. cd rubycas-server 
 3. cp config/config.example.yml config.yml 

4. 编辑config.yml ( Customize your server by modifying the config.yml file. It is well commented but make sure that you take care of the following: )

4.1 修改数据库,变成 mysql2  # Change the database driver to mysql2

4.2 至少要配置好一个 authenticator #   Configure at least one authenticator

4.3 配置好 log.file #   You might want to change log.file to something local, so that you don't need root. For example just casserver.log

    不要使用 ssl.  把 ssl_cert 一行注释掉。同事,端口改成 非443,例如8888  # You might also want to disable SSL for now by commenting out the ssl_cert line and changing the port to something like 8888

5. 建立数据库: Create the database (i.e.

  $ mysqladmin -u root create casserver  
or whatever you have in config.yml)

6. 修改现有的Gemfile: Modify the existing Gemfile by adding drivers for your database server. For example, if you configured mysql2 in config.yml, add this to the Gemfile:

 
gem "mysql2"  
gem "radiustar"

7. Run $ bundle install: 

 8 $bundle exec rubycas-server -c config.yml

9. 增加新的 authenticator .     

  1. $ copy the RADIUS directory files. 
  2. $ write the authenticate.rb file .e.g.
 

  1 require 'rubygems'
  2 require 'radiustar'
  3 class AuthenticationTool
  4   RADIUT_CLIENT_IP = ''
  5   RADIUT_SERVER_IP = ''
  6   PUBLIC_KEY = 'your-public-secret'
  7   def self.authenticate_using_radiut username, password
  8     auth_custom_attr = { 'NAS-IP-Address' => RADIUT_CLIENT_IP }
  9             
 10     req = Radiustar::Request.new(RADIUT_SERVER_IP,
 11       { :dict => Radiustar::Dictionary.new('lib/radius_dictionarys') })
 12             
 13     begin   
 14       reply = req.authenticate(username, password, PUBLIC_KEY, auth_custom_attr)
 15       #reply example: {:code=>"Access-Accept", "Framed-Protocol"=>PPP, "Service-Type"=>Framed-User, "C
 16       Rails.logger.info "== Radiut reply : #{reply.inspect}"
 17       return reply[:code] == 'Access-Accept'
 18     rescue Exception => e
 19       Rails.logger.error "== exception: #{e.inspect}"
 20       Rails.logger.error "== #{e.backtrace.join("\n")}"
 21       return false
 22     end
 23   end
 24 end

3. 
  1 require 'rubygems'
  2 require 'radiustar'
  3 require 'authentication_tool'
  4 require 'casserver/authenticators/base'
  5 
  6 # 定制的Radius 验证
  7 module CASServer
  8     module Authenticators
  9         class Radius <
 10             CASServer::Authenticators::Base
 11           def validate(credentials)
 12             read_standard_credentials(credentials)
 13             return false if @password.blank?
 14             return AuthenticationTool.authenticate_using_radiut(@username, @password)
 15           end
 16         end
 17     end
 18 end



参考(refer to ) :http://www.iteye.com/topic/212170

订阅/RSS Feed

Subscribe

分类/category