搭建CAS 的简要步骤( setup your CAS )

访问量: 6067

copied from our wiki page. in Chinese.  

搭建步骤
1. 取出代码

$git clone ssh://<换成你的用户名>@gforge.1verge.net:22022/gitroot/m-cas
2. cd rubycas-server

3. cp config/config.example.yml config.yml

4. 编辑config.yml , 这个是最核心的配置,里面的项目很多,但是注释的很全面,所以理解起来很快。

4.1 Change the database driver to mysql2
4.2 最少要有一个认证方式(Authenticator) Configure at least one authenticator
4.3 (可选)You might want to change log.file to something local, so that you don't need root. For example just casserver.log
4.4 (可选)You might also want to disable SSL for now by commenting out the ssl_cert line and changing the port to something like 8888
5. 建立数据库 (记得跟config.yml 文件一致)

$ mysqladmin -u root create casserver
6. 修改现有的Gemfile.

gem "mysql2"
gem "radiustar" # 我们使用 RADIUS的认证方式
7. $ bundle install:

8. $ bundle exec rubycas-server -c config.yml

9. 增加新的 authenticator .

1. $ copy the RADIUS directory files.
2. $新建 authenticate.rb file .e.g.

# lib/authentication_tool.rb
require 'rubygems'
require 'radiustar'
class AuthenticationTool
  RADIUT_CLIENT_IP = '10.103.13.121'
  RADIUT_SERVER_IP = '10.10.0.20'
  PUBLIC_KEY = 'YoukuRadius'
  DIRECTORY_FOLDER = '/opt/app/ruby/rubycas-server/lib/radius_dictionary_folder'
  def self.authenticate_using_radiut username, password
    auth_custom_attr = { 'NAS-IP-Address' => RADIUT_CLIENT_IP }

    req = Radiustar::Request.new(RADIUT_SERVER_IP,
                                 { :dict => Radiustar::Dictionary.new(DIRECTORY_FOLDER) })

    begin
      reply = req.authenticate(username, password, PUBLIC_KEY, auth_custom_attr)
      #reply example: {:code=>"Access-Accept", "Framed-Protocol"=>PPP, "Service-Type"=>Framed-User, "Class
      puts "== Radiut reply : #{reply.inspect}"
      return reply[:code] == 'Access-Accept'
    rescue Exception => e
      puts "== exception: #{e.inspect}"
      puts "== #{e.backtrace.join("\n")}"
      return false
    end
  end
end

3. 增加 这个文件:

# lib/casserver/authenticators/radius.rb
require 'rubygems'
require 'radiustar'
require 'authentication_tool'
require 'casserver/authenticators/base'

# 定制的Radius 验证
module CASServer
  module Authenticators
    class Radius <
      CASServer::Authenticators::Base
      def validate(credentials)
        read_standard_credentials(credentials)
        return false if @password.blank?
        return AuthenticationTool.authenticate_using_radiut(@username, @password)
      end
    end
  end
end


4. 为 lib/casserver.rb 加上一行:

CASServer::Authenticators.autoload :Radius, 'casserver/authenticators/radius.rb'

订阅/RSS Feed

Subscribe

分类/category