发布时间: 2014-02-10 00:58:00
copied from our wiki page. in Chinese.
搭建步骤
1. 取出代码
$git clone ssh://<换成你的用户名>@gforge.1verge.net:22022/gitroot/m-cas
2. cd rubycas-server
3. cp config/config.example.yml config.yml
4. 编辑config.yml , 这个是最核心的配置,里面的项目很多,但是注释的很全面,所以理解起来很快。
4.1 Change the database driver to mysql2
4.2 最少要有一个认证方式(Authenticator) Configure at least one authenticator
4.3 (可选)You might want to change log.file to something local, so that you don't need root. For example just casserver.log
4.4 (可选)You might also want to disable SSL for now by commenting out the ssl_cert line and changing the port to something like 8888
5. 建立数据库 (记得跟config.yml 文件一致)
$ mysqladmin -u root create casserver
6. 修改现有的Gemfile.
gem "mysql2"
gem "radiustar" # 我们使用 RADIUS的认证方式
7. $ bundle install:
8. $ bundle exec rubycas-server -c config.yml
9. 增加新的 authenticator .
1. $ copy the RADIUS directory files.
2. $新建 authenticate.rb file .e.g.
# lib/authentication_tool.rb
require 'rubygems'
require 'radiustar'
class AuthenticationTool
RADIUT_CLIENT_IP = '10.103.13.121'
RADIUT_SERVER_IP = '10.10.0.20'
PUBLIC_KEY = 'YoukuRadius'
DIRECTORY_FOLDER = '/opt/app/ruby/rubycas-server/lib/radius_dictionary_folder'
def self.authenticate_using_radiut username, password
auth_custom_attr = { 'NAS-IP-Address' => RADIUT_CLIENT_IP }
req = Radiustar::Request.new(RADIUT_SERVER_IP,
{ :dict => Radiustar::Dictionary.new(DIRECTORY_FOLDER) })
begin
reply = req.authenticate(username, password, PUBLIC_KEY, auth_custom_attr)
#reply example: {:code=>"Access-Accept", "Framed-Protocol"=>PPP, "Service-Type"=>Framed-User, "Class
puts "== Radiut reply : #{reply.inspect}"
return reply[:code] == 'Access-Accept'
rescue Exception => e
puts "== exception: #{e.inspect}"
puts "== #{e.backtrace.join("\n")}"
return false
end
end
end
3. 增加 这个文件:
# lib/casserver/authenticators/radius.rb
require 'rubygems'
require 'radiustar'
require 'authentication_tool'
require 'casserver/authenticators/base'
# 定制的Radius 验证
module CASServer
module Authenticators
class Radius <
CASServer::Authenticators::Base
def validate(credentials)
read_standard_credentials(credentials)
return false if @password.blank?
return AuthenticationTool.authenticate_using_radiut(@username, @password)
end
end
end
end
4. 为 lib/casserver.rb 加上一行:
CASServer::Authenticators.autoload :Radius, 'casserver/authenticators/radius.rb'
Back