CactiEZ中文版10.1與CAS單點登陸

環境

CactiEZ中文版10.1爲網上下載的鏡像，344MB，該鏡像是精簡的CentOS6.0的版本。

cas phpClient爲1.3.3，詳細的使用說明及下載最新版本能夠點擊此處

在虛擬機安裝的CactiEZ中文版10.1鏡像，地址爲:192.168.217.130，使用NAT方式訪問，DHCP獲取的IP地址(若是想訪問外網，能夠將系統自帶的網關刪掉，我安裝以後的默認網關是192.168.0.1，刪了以後就能正常上網了)

過程

1.將下載下載的CAS-1.3.3.tgz解壓文件中的/CAS文件夾和CAS.php複製到/ver/www/html/目下。

2.在/ver/www/html/目下建立一個ssoLogin.php，該名字不是能夠隨便起，也能夠直接修改index.php文件，將原來的內部登陸方法屏蔽掉。

代碼以下：

<?php

/**
 *   Example for a simple cas 2.0 client
 *
 * PHP Version 5
 *
 * @file     example_simple.php
 * @file     ssoLogin.php
 * @category Authentication
 * @package  PhpCAS
 * @author   Joachim Fritschi <jfritschi@freenet.de>
 * @author   Adam Franco <afranco@middlebury.edu>
 * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
 * @link     https://wiki.jasig.org/display/CASC/phpCAS
 */


// Load the cactiEZ lib
include("./include/global.php");
// Load the CAS lib
require_once 'CAS.php';

// Enable debugging
phpCAS::setDebug();

// Initialize phpCAS
// phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
phpCAS::client(CAS_VERSION_2_0, "127.0.0.1", 8080, "/cas");

// For production use set the CA certificate that is the issuer of the cert
// on the CAS server and uncomment the line below
// phpCAS::setCasServerCACert($cas_server_ca_cert_path);

// For quick testing you can disable SSL validation of the CAS server.
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
phpCAS::setNoCasServerValidation();

// force CAS authentication
phpCAS::forceAuthentication();

// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().

// logout if desired
if (isset($_REQUEST['logout'])) {
	phpCAS::logout();
}

// 經過修改的casLogin函數受權
//-------------------------------------start-------------------------------------
$casUser = phpCAS::getUser();

	$username = $casUser;
	$user = db_fetch_row("SELECT * FROM user_auth WHERE username = '" . $username . "'");

	/* Process the user  */
	if (sizeof($user) > 0) {
		cacti_log("LOGIN: User '" . $user["username"] . "' Authenticated", false, "AUTH");
		db_execute("INSERT INTO user_log (username,user_id,result,ip,time) VALUES ('" . $username ."'," . $user["id"] . ",1,'" . $_SERVER["REMOTE_ADDR"] . "',NOW())");
		/* is user enabled */
		$user_enabled = $user["enabled"];
		if ($user_enabled != "on") {
			/* Display error */
			auth_display_custom_error_message("訪問被拒絕,用戶帳戶被禁用.");
			exit;
		}

		/* set the php session */
		$_SESSION["sess_user_id"] = $user["id"];

		/* handle "force change password" */
		if (($user["must_change_password"] == "on") && (read_config_option("auth_method") == 1)) {
			$_SESSION["sess_change_password"] = true;
		}

		/* ok, at the point the user has been sucessfully authenticated; so we must
		decide what to do next */
		$referer = $_REQUEST['logout'];
		if(!$referer){
			$referer = 'index.php';
		}
		header("Location: $referer");
		exit;
	}else{
		/* No guest account defined */
		auth_display_custom_error_message("訪問被拒絕,請聯繫您的CactiEZ管理員.");
		cacti_log("LOGIN: Access Denied, No guest enabled or template user to copy", false, "AUTH");
		exit;
	}


//-------------------------------------end-------------------------------------
// for this test, simply print that the authentication was successfull
?>
<html>
  <head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>歡迎登陸到CactiEZ中文版 | 認證成功</title>
  </head>
  <body>
    <h1>認證成功!</h1>
    <p>the user's login is <b><?php echo $casUser; ?></b>.</p>
    <p>CAS登陸的用戶名爲 <b><?php echo $casUser; ?></b>.</p>
    <p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p>
    <p>phpCAS版本爲 <b><?php echo phpCAS::getVersion(); ?></b>.</p>
	
	<p><a href="index.php">點擊進入主頁</a></p>
    <p><a href="?logout=">註銷</a></p>
	
	<table align="center">
		<?php 
		if ($user_enabled == "0") {?>
		<tr style="height:10px;"><td></td></tr>
		<tr>
			<td colspan="2"><font color="#FF0000"><strong>用戶帳戶已禁用</strong></font></td>
		</tr>
		<?php } ?>
  </body>
</html>

使用瀏覽器訪問 192.168.217.130/ssoLogin.php，見證奇蹟的時候就要到了，若是是chrome，就是白屏，毛也沒有，若是是IE還正常提示500錯誤，解決該問題花費了N長時間啊，緣由很簡單，精簡的鏡像文件缺乏php-dom，而php Client依賴該文件，最簡單的方法是直接安裝

#yum install php-dom

系統會在網上搜索安裝包，安裝完以後重啓httpd服務就能夠正常了。

若是沒有網絡也不要緊，找個CentOS6 X86的鏡像，將該鏡像做爲yum的源安裝，

2）mount CenotOS光驅(系統爲CentOS6 X86)，

$mount /dev/cdrom /media/cdrom/

3）而後配置yum數據源，修改/etc/yum.repos.d/目錄下的文件

$cp /etc/yum.repos.d/CentOS_Base /etc/yum.repos.d/CentOS_Base.bak

屏蔽掉默認的網絡升級方法
修改/etc/yum.repos.d/CentOS_Media
$vim /etc/yum.repos.d/CentOS_Media

$vim /etc/yum.repos.d/CentOS_Media

將其中的enable修改成1
測試效果

$yum list

4）而後安裝php-dom

yum -y install php-dom

5）最後重啓服務

$service httpd restart

以上就是整個實現的思路，其中配置文件可能跟實際過程略有出入。