{"id":533,"date":"2018-10-19T03:06:34","date_gmt":"2018-10-19T03:06:34","guid":{"rendered":"http:\/\/www.asianux.org.vn\/?p=533"},"modified":"2018-10-19T03:06:34","modified_gmt":"2018-10-19T03:06:34","slug":"singlesignon-asianux","status":"publish","type":"post","link":"https:\/\/www.asianux.org.vn\/index.php\/2018\/10\/19\/singlesignon-asianux\/","title":{"rendered":"SingleSignOn Asianux"},"content":{"rendered":"<h1>Th\u00f4ng tin chung<\/h1>\n<ul>\n<li>Single sign on framework: Jasig CAS (Central Authentication Service &#8211; <a href=\"http:\/\/www.jasig.org\/cas\" target=\"_blank\" rel=\"noopener\">http:\/\/www.jasig.org\/cas<\/a>).<\/li>\n<\/ul>\n<h1>Ki\u1ebfn th\u1ee9c c\u01a1 b\u1ea3n v\u00e0 T\u00e0i li\u1ec7u<\/h1>\n<ul>\n<li>To\u00e0n b\u1ed9 t\u00e0i li\u1ec7u v\u1ec1 CAS c\u00f3 t\u1ea1i <a href=\"https:\/\/wiki.jasig.org\/display\/CAS\/Home\" target=\"_blank\" rel=\"noopener\">https:\/\/wiki.jasig.org\/display\/CAS\/Home<\/a><\/li>\n<li>IBM WebSphere Portal 6.1 InfoCenter t\u1ea1i <a href=\"http:\/\/publib.boulder.ibm.com\/infocenter\/wpdoc\/v6r1\/index.jsp\" target=\"_blank\" rel=\"noopener\">http:\/\/publib.boulder.ibm.com\/infocenter\/wpdoc\/v6r1\/index.jsp<\/a><\/li>\n<li>Zimbra wiki (http:\/\/wiki.zimbra.com\/)<\/li>\n<li>Zimbra development documentation trong th\u01b0 m\u1ee5c ZimbraServer\/docs\/<\/li>\n<li>OpenLdap (<a href=\"http:\/\/www.openldap.org\/\" target=\"_blank\" rel=\"noopener\">http:\/\/www.openldap.org\/<\/a>)<\/li>\n<li>JAAS v\u00e0 Trust Authentication Interface for WebSphere<\/li>\n<\/ul>\n<h1>S\u01a1 \u0111\u1ed3 tri\u1ec3n khai SSO cho C\u1ed5ng TT\u0110T Asianux v\u00e0 c\u00e1c \u1ee9ng d\u1ee5ng<\/h1>\n<h2>S\u01a1 \u0111\u1ed3 m\u00e1y ch\u1ee7 v\u00e0 \u1ee9ng d\u1ee5ng<\/h2>\n<ul>\n<li>M\u00e1y ch\u1ee7 Portal (www.asianux.org.vn \u2013 IP: ) c\u00e0i \u0111\u1eb7t C\u1ed5ng TT\u0110T Asianux.\n<ul>\n<li>IBM HTTP Server (\/opt\/IBM\/HTTP)<\/li>\n<li>IBM WebSphere Application Server &#8211; WAS 6.1.0.19 (\/opt\/IBM\/WebSphere\/AppServer)<\/li>\n<li>IBM WebSphere Portal v6.1.0.1 (\/opt\/IBM\/WebSphere\/wp_profile)<\/li>\n<li>phpBB v3 (\/opt\/www\/forum)<\/li>\n<\/ul>\n<\/li>\n<li>M\u00e1y ch\u1ee7 Email (mail.asianux.org.vn \u2013 IP: asianux.org.vn\/10.0.0.?) c\u00e0i \u0111\u1eb7t Zimbra Email Server.\n<ul>\n<li>Email Server (\/opt\/zimbra), mailboxd ch\u1ea1y tr\u00ean jetty Application Server (\/opt\/zimbra\/jetty)<\/li>\n<li>Zimbra Internal Ldap (\/opt\/zimbra\/openldap)<\/li>\n<\/ul>\n<\/li>\n<li>M\u00e1y ch\u1ee7 Database (IP trong 10.0.0.?) c\u00e0i \u0111\u1eb7t IBM DB2 LUW v9.<\/li>\n<li>M\u00e1y ch\u1ee7 LDAP v\u00e0 CAS (cas.asianux.org.vn,) c\u00e0i \u0111\u1eb7t OpenLdap Server v\u00e0 CAS Server.\n<ul>\n<li>LDAP (OpenLdap, base: dc=asianux,dc=org,dc=vn)\n<ul>\n<li>Nh\u00e1nh cn=groups,dc=asianux,dc=org,dc=vn ch\u1ee9a c\u00e1c group nh\u00f3m NSD<\/li>\n<li>Nh\u00e1nh cn=people,dc=asianux,dc=org,dc=vn ch\u1ee9a c\u00e1c t\u00e0i kho\u1ea3n NSD<\/li>\n<\/ul>\n<\/li>\n<li>CAS Server (v3, download t\u1ea1i \u0111\u00e2y <a href=\"http:\/\/www.jasig.org\/cas\/download\" target=\"_blank\" rel=\"noopener\">http:\/\/www.jasig.org\/cas\/download<\/a>)\n<ul>\n<li>Application Server: tomcat 6<\/li>\n<li>Th\u01b0 m\u1ee5c c\u00e0i \u0111\u1eb7t \/opt\/CAS<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>S\u01a1 \u0111\u1ed3 tri\u1ec3n khai CAS<\/h2>\n<ul>\n<li>CASifying WebSphere Portal\u00a0: c\u00e0i \u0111\u1eb7t m\u1ed9t CAS Client tr\u00ean WAS d\u1ef1a tr\u00ean c\u01a1 ch\u1ebf Trust Association Interceptor (TAI) interface c\u1ee7a WebSphere.<\/li>\n<li>CASifying Zimbra\u00a0: c\u00e0i \u0111\u1eb7t m\u1ed9t CAS client tr\u00ean Zimbra d\u1ef1a tr\u00ean c\u01a1 ch\u1ebf pre-authentication c\u1ee7a Zimbra.<\/li>\n<li>Khi c\u00e1c \u1ee9ng d\u1ee5ng (portal, email) c\u1ea7n x\u00e1c th\u1ef1c NSD, c\u00e1c CAS client t\u01b0\u01a1ng \u1ee9ng s\u1ebd trao \u0111\u1ed5i v\u1edbi CAS server theo m\u1ed9t giao th\u1ee9c nh\u1ea5t \u0111\u1ecbnh (giao th\u1ee9c CAS). CAS server s\u1ebd x\u00e1c th\u1ef1c d\u1ef1a tr\u00ean c\u1edf s\u1edf d\u1eef li\u1ec7u LDAP v\u00e0 tr\u1ea3 l\u1ea1i k\u1ebft qu\u1ea3 cho c\u00e1c CAS client. C\u00e1c CAS client sau \u0111\u00f3 s\u1ebd ti\u1ebfn h\u00e0nh c\u00f4ng \u0111o\u1ea1n x\u00e1c th\u1ef1c theo c\u01a1 ch\u1ebf n\u1ed9i t\u1ea1i c\u1ee7a m\u1ed7i \u1ee9ng d\u1ee5ng (TAI ho\u1eb7c pre-authentication).<\/li>\n<li>Khi c\u00e1c c\u01a1 s\u1edf d\u1eef li\u1ec7u NSD n\u1ed9i t\u1ea1i (\u1edf \u0111\u00e2y l\u00e0 Zimbra Internal Ldap) thay \u0111\u1ed5i (v\u00ed d\u1ee5\u00a0: th\u00eam, x\u00f3a, thay \u0111\u1ed5i account), c\u1ea7n c\u00f3 m\u1ed9t thao t\u00e1c \u0111\u1ed3ng b\u1ed9 v\u1edbi External Ldap. Ph\u01b0\u01a1ng \u00e1n \u0111\u01a1n gi\u1ea3n nh\u1ea5t l\u00e0 vi\u1ebft m\u1ed9t \u0111o\u1ea1n script \u0111\u1ed3ng b\u1ed9 gi\u1eefa 2 Ldap server v\u00e0 cho ch\u1ea1y theo \u0111\u1ecbnh k\u1ef3.<\/li>\n<\/ul>\n<h1>C\u00e0i \u0111\u1eb7t<\/h1>\n<h2>C\u00e1c b\u01b0\u1edbc c\u00e0i \u0111\u1eb7t<\/h2>\n<ul>\n<li>C\u00e0i \u0111\u1eb7t v\u00e0 thi\u1ebft l\u1eadp LDAP server.<\/li>\n<li>Th\u00eam Ldap Server v\u00e0o Federated Repository c\u1ee7a WebSphere Portal v\u1edbi basedn dc=asianux,dc=org,dc=vn\u00a0 (default Repository c\u1ee7a WPS l\u00e0 file repository, base o=defaultWIMFileBasedRealm).<\/li>\n<li>C\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh CAS server.<\/li>\n<li>C\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh CASifying WebSphere.<\/li>\n<li>C\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh CASifying Zimbra.<\/li>\n<li>C\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh Single Sign Out.<\/li>\n<li>C\u1ea5u h\u00ecnh thay \u0111\u1ed5i login v\u00e0 logout page cho Portal v\u00e0 Email.<\/li>\n<li>C\u00e0i \u0111\u1eb7t plugin Change Password cho Zimbra<\/li>\n<\/ul>\n<h2>Th\u00eam Ldap ngo\u00e0i v\u00e0o WSP Federated Repository<\/h2>\n<ul>\n<li>L\u00e0m theo h\u01b0\u1edbng d\u1eabn trong WebSphere Portal 6.1 Info Center, search \u201cfederated repository\u201d.<\/li>\n<\/ul>\n<h2>CAS Server<\/h2>\n<ul>\n<li>Theo framework CAS chu\u1ea9n, \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh security, CAS server ph\u1ea3i \u0111\u01b0\u1ee3c truy c\u1eadp qua t\u1ea7ng giao th\u1ee9c SSL (https:\/\/), n\u1ebfu kh\u00f4ng c\u00e1c giao d\u1ecbch gi\u1eefa client v\u00e0 server s\u1ebd kh\u00f4ng \u0111\u01b0\u1ee3c ch\u1ea5p nh\u1eadn.<\/li>\n<li>Tuy nhi\u00ean, c\u00e1c server Asianux ch\u01b0a c\u00f3 trusted certificate n\u00ean khi truy c\u1eadp b\u1eb1ng https s\u1ebd hi\u1ec7n l\u00ean th\u00f4ng b\u00e1o (gi\u1ed1ng nh\u01b0 th\u00f4ng b\u00e1o khi v\u00e0o mail.vietsoftware.com).<\/li>\n<li>V\u00ec v\u1eady, t\u1ea1m th\u1eddi ban \u0111\u1ea7u CAS server s\u1ebd \u0111\u01b0\u1ee3c modified \u0111i m\u1ed9t ch\u00fat \u0111\u1ec3 c\u00f3 th\u1ec3 ch\u1ea5p nh\u1eadn giao th\u1ee9c http th\u00f4ng th\u01b0\u1eddng, c\u00e1c CAS client c\u0169ng v\u1eady.<\/li>\n<\/ul>\n<h2>CASifying WebSphere<\/h2>\n<ul>\n<li>L\u00e0m theo h\u01b0\u1edbng d\u1eabn t\u1ea1i <a href=\"https:\/\/wiki.jasig.org\/pages\/viewpage.action?pageId=19314\" target=\"_blank\" rel=\"noopener\">https:\/\/wiki.jasig.org\/pages\/viewpage.action?pageId=19314<\/a> l\u01b0u \u00fd\u00a0 m\u1ea5y th\u00f4ng s\u1ed1 sau:\n<ul>\n<li>D\u00f9ng cas-client v2<\/li>\n<li>&lt;WPSInstallDirectory&gt; = <strong>\/opt\/IBM\/WebSphere\/wp_profile<\/strong><\/li>\n<li><em>S\u1eeda m\u1ed9t ch\u00fat code sau \u0111\u00f3 build l\u1ea1i 2 file CasClientWebsphere-x.x.x.jar v\u00e0 casclient-2.1.1.jar<\/em><\/li>\n<li>Interceptor Classname: <strong>octo.cas.client.websphere.CasTAI511<\/strong><\/li>\n<li>CAS_VALIDATION_URL = <strong>http:\/\/cas.asianux.org.vn\/cas\/serviceValidate<\/strong><\/li>\n<li>PRINCIPAL_PREFIX= <strong>uid=<\/strong> (l\u01b0u \u00fd d\u1ea5u b\u1eb1ng = \u1edf cu\u1ed1i)<\/li>\n<li>PRINCIPAL_SUFFIX =<strong> ,dc=asianux,dc=org,dc=vn<\/strong> (l\u01b0u \u00fd d\u1ea5u ph\u1ea3y , \u1edf \u0111\u1ea7u)<\/li>\n<li>STORE_PROXY_TICKET= <strong>false<\/strong> (ch\u01b0a d\u00f9ng c\u01a1 ch\u1ebf proxy ticket)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>CASifying Zimbra<\/h2>\n<ul>\n<li>L\u00e0m theo h\u01b0\u1edbng d\u1eabn t\u1ea1i <a href=\"https:\/\/wiki.jasig.org\/display\/CAS\/CASifying+Zimbra+6.0\" target=\"_blank\" rel=\"noopener\">https:\/\/wiki.jasig.org\/display\/CAS\/CASifying+Zimbra+6.0<\/a> l\u01b0u \u00fd:\n<ul>\n<li>D\u00f9ng cas-client v3.1<\/li>\n<li>S\u1eeda l\u1ea1i m\u1ed9t ch\u00fat code v\u00e0 build l\u1ea1i file cas-client-core-3.1.x.jar<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Single Sign Out<\/h2>\n<ul>\n<li>SSOut l\u00e0 m\u1ed9t \u1ee9ng d\u1ee5ng web nh\u1ecf d\u00f9ng \u0111\u1ec3 \u0111\u0103ng xu\u1ea5t (logout) ra t\u1ea5t c\u1ea3 c\u00e1c \u1ee9ng d\u1ee5ng (portal, email, cas) c\u00f9ng m\u1ed9t l\u00fac khi c\u00f3 m\u1ed9t \u1ee9ng d\u1ee5ng logout.<\/li>\n<li>C\u00e0i \u0111\u1eb7t tr\u00ean c\u00f9ng m\u00e1y ch\u1ee7 CAS server (c\u00f9ng tomcat, file SingleSignOut.war), \u0111\u1ecba ch\u1ec9 <a href=\"http:\/\/cas.caobang.gov.vn\/SingleSignOut\/CasSSOut\" target=\"_blank\" rel=\"noopener\">http:\/\/cas.asianux.org.vn\/SingleSignOut\/CasSSOut<\/a><\/li>\n<li>File c\u1ea5u h\u00ecnh (config.properties) c\u1ee7a \u1ee9ng d\u1ee5ng n\u00e0y ch\u1ee9a th\u00f4ng tin v\u1ec1\u00a0:\n<ul>\n<li>C\u00e1c \u1ee9ng d\u1ee5ng SSO\u00a0: portal,email,cas<\/li>\n<li>\u0110\u01b0\u1eddng d\u1eabn login v\u00e0 logout c\u1ee7a m\u1ed7i \u1ee9ng d\u1ee5ng<\/li>\n<\/ul>\n<\/li>\n<li>\u0110\u01b0\u1eddng d\u1eabn logout c\u1ee7a portal l\u00e0 <a href=\"http:\/\/cas.caobang.gov.vn\/SingleSignOut\/CasSSOut?from=portal\" target=\"_blank\" rel=\"noopener\">http:\/\/cas.asianux.org.vn\/SingleSignOut\/CasSSOut?from=portal<\/a> v\u00e0 c\u1ee7a email l\u00e0 <a href=\"http:\/\/cas.caobang.gov.vn\/SingleSignOut\/CasSSOut?from=email\" target=\"_blank\" rel=\"noopener\">http:\/\/cas.asianux.org.vn\/SingleSignOut\/CasSSOut?from=email<\/a><\/li>\n<\/ul>\n<h2>Thi\u1ebft l\u1eadp login page cho portal<\/h2>\n<ul>\n<li>M\u1ee5c \u0111\u00edch\u00a0: \u0111\u01b0a file <strong>jsp<\/strong> v\u00e0 s\u1eeda web.xml trong file wps.ear\/wps.ear.<\/li>\n<li>\u0110\u1ec3 l\u00e0m \u0111\u01b0\u1ee3c \u0111i\u1ec1u n\u00e0y ph\u1ea3i \u0111\u00f3ng l\u1ea1i file wps.ear v\u00e0 redeploy l\u1ea1i (<a href=\"http:\/\/publib.boulder.ibm.com\/infocenter\/wpdoc\/v6r1\/index.jsp?topic=\/com.ibm.wp.zos.doc\/admin\/wsrpt_secltpa_redeploy.html\" target=\"_blank\" rel=\"noopener\">http:\/\/publib.boulder.ibm.com\/infocenter\/wpdoc\/v6r1\/index.jsp?topic=\/com.ibm.wp.zos.doc\/admin\/wsrpt_secltpa_redeploy.html<\/a>).<\/li>\n<\/ul>\n<h2>Thi\u1ebft l\u1eadp logout page cho portal<\/h2>\n<ul>\n<li>M\u1ee5c \u0111\u00edch: thi\u1ebft l\u1eadp \u0111\u01b0\u1eddng d\u1eabn logout v\u1ec1 \u0111\u1ecba ch\u1ec9 Single Sign Out.<\/li>\n<li>L\u00e0m theo h\u01b0\u1edbng d\u1eabn (<a href=\"http:\/\/publib.boulder.ibm.com\/infocenter\/wpdoc\/v6r1\/index.jsp?topic=\/com.ibm.wp.exp.doc_v6101\/security\/sec_chg_login.html\" target=\"_blank\" rel=\"noopener\">http:\/\/publib.boulder.ibm.com\/infocenter\/wpdoc\/v6r1\/index.jsp?topic=\/com.ibm.wp.exp.doc_v6101\/security\/sec_chg_login.html<\/a>):<\/li>\n<\/ul>\n<p>redirect.logout=true<\/p>\n<p>redirect.logout.ssl=false<\/p>\n<p>redirect.logout.url=<a href=\"http:\/\/cas.caobang.gov.vn\/SingleSignOut\/CasSSOut?from=portal\" target=\"_blank\" rel=\"noopener\">http:\/\/cas.asianux.org.vn\/SingleSignOut\/CasSSOut?from=portal<\/a><\/p>\n<h2>Thi\u1ebft l\u1eadp logout page cho Zimbra<\/h2>\n<ul>\n<li>M\u1ee5c \u0111\u00edch: thi\u1ebft l\u1eadp \u0111\u01b0\u1eddng d\u1eabn logout v\u1ec1 \u0111\u01b0\u1eddng d\u1eabn <a href=\"http:\/\/cas.caobang.gov.vn\/SingleSignOut\/CasSSOut?from=email\" target=\"_blank\" rel=\"noopener\">http:\/\/cas.asianux.org.vn\/SingleSignOut\/CasSSOut?from=email<\/a><\/li>\n<li>C\u00e1ch l\u00e0m \u0111\u00e3 n\u00eau trong ph\u1ea7n CASifying Zimbra (thi\u1ebft l\u1eadp <strong>zimbraWebClientLogoutURL<\/strong> b\u1eb1ng zmprov).<\/li>\n<\/ul>\n<h2>ChangeExtLdapPassword<\/h2>\n<ul>\n<li>C\u01a1 ch\u1ebf Change password listener cho ph\u00e9p vi\u1ebft c\u00e1c Zimbra extensions th\u1ef1c hi\u1ec7n m\u1ed9t s\u1ed1 thao t\u00e1c tr\u01b0\u1edbc ho\u1eb7c sau khi password \u0111\u01b0\u1ee3c \u0111\u1ed5i trong internal Zimbra LDAP server (<a href=\"http:\/\/bugzilla.zimbra.com\/attachment.cgi?id=22251\" target=\"_blank\" rel=\"noopener\">http:\/\/bugzilla.zimbra.com\/attachment.cgi?id=22251<\/a>).<\/li>\n<li>ChangeExtLdapPassword extension s\u1eed d\u1ee5ng c\u01a1 ch\u1ebf Change password listener \u0111\u1ec3 \u0111\u1ed5i password \u1edf external LDAP \u0111\u1ed3ng th\u1eddi v\u1edbi thao t\u00e1c \u0111\u1ed5i password b\u00ean trong Zimbra.<\/li>\n<li>C\u00e0i \u0111\u1eb7t (xem <a href=\"http:\/\/blog.zimbra.com\/blog\/archives\/2010\/04\/extending-zimbra-with-server-extensions.html\" target=\"_blank\" rel=\"noopener\">http:\/\/blog.zimbra.com\/blog\/archives\/2010\/04\/extending-zimbra-with-server-extensions.html<\/a>)\n<ul>\n<li>Build ChangeExtLdapPasswordExt.jar.<\/li>\n<li>T\u1ea1o th\u01b0 m\u1ee5c \/opt\/zimbra\/lib\/changeExtLdapPassword v\u00e0 copy ChangeExtLdapPasswordExt.jar v\u00e0o \u0111\u00f3.<\/li>\n<li>Restart Zimbra.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Th\u00f4ng tin chung Single sign on framework: Jasig CAS (Central Authentication Service &#8211; http:\/\/www.jasig.org\/cas). Ki\u1ebfn th\u1ee9c c\u01a1 b\u1ea3n v\u00e0 T\u00e0i li\u1ec7u To\u00e0n b\u1ed9 t\u00e0i li\u1ec7u v\u1ec1 CAS c\u00f3 t\u1ea1i https:\/\/wiki.jasig.org\/display\/CAS\/Home IBM WebSphere Portal 6.1 InfoCenter&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-533","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/comments?post=533"}],"version-history":[{"count":1,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/533\/revisions"}],"predecessor-version":[{"id":534,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/533\/revisions\/534"}],"wp:attachment":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/media?parent=533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/categories?post=533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/tags?post=533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}