先学者为师

step1:下载

server: http://www.ja-sig.org/downloads/cas/cas-server-3.2-release.zip
client(有两个版本,一个是Yale的client,一个是ja-sig最新的,给出最新的):

http://www.ja-sig.org/downloads/cas-clients/cas-client-3.1.1-release.zip

CAS的服务端安装很简单,它的服务就是一个独立的war包,在解压包里找到cas-server-webapp-3.2.war文件copy的你的tomcat中,我的tomcat为5.5版本.

Step 2: 使用keytool配置web服务器的ssl支持

因为CAS服务器端需要https的支持,所以在部署的web服务器上要开启ssl支持，这样就要提供访问的证书。
操作如下:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Program Files\Java\jdk1.5.0_11\bin>keytool -genkey -alias tomcatsso -keypass changeit -keyalg RSA
Enter keystore password:  changeit
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  sino
What is the name of your organization?
  [Unknown]:  sino
What is the name of your City or Locality?
  [Unknown]:  beijing
What is the name of your State or Province?
  [Unknown]:  beijing
What is the two-letter country code for this unit?
  [Unknown]:  CN
Is CN=localhost, OU=Information Systems, O=Pacific Disaster Center, L=Kihei, ST=HI, C=US correct?
  [no]:  yes

说明：命令行的-alias别名参数你可以随意设置，但是要记住这个别名是后面操作(查看，导入，导出，删除，添加)该证书的唯一id，执行到这里你可以查看你的系统用户目录里面会产生一个.keystore的文件，记住这个路径，或者我是直接改个名字tomcatsso.keystore然后放到了tomcat的conf目录里面，后面会用到。还有就是What is your first and last name?这个问题,答案一定要填写你本机hosts里面对应的主机名，不然后面使用CAS的时候会出现错误。

C:\Program Files\Java\jdk1.5.0_11\bin>keytool -export -alias tomcatsso -keypass changeit -file tomcatsso_server.crt
Enter keystore password: changeit
Certificate stored in file <server.crt>

说明：这里会在你当前的路径下产生一个tomcatsso_server.crt，这个是服务端的数字签名文件

C:\Program Files\Java\jdk1.5.0_11\bin>keytool -import -file tomcatsso_server.crt -keypass changeit -keystore ..\jre\lib\security\cacerts
Enter keystore password: changeit
Owner: CN=localhost, OU=sino, O=sino, L=beijing, ST=beijing, C=CN
Issuer: CN=localhost, OU=sino, O=sino, L=beijing, ST=beijing, C=CN
Serial number: 462030d8
Valid from: Fri Apr 13 15:39:36 HST 2007 until: Thu Jul 12 15:39:36 HST 2007
Certificate fingerprints:
MD5: CC:3B:FB:FB:AE:12:AD:FB:3E:D 5:98:CB:2E:3B:0A:AD
SHA1: A1:16:80:68:39:C7:58:EA:2F:48:59:AA:1D:73:5F:56:78:CE:A4:CE
Trust this certificate? [no]: yes
Certificate was added to keystore

说明：把之前生成的数字签名证书导入到java的信任域里面

你也可以用keytool来查询系统中已经添加的安全认证
C:\Program Files\Java\jdk1.5.0_11\bin>keytool -list -keypass changeit -keystore ..\jre\lib\security\cacerts

或者删除

C:\Program Files\Java\jdk1.5.0_11\bin>keytool -delete -alias tomcatsso -keypass changeit -keystore ..\jre\lib\security\cacerts

Step3：配置tomcat

打开conf/server.xml文件，找到<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->这行，把下面的Connector的注释去掉，开启ssl支持。
配置一个truststoreFile属性，值就是你的cacerts文件的路径，给出xml：

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               keystoreFile="E:/apache-tomcat5.5/conf/tomcatsso.keystore"
               keystorePass="changeit"
               truststoreFile="C:/Program Files/Java/jdk1.5.0_04/jre/lib/security/cacerts"
               URIEncoding="UTF-8"
               clientAuth="false" sslProtocol="TLS" />

打开浏览器，安装好证书，访问https://localhost:8443，看看，是不是小猫出来了^ ^
部署好cas-server-webapp-3.2.war，访问https://localhost:8443/cas/login，看看，CAS登录的页面是不是也该出来了 ^ ^