I think that you have not configured CAS user with IDM account: Read this:
For every person you want to be able to allow to log in through CAS, you must assign the CAS resource to their IDM account. If CAS authentication succeeds but they don't have the CAS resource assigned, you will probably see a Java exception being thrown on the IDM server when CAS redirects to IDM See more on the URL :http://www.ja-sig.org/wiki/display/CAS/CASifying+Sun+Identity+Manager Regards, Shivani. On Tue, Dec 2, 2008 at 10:35 PM, Michael A Jones <[EMAIL PROTECTED]>wrote: > Thanks for that. Well so far I can confirm that CAS in my circumstances > is about 70% working in IDM version 8. I have got a trace of the error being > generated at my IDM login screen and wondered if anyone has seen this error > before and can offer any advice, before I start delving deeper into the java > code involved. The trace error is as follows: > > > > WavesetException: > > com.waveset.util.WavesetException: Authentication failed using CAS > > at > com.waveset.util.WavesetException.checkBreakpoint(WavesetException.java:497) > > at > com.waveset.util.WavesetException.<init>(WavesetException.java:193) > > at > edu.ucmerced.idm.adapter.CASResourceAdapter.authenticate(CASResourceAdapter.java:439) > > at > com.waveset.adapter.ResourceAdapterProxy.authenticate(ResourceAdapterProxy.java:972) > > at > com.waveset.security.authn.WSResourceLoginModule.login(WSResourceLoginModule.java:153) > > at > com.waveset.session.LocalSession.login(LocalSession.java:1699) > > at > com.waveset.session.LocalSession.login(LocalSession.java:1541) > > at > com.waveset.session.SessionFactory.getSession(SessionFactory.java:820) > > at > com.waveset.ui.web.common.LoginForm.processLogin(LoginForm.java:506) > > at > com.waveset.ui.web.common.LoginForm.process(LoginForm.java:409) > > at > org.apache.jsp.user.login_jsp._jspService(login_jsp.java:232) > > at > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > > at > javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374) > > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342) > > at > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267) > > at > javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > > at > edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:401) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > > at > com.sun.idm.profiler.instrumentation.RequestTimingFilter.doFilter(RequestTimingFilter.java:81) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) > > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > > at java.lang.Thread.run(Thread.java:595) > > > > *From:* [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] *On Behalf Of *Scott Battaglia > *Sent:* 01 December 2008 16:57 > > *To:* Mailing list for CAS developers > *Subject:* Re: [cas-dev] CASifying Sun Identity Manager Help Needed > > > > On Mon, Dec 1, 2008 at 11:01 AM, Michael A Jones <[EMAIL PROTECTED]> > wrote: > > Many thanks. > > > > I have got the CAS system talking to IDM now and getting as far as the IDM > login screen, but getting a general error saying user doesn't exist in CAS > resource. It appears there could be a mismatch somewhere between my users > credentials in IDM and the CAS server resource, which is using Active > Directory. > > > > A few comments to make on getting this far I had to make the following > changes: > > > > 1. I was using the latest CAS client version 3 jar. However this > doesn't work as the paths to the classes have changed, so it only works with > version 2 at present. > > It probably still works. Its just that the configuration is different. > They're not the same library, architecture, or packages. They both support > the CAS1 and CAS2 protocol though. > > -Scott > > > 2. My server has a port number assigned so that was needed in the > server name in the web.xml > > 3. As pointed out the location back to IDM in web.xml needs to be > set to /* > > > > *From:* [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] *On Behalf Of *Shivani Chandna > *Sent:* 29 November 2008 04:05 > *To:* Mailing list for CAS developers > *Subject:* Re: [cas-dev] CASifying Sun Identity Manager Help Needed > > > > You need to give url pattern in web.xml as follows: > > > > <url-pattern>/*</url-pattern> > > instead of > > <url-pattern>http:// my-IDM-Server:8081/idm/user/login.jsp</url-pattern> > > > > Regards, > > Shivani > > On Fri, Nov 28, 2008 at 5:24 PM, Michael A Jones <[EMAIL PROTECTED]> > wrote: > > Hi there, > > > > I am trying to setup SSO to Sun Identity Manager 8.0 through CAS using > instructions posted in the CAS Wiki by the University of California merced. > I successfully got IDM to recognise the custom compiled java class to create > a new CAS resource and associated this with my IDM users. Then associated > this with a new login group, which is set to be used in place of the default > user login. > > I then made the various changes needed in the IDM web.xml and > userLogout.jsp and restarted my tomcat webserver. I then began the process > of testing and below is the URL I use to login to CAS: > > > > > https://mycas-server/cas/login?service=http://my-IDM-Server:8081/idm/user/login.jsp > > > > I login with one of my casified IDM users and a ticket is generated ok, but > then when the system redirects back to the IDM CASified login page I am > getting an HTTP 404 not found page error in my browser, being generated by > my IDM web server. I think the problem is something to do with the IDM > web.xml entry, as in my webserver catalina logs it is reporting an error > with parsing my IDM web.xml as follows: > > > > Invalid <url-pattern> http:// my-IDM-Server:8081/idm/user/login.jsp in > filter mapping > > > > Below is the xml code for my IDM web.xml: > > > > <filter> > > <filter-name>CAS Filter</filter-name> > > > <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> > > <init-param> > > <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> > > <param-value>https://mycas-server/cas/login</param-value> > > </init-param> > > <init-param> > > > <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> > > <param-value>https:// mycas-server > /cas/serviceValidate</param-value> > > </init-param> > > <init-param> > > > <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name> > > <param-value> my-IDM-Server </param-value> > > </init-param> > > > > <!-- wrap request such that getRemoteUser() returns username --> > > <init-param> > > > <param-name>edu.yale.its.tp.cas.client.filter.wrapRequest</param-name> > > <param-value>true</param-value> > > </init-param> > > </filter> > > > > <filter-mapping> > > <filter-name>CAS Filter</filter-name> > > <url-pattern>http://my-IDM-Server:8081/idm/user/login.jsp</url-pattern> > > </filter-mapping> > > > > Could anyone who has managed to get this working or the authors of this > method give some advice. > > > > Regards > > > > Mike Jones > > > > Identity Management Systems Administrator > > e-sig > > University of Hull > > > > > > ***************************************************************************************** > To view the terms under which this email is distributed, please go to > http://www.hull.ac.uk/legal/email_disclaimer.html > > ***************************************************************************************** > _______________________________________________ > cas-dev mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas-dev > > > > > > ***************************************************************************************** > To view the terms under which this email is distributed, please go to > http://www.hull.ac.uk/legal/email_disclaimer.html > > ***************************************************************************************** > _______________________________________________ > cas-dev mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas-dev > > > > > ***************************************************************************************** > To view the terms under which this email is distributed, please go to > http://www.hull.ac.uk/legal/email_disclaimer.html > > ***************************************************************************************** > _______________________________________________ > cas-dev mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas-dev > >
_______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
