Andrew/Scott, Okay, I have my Service Manager up and running. I can also log into it and add/delete services. I can't thank everyone enough for the help I've received on this list. So to be clear on the user-sec usage (within an Active Directory configuration of CAS 3.4.10):
<sec:user name="ACTIVE_DIRECTORY_ID_GOES_HERE" password="THIS_FIELD_DOESNT_MATTER" authorities="ROLE_ADMIN" /> The "password" value here doesn't correspond to the AD ID presented under the "name" value. You actually use your AD password as stated by Andrew in his previous reply. I hope someone finds this helpful. Ben Branch Sun Administrator University of Central Oklahoma ITIL Foundation v3, Network+ 100 N. University Drive, Box 122 Edmond, OK 73034 D: 405.974.2649 | M: 405.550.6804 | bbra...@uco.edu | www.uco.edu "If you wish to know your past, look at your present conditions. If you wish to know your future, look at your present actions." - Siddhartha Gautama -----Original Message----- From: Andrew Morgan [mailto:mor...@orst.edu] Sent: Tuesday, November 15, 2011 10:35 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] Service Manager Configuration issue on CAS 3.4.10 You should login to CAS with the username "admin" and whatever your password is for "admin" in your authentication backend, NOT the password "test". The password provided in: <sec:user name="admin" password="test" authorities="ROLE_ADMIN" /> is not used by CAS - it always uses your authentication backend. Andy On Tue, 15 Nov 2011, Ben Branch wrote: > Scott, > > I have reverted my configuration back to the way you have specified: > > <sec:user-service id="userDetailsService"> > <sec:user name="admin" password="test" authorities="ROLE_ADMIN" > /> </sec:user-service> > > When I use this, I get an error message on the services page that says: > "The credentials you provided cannot be determined to be authentic." > > Ben Branch > Sun Administrator > University of Central Oklahoma > ITIL Foundation v3, Network+ > > 100 N. University Drive, Box 122 > Edmond, OK 73034 > D: 405.974.2649 | M: 405.550.6804 | > bbranch@uco.<mailto:bbranch@uco.>edu | > www.uco.edu<http://www.uco.edu/> > > "If you wish to know your past, look at your present conditions. If > you wish to know your future, look at your present actions." - > Siddhartha Gautama > > From: Scott Battaglia [mailto:scott.battag...@gmail.com] > Sent: Tuesday, November 15, 2011 10:21 AM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] Service Manager Configuration issue on CAS > 3.4.10 > > Yes, only the username changed. You're using CAS to control access to the > Services Management Tool, so nothing sees your password OTHER than CAS. > Therefore, the value in the Spring Security configured item is not used. > This would be the same as if you used Spring Security in any of your CASified > applications. Apologies if that was not clear. > > Cheers, > Scott > > On Tue, Nov 15, 2011 at 11:18 AM, Ben Branch > <bbra...@uco.edu<mailto:bbra...@uco.edu>> wrote: > Scott, > > To be sure I'm clear on what you are referring too. > > You're saying that the current config that I have (below) is incorrect?: > <bean id ="userDetailsService" > class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> > <property name="userMap"> > <value> > username=user_name_here,ROLE_ADMIN > </value> > </property> > </bean> > > If the above portion is incorrect, I'm fine with that. What I'm still not > understanding is what are the differences in the following examples you > provided: > > You should replace just this line: > 1.<sec:user name="user_name_here" password="XXXXXXX" > authorities="ROLE_ADMIN" /> > > with something like > 2.<sec:user name="MYNAME" password="XXXXXXX" authorities="ROLE_ADMIN" > /> > > I don't understand the differences here, because it appears nothing has > changed other than the username being provided. With you saying that the > password doesn't matter leads me to believe that this should be setup with > the SimpleTestUsernamePasswordAuthenticationHandler class, which appears to > present a very large security concern. Please correct me if I am > misunderstanding this. > > > > > Ben Branch > Sun Administrator > University of Central Oklahoma > ITIL Foundation v3, Network+ > > 100 N. University Drive, Box 122 > Edmond, OK 73034 > D: 405.974.2649<tel:405.974.2649> | M: 405.550.6804<tel:405.550.6804> > | bbranch@uco.<mailto:bbranch@uco.>edu | > www.uco.edu<http://www.uco.edu/> > > "If you wish to know your past, look at your present conditions. If > you wish to know your future, look at your present actions." - > Siddhartha Gautama > > From: Scott Battaglia > [mailto:scott.battag...@gmail.com<mailto:scott.battag...@gmail.com>] > Sent: Tuesday, November 15, 2011 10:01 AM > > To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> > Subject: Re: [cas-user] Service Manager Configuration issue on CAS > 3.4.10 > > You replaced the existing bean that stores usernames. That's wrong. > > I highlighted the ONE line that needed to be changed. > > Cheers, > Soctt > > On Mon, Nov 14, 2011 at 12:57 PM, Scott Battaglia > <scott.battag...@gmail.com<mailto:scott.battag...@gmail.com>> wrote: > Sorry, we've apparently got out of date config. > > You should replace just this line: > <sec:user name="user_name_here" password="XXXXXXX" > authorities="ROLE_ADMIN" /> > > with something like > <sec:user name="MYNAME" password="XXXXXXX" authorities="ROLE_ADMIN" /> > > The password doesn't matter. > > We'll look into getting the documentation updated. > > Thanks > Scott > > On Mon, Nov 14, 2011 at 12:53 PM, Ben Branch > <bbra...@uco.edu<mailto:bbra...@uco.edu>> wrote: > Marvin/Paul, > > I have been able to get the services manager portion up, but now I am unable > to login to it. The documentation isn't clear on how to add users. I have > reviewed the "Configuring" Service Manager page again > (https://wiki.jasig.org/display/CASUM/Configuring). > > I replaced the normal section (from my deployerconfigcontext.xml): > > <sec:user-service id="userDetailsService"> > <sec:user name="user_name_here" password="XXXXXXX" > authorities="ROLE_ADMIN" /> </sec:user-service> > > With: > > <bean id ="userDetailsService" > class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> > <property name="userMap"> > <value> > username=user_name_here,ROLE_ADMIN > </value> > </property> > </bean> > > > After making this change, I began getting JavaClassNotFound exceptions for " > org.acegisecurity.userdetails.memory.InMemoryDaoImpl". I did a search for > this and found that I possibly needed the acegi-security-1.0.6.jar to resolve > this. I downloaded this and copied it into my $TOMCAT_HOME/lib as well as my > $TOMCAT_HOME/webapps/cas/WEB-INF/lib directory. After doing so, I began to > get a different error, and I'm not sure why, or if I'm even going in the > right direction with this. > > org.springframework.beans.factory.BeanCreationException: Error creating bean > with name 'org.springframework.security.authentication.ProviderManager#0': > Cannot create inner bean '(inner bean)' of type > [org.springframework.security.config.authentication.AuthenticationManagerFactoryBean] > while setting bean property 'parent'; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating bean > with name '(inner bean)': FactoryBean threw exception on object creation; > nested exception is org.springframework.beans.factory.BeanCreationException: > Error creating bean with name > 'org.springframework.security.authenticationManager': Cannot resolve > reference to bean 'casAuthenticationProvider' while setting bean property > 'providers' with key [0]; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating bean > with name 'casAuthenticationProvider' defined in ServletContext resource > [/WEB-INF/spring-configuration/securityContext. xml]: Initialization of bean failed; nested exception is org.springframework.beans.ConversionNotSupportedException: Failed to convert property value of type 'org.acegisecurity.userdetails.memory.InMemoryDaoImpl' to required type 'org.springframework.security.core.userdetails.UserDetailsService' for property 'userDetailsService'; nested exception is java.lang.IllegalStateException: Cannot convert value of type [org.acegisecurity.userdetails.memory.InMemoryDaoImpl] to required type [org.springframework.security.core.userdetails.UserDetailsService] for property 'userDetailsService': no matching editors or conversion strategy found > > Many thanks for the assistance, > > Ben Branch > Sun Administrator > University of Central Oklahoma > ITIL Foundation v3, Network+ > > 100 N. University Drive, Box 122 > Edmond, OK 73034 > D: 405.974.2649<tel:405.974.2649> | M: 405.550.6804<tel:405.550.6804> > | bbra...@uco.edu<mailto:bbra...@uco.edu> | > www.uco.edu<http://www.uco.edu> > > "If you wish to know your past, look at your present conditions. If > you wish to know your future, look at your present actions." - > Siddhartha Gautama > > -----Original Message----- > From: Marvin Addison > [mailto:marvin.addi...@gmail.com<mailto:marvin.addi...@gmail.com>] > Sent: Friday, November 11, 2011 9:37 AM > To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> > Subject: Re: [cas-user] Service Manager Configuration issue on CAS > 3.4.10 >> I'm getting some JavaClassNotFound Exceptions, which I believe are >> due to missing jar libraries > > Looks like your JDBC driver is missing. It should be on the container's > classpath as discussed in the "JDBC Driver" section of > https://wiki.jasig.org/display/CASUM/JpaTicketRegistry. > > M > > -- > You are currently subscribed to > cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: > bbra...@uco.edu<mailto:bbra...@uco.edu> To unsubscribe, change > settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and > Green! Please print this e-mail only if absolutely necessary! > > **CONFIDENTIALITY** This e-mail (including any attachments) may contain > confidential, proprietary and privileged information. Any unauthorized > disclosure or use of this information is prohibited. > > -- > You are currently subscribed to > cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: > scott.battag...@gmail.com<mailto:scott.battag...@gmail.com> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to > cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: > bbra...@uco.edu<mailto:bbra...@uco.edu> > > > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and > Green! Please print this e-mail only if absolutely necessary! > **CONFIDENTIALITY** -This e-mail (including any attachments) may contain > confidential, proprietary and privileged information. Any unauthorized > disclosure or use of this information is prohibited. > > -- > You are currently subscribed to > cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: > scott.battag...@gmail.com<mailto:scott.battag...@gmail.com> > > > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to > cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: > bbra...@uco.edu<mailto:bbra...@uco.edu> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and > Green! Please print this e-mail only if absolutely necessary! > > **CONFIDENTIALITY** This e-mail (including any attachments) may contain > confidential, proprietary and privileged information. Any unauthorized > disclosure or use of this information is prohibited. > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > mor...@orst.edu To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: bbra...@uco.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and Green! Please print this e-mail only if absolutely necessary! **CONFIDENTIALITY** This e-mail (including any attachments) may contain confidential, proprietary and privileged information. Any unauthorized disclosure or use of this information is prohibited. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
