Does this have to be an account that exists in my authentication source (AD)?
Yes, it should. Once you're able to successfully authenticate, you should be able to access the services management app. I don't suppose you need to configure the password in the userDetailsService, the matching user id should suffice. As for the SSL problem, it very much seems like the issue pointed out on the wiki: "Please note that the JVM needs to trust the certificate of your SSL enabled LDAP server, else CAS will refuse to connect to your LDAP server. You can add the LDAP server's certificate to the JVM trust store ($JAVA_HOME/jre/lib/security/cacerts by default) to solve that issue. JVM will throw "unable to find valid certification path to requested target" exception when it doesn't find certificate sent by ldap server into keystore. There is a nice open source utility called InstallCert.java available from Sun which can add certificate returned by ldap server into your JVM keystore, use that to solve this problem." [1] Though the segments refers to LDAP, should still perfectly apply to AD as well. Regards, -Misagh [1] https://wiki.jasig.org/display/CASUM/LDAP From: HOLCOMB, LAWRENCE [mailto:lholco...@cnm.edu] Sent: Wednesday, March 14, 2012 8:21 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] Services Management Problems Hi Ben, I'm on RHEL 5. It would appear that there is egg on my face. I had a misconfiguration that was re-directing the browser outside the scope of the reverse proxy. That said I'm not sure how to authenticate to the Services Management application. When I try the username and password I set in "userDetailsService" it fails to authenticate. Does this have to be an account that exists in my authentication source (AD)? If so how do I manage the password portion? When I try to log into cas/services with an existing AD account I get the following exception: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I'm researching that now. Regards, Glen Holcomb From: Ben Branch <bbra...@uco.edu> Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> Date: Wed, 14 Mar 2012 08:33:26 -0600 To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> Subject: RE:[cas-user] Services Management Problems Glen, What platform (Operating System) is this running on? When I setup my initial CAS server I had issues with the web site timing out every time I tried to access it. With my OS being RedHat Enterprise Linux, I found that I either needed to create specific rules for IPTables to allow traffic to the CAS, or disable IPTables all together (if you're comfortable with this). As a test, I would try disabling IPTables first, see if that resolves your issue. If that does resolve your issue, then I would identify what rules you need to add to IPtables to make it work properly with it enabled. I hope this helps. Also, are you able to access the /cas/services URI to manage your services that way (ie., https://yourcas.yourdomain.edu/cas/services)? I found this to be a much easier way to configure services in CAS vs. adding them individually in the deployerConfigContext.xml. Ben Branch Sun Administrator University of Central Oklahoma ITIL Foundation v3, Network+ 100 N. University Drive, Box 122 Edmond, OK 73034 D: 405.974.2649 | M: 405.550.6804 | bbra...@uco.edu | www.uco.edu <http://www.uco.edu/> "If you wish to know your past, look at your present conditions. If you wish to know your future, look at your present actions." - Siddhartha Gautama From: HOLCOMB, LAWRENCE [mailto:lholco...@cnm.edu] Sent: Tuesday, March 13, 2012 5:54 PM To: cas-user@lists.jasig.org Subject: Re:[cas-user] Services Management Problems Turns out I didn't have a mysql jdbc driver. However I'm having new issues. After implementing the configuration changes CAS times out more often than not. It seems to be running but not responding to web requests: 2012-03-13 16:30:15,058 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup.> 2012-03-13 16:30:15,058 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 tickets found to be removed.> 2012-03-13 16:30:15,058 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.> 2012-03-13 16:31:56,594 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> Hibernate: select registered0_.id as id0_, registered0_.allowedToProxy as allowedT2_0_, registered0_.anonymousAccess as anonymou3_0_, registered0_.description as descript4_0_, registered0_.enabled as enabled0_, registered0_.evaluation_order as evaluation6_0_, registered0_.ignoreAttributes as ignoreAt7_0_, registered0_.name as name0_, registered0_.serviceId as serviceId0_, registered0_.ssoEnabled as ssoEnabled0_, registered0_.theme as theme0_ from RegisteredServiceImpl registered0_ 2012-03-13 16:31:56,596 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.> I've tried regestering services in the deployerConfigContext.xml thinking that the lack of an https definition in the new bean was the problem but that doesn't help. From: Glen Holcomb <lholco...@cnm.edu> Date: Tue, 13 Mar 2012 15:36:47 -0600 To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org> Subject: Services Management Problems Hello, I'm setting up CAS for the first time and am having trouble configuring the Services Management Application. I've attempted to follow the instruction at https://wiki.jasig.org/display/CASUM/Configuring but I'm getting the following error in my catalina.out: ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas]] - <Exception starting filter springSecurityFilterChain> org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'servicesManager' defined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.jasig.cas.services.DefaultServicesManagerImpl]: Constructor threw exception; nested exception is org.springframework.orm.hibernate3.HibernateJdbcException: JDBC exception on Hibernate data access: SQLException for SQL [???]; SQL state [null]; error code [0]; Cannot open connection; nested exception is org.hibernate.exception.GenericJDBCException: Cannot open connection I am able to connect to the database with the following command: mysql -s -N -h localhost -P 3306 -D cas -u cas_admin -p Here is the relevant xml from my deployerConfigContext.xml: <bean id="serviceRegistryDao" class="org.jasig.cas.services.JpaServiceRegistryDaoImpl" p:entityManagerFactory-ref="entityManagerFactory" /> <!-- EntityManagerFactory configuration for Hibernate --> <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" > <property name="dataSource" ref="dataSource" /> <property name="jpaVendorAdapter"> <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> <property name="generateDdl" value="true" /> <property name="showSql" value="true" /> </bean> </property> <property name="jpaProperties"> <props> <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop> <prop key="hibernate.hbm2ddl.auto">update</prop> </props> </property> </bean> <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"> <property name="entityManagerFactory" ref="entityManagerFactory" /> </bean> <tx:annotation-driven transaction-manager="transactionManager" /> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" p:driverClassName="com.mysql.jdbc.Driver" p:url="jdbc:mysql://localhost:3306/cas?autoReconnect=true" p:password="cas_services" p:username="cas_admin" /> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> I've uncommented the MySQLDialect in cas.properties: database.hibernate.dialect=org.hibernate.dialect.MySQLDialect I've also added the following to the dependencies in my pom.xml: <dependency> <groupId>commons-dbcp</groupId> <artifactId>commons-dbcp</artifactId> <version>1.4</version> <scope>runtime</scope> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-entitymanager</artifactId> <version>3.5.0-CR-2</version> </dependency> I'm trying to add a SAML 2.0 service for Google Apps SSO. Any help would be greatly appreciated. Regards, Glen Holcomb -- This message has been scanned for viruses and dangerous content by <http://www.mailscanner.info/> MailScanner, and is believed to be clean. -- You are currently subscribed to cas-user@lists.jasig.org as: bbra...@uco.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and Green! Please print this e-mail only if absolutely necessary! **CONFIDENTIALITY** -This e-mail (including any attachments) may contain confidential, proprietary and privileged information. Any unauthorized disclosure or use of this information is prohibited. -- You are currently subscribed to cas-user@lists.jasig.org as: lholco...@cnm.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- This message has been scanned for viruses and dangerous content by <http://www.mailscanner.info/> MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by <http://www.mailscanner.info/> MailScanner, and is believed to be clean. -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
