Re: [cas-user] Casifying Shib (idP)

Thu, 19 Mar 2015 10:26:15 -0700 

On Wed, Mar 18, 2015 at 10:34:49PM +0000, Niva Agmon wrote:

> javax.security.auth.login.LoginException: No LoginModules configured for 
> ShibUserPassAuth
>         at javax.security.auth.login.LoginContext.init(LoginContext.java:287) 
> ~[na:1.6.0_32]
>         at 
> javax.security.auth.login.LoginContext.<init>(LoginContext.java:432) 
> ~[na:1.6.0_32]
> 
> Thanks again for any help or tips.

Hmm, did you update handler.xml?

Here's what mine looks like:

    <!-- Login Handlers -->
    <!-- Delegate authentication to CAS -->
        <ph:LoginHandler xsi:type="shib-cas:CasLoginHandler">
                
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
                <shib-cas:paramBuilder 
class="net.unicon.idp.authn.provider.extra.EntityIdParameterBuilder" />
        </ph:LoginHandler>

    <!--  Username/password login handler -->
<!--    <ph:LoginHandler xsi:type="ph:UsernamePassword" 
                  
jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config"
                  authenticationDuration="PT8H">
        
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
    </ph:LoginHandler> -->
    
    <!-- 
        Removal of this login handler will disable SSO support, that is it will 
require the user to authenticate 
        on every request.
    -->
<!--    <ph:LoginHandler xsi:type="ph:PreviousSession">
        
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
    </ph:LoginHandler> -->


Basically, I commented out the "UsernamePassword" login handler to disable
shib's native auth, added the "shib-cas:CasLoginHandler" to enable CAS
auth, and disabled the "PreviousSession" handler as session state is
handled on the CAS side, not the shib side.

As I recall, the instructions are pretty accurate. Update web.xml, create
the external properties file, update handler.xml... Install the
idp-cas-invoker and cas-client-core jars, and you should be good to go.

If you double check these steps and it still doesn't work you might try
asking on the shib list, there's some crossover between this one but
they might have a better idea on this shib specific error.


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  hen...@cpp.edu
California State Polytechnic University  |  Pomona CA 91768

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to