Hi Dmitry, Thanks for responding. Here is the deployerConfigContext.xml: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd";> <!-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared in this file are instantiated at context initialization time by the Spring | ContextLoaderListener declared in web.xml. It finds this file because this | file is among those declared in the context parameter "contextConfigLocation". | | By far the most common change you will need to make in this file is to change the last bean | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing your approach for authenticating usernames and passwords. +--> <beans> <!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, | "authenticationManager". Most deployers will be able to use the default AuthenticationManager | implementation and so do not need to change the class of this bean. We include the whole | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will | need to change in context. +--> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <!-- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which | supports the presented credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are | using. | | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. | You will need to change this list if you are identifying services by something more or other than their callback URL. +--> <property name="credentialsToPrincipalResolvers"> <list> <!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login | by default and produces SimplePrincipal instances conveying the username from the credentials. | | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the | Credentials you are using. +--> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a | SimpleService identified by that callback URL. | | If you are representing services by something more or other than an HTTPS URL whereat they are able to | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). +--> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property>
<!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn | until it finds one that both supports the Credentials presented and succeeds in authenticating. +--> <property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"> <property name="httpClient" ref="httpClient" /> </bean> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. | With this configuration you’ll be using LDAP FastBind authentication. +--> <bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="uid=%u,ou=people,dc=norwoodma,dc=gov" /> <property name="contextSource" ref="contextSource" /> </bean> </list> </property> </bean> <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="urls"> <list> <value>ldaps://ldap.norwood-ma.gov/</value> </list> </property> </bean> </beans> Thank you, Joe > From: "Dmitry Kochelaev" <[EMAIL PROTECTED]> > Subject: Re: CAS is up but not authenticating > To: "Yale CAS mailing list" <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Hello, > > Show your deployerConfigContext.xml please. It could be helpful. > > On 5/10/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> > wrote: >> Hi Scott, >> >> Thank you for getting me past the last hurdle (email titled "almost >> there"). >> The cas.log gives me this info when I try to login using LDAP FastBind: >> >> 2007-05-09 16:36:34,708 WARN >> [org.springframework.ldap.support.LdapContextSource] - >> Property 'userName' not set - anonymous context will be used for >> read-write >> operations >> 2007-05-09 16:36:34,714 INFO >> [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] >> - No PasswordEncoder set. Using default: >> org.jasig.cas.authentication.handler.PlainTextPasswordEncoder >> 2007-05-09 16:36:34,714 INFO >> [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] >> - No Class to Support set. Using default: >> org.jasig.cas.authentication.principal.UsernamePasswordCredentials >> 2007-05-09 16:36:34,726 INFO >> [org.jasig.cas.ticket.proxy.support.Cas20ProxyHandler] - No >> UniqueTicketIdGenerator specified for >> org.jasig.cas.ticket.proxy.support.Cas20ProxyHandler. >> Using org.jasig.cas.util.DefaultUniqueTicketIdGenerator >> 2007-05-09 16:36:35,078 INFO >> [org.jasig.cas.web.ServiceValidateController] - No >> authentication specification class set. Defaulting to >> org.jasig.cas.validation.Cas20ProtocolValidationSpecification >> 2007-05-09 16:36:35,078 INFO >> [org.jasig.cas.web.ServiceValidateController] - No >> successView specified. Using default of casServiceSuccessView >> 2007-05-09 16:36:35,078 INFO >> [org.jasig.cas.web.ServiceValidateController] - No >> failureView specified. Using default of casServiceFailureView >> 2007-05-09 16:36:35,084 INFO >> [org.jasig.cas.web.ServiceValidateController] - No >> successView specified. Using default of casServiceSuccessView >> 2007-05-09 16:36:35,084 INFO >> [org.jasig.cas.web.ServiceValidateController] - No >> failureView specified. Using default of casServiceFailureView >> 2007-05-09 16:36:35,111 INFO >> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - >> FormObjectClass not set. Using default class of >> org.jasig.cas.authentication.principal.UsernamePasswordCredentials >> with formObjectName credentials and validator >> org.jasig.cas.validation.UsernamePasswordCredentialsValidator. >> 2007-05-09 16:36:40,873 INFO >> [org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - >> Setting ContextPath for cookies to: /cas >> 2007-05-09 16:36:52,436 INFO >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> AuthenticationHandler: >> org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler >> failed to authenticate the user which provided the following >> credentials: >> jsalvaggio >> 2007-05-09 16:36:54,775 INFO >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] >> - Starting cleaning of expired tickets from ticket registry at [Wed May >> 09 >> 16:36:54 EDT 2007] >> 2007-05-09 16:36:54,775 INFO >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] >> - 0 found to be removed. Removing now. >> 2007-05-09 16:36:54,775 INFO >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] >> - Finished cleaning of expired tickets from ticket registry at [Wed May >> 09 >> 16:36:54 EDT 2007] >> >> Can you tell me, please, what I still need to do to configure the LDAP >> authentication to work? >> >> Thank you >> >> Joe >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > > > -- > Dmitry Kochelaev > eVelopers Corporation > > > ------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > End of cas Digest, Vol 48, Issue 21 > *********************************** >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
