Hello, 1) Are you sure thatr your ldap supports anonymous lookup? 2) I think, you should specify port for your ldap url.
On 5/10/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi Dmitry, > Thanks for responding. > Here is the deployerConfigContext.xml: > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" > "http://www.springframework.org/dtd/spring-beans.dtd";> > <!-- > | deployerConfigContext.xml centralizes into one file some of the > declarative configuration that > | all CAS deployers will need to modify. > | > | This file declares some of the Spring-managed JavaBeans that make up a > CAS deployment. > | The beans declared in this file are instantiated at context > initialization time by the Spring > | ContextLoaderListener declared in web.xml. It finds this file because > this > | file is among those declared in the context parameter > "contextConfigLocation". > | > | By far the most common change you will need to make in this file is to > change the last bean > | declaration to replace the default > SimpleTestUsernamePasswordAuthenticationHandler with > | one implementing your approach for authenticating usernames and > passwords. > +--> > <beans> > <!-- > | This bean declares our AuthenticationManager. The > CentralAuthenticationService service bean > | declared in applicationContext.xml picks up this > AuthenticationManager by reference to its id, > | "authenticationManager". Most deployers will be able to use the > default AuthenticationManager > | implementation and so do not need to change the class of this > bean. We include the whole > | AuthenticationManager here in the userConfigContext.xml so that > you can see the things you will > | need to change in context. > +--> > <bean id="authenticationManager" > > class="org.jasig.cas.authentication.AuthenticationManagerImpl"> > <!-- > | This is the List of CredentialToPrincipalResolvers that > identify what Principal is trying to authenticate. > | The AuthenticationManagerImpl considers them in order, finding > a CredentialToPrincipalResolver which > | supports the presented credentials. > | > | AuthenticationManagerImpl uses these resolvers for two > purposes. First, it uses them to identify the Principal > | attempting to authenticate to CAS /login . In the default > configuration, it is the > DefaultCredentialsToPrincipalResolver > | that fills this role. If you are using some other kind of > credentials than UsernamePasswordCredentials, you will need to replace > | DefaultCredentialsToPrincipalResolver with a > CredentialsToPrincipalResolver that supports the credentials you are > | using. > | > | Second, AuthenticationManagerImpl uses these resolvers to > identify a service requesting a proxy granting ticket. > | In the default configuration, it is the > HttpBasedServiceCredentialsToPrincipalResolver that serves > this purpose. > | You will need to change this list if you are identifying > services by something more or other than their callback URL. > +--> > <property name="credentialsToPrincipalResolvers"> > <list> > <!-- > | > UsernamePasswordCredentialsToPrincipalResolver supports the > UsernamePasswordCredentials that we use for /login > | by default and produces SimplePrincipal instances > conveying the username from the credentials. > | > | If you've changed your LoginFormAction to use > credentials other than UsernamePasswordCredentials then you will also > | need to change this bean declaration (or add > additional declarations) to declare a CredentialsToPrincipalResolver that > supports the > | Credentials you are using. > +--> > <bean > > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > /> > <!-- > | > HttpBasedServiceCredentialsToPrincipalResolver supports > HttpBasedCredentials. It supports the CAS 2.0 approach of > | authenticating services by SSL callback, extracting > the callback URL from the Credentials and representing it as a > | SimpleService identified by that callback URL. > | > | If you are representing services by something more or > other than an HTTPS URL whereat they are able to > | receive a proxy callback, you will need to change this > bean declaration (or add additional declarations). > +--> > <bean > > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" > /> > </list> > </property> > > <!-- > | Whereas CredentialsToPrincipalResolvers identify who it is > some Credentials might authenticate, > | AuthenticationHandlers actually authenticate credentials. > Here we declare the AuthenticationHandlers that > | authenticate the Principals that the > CredentialsToPrincipalResolvers identified. CAS will try these handlers in > turn > | until it finds one that both supports the Credentials > presented and succeeds in authenticating. > +--> > <property name="authenticationHandlers"> > <list> > <!-- > | This is the authentication handler that authenticates > services by means of callback via SSL, thereby validating > | a server side SSL certificate. > +--> > <bean > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"> > <property name="httpClient" ref="httpClient" /> > </bean> > > <!-- > | This is the authentication handler declaration that every CAS > deployer will need to change before deploying CAS > | into production. > | With this configuration you'll be using LDAP FastBind > authentication. > +--> > <bean > > class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > > > <property name="filter" > value="uid=%u,ou=people,dc=norwoodma,dc=gov" /> > <property name="contextSource" > ref="contextSource" /> > </bean> > </list> > </property> > </bean> > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="urls"> > <list> > > <value>ldaps://ldap.norwood-ma.gov/</value> > </list> > </property> > </bean> > </beans> > > > Thank you, > > Joe > > > From: "Dmitry Kochelaev" <[EMAIL PROTECTED]> > > Subject: Re: CAS is up but not authenticating > > To: "Yale CAS mailing list" <[email protected]> > > Message-ID: > > > <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > Hello, > > > > Show your deployerConfigContext.xml please. It could be helpful. > > > > On 5/10/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> > > wrote: > >> Hi Scott, > >> > >> Thank you for getting me past the last hurdle (email titled "almost > >> there"). > >> The cas.log gives me this info when I try to login using LDAP FastBind: > >> > >> 2007-05-09 16:36:34,708 WARN > >> [org.springframework.ldap.support.LdapContextSource] - > >> Property 'userName' not set - anonymous context will be used for > >> read-write > >> operations > >> 2007-05-09 16:36:34,714 INFO > >> > [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] > >> - No PasswordEncoder set. Using default: > >> > org.jasig.cas.authentication.handler.PlainTextPasswordEncoder > >> 2007-05-09 16:36:34,714 INFO > >> > [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] > >> - No Class to Support set. Using default: > >> > org.jasig.cas.authentication.principal.UsernamePasswordCredentials > >> 2007-05-09 16:36:34,726 INFO > >> [org.jasig.cas.ticket.proxy.support.Cas20ProxyHandler] - > No > >> UniqueTicketIdGenerator specified for > >> org.jasig.cas.ticket.proxy.support.Cas20ProxyHandler. > >> Using org.jasig.cas.util.DefaultUniqueTicketIdGenerator > >> 2007-05-09 16:36:35,078 INFO > >> [org.jasig.cas.web.ServiceValidateController] - No > >> authentication specification class set. Defaulting to > >> > org.jasig.cas.validation.Cas20ProtocolValidationSpecification > >> 2007-05-09 16:36:35,078 INFO > >> [org.jasig.cas.web.ServiceValidateController] - No > >> successView specified. Using default of casServiceSuccessView > >> 2007-05-09 16:36:35,078 INFO > >> [org.jasig.cas.web.ServiceValidateController] - No > >> failureView specified. Using default of casServiceFailureView > >> 2007-05-09 16:36:35,084 INFO > >> [org.jasig.cas.web.ServiceValidateController] - No > >> successView specified. Using default of casServiceSuccessView > >> 2007-05-09 16:36:35,084 INFO > >> [org.jasig.cas.web.ServiceValidateController] - No > >> failureView specified. Using default of casServiceFailureView > >> 2007-05-09 16:36:35,111 INFO > >> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - > >> FormObjectClass not set. Using default class of > >> > org.jasig.cas.authentication.principal.UsernamePasswordCredentials > >> with formObjectName credentials and validator > >> > org.jasig.cas.validation.UsernamePasswordCredentialsValidator. > >> 2007-05-09 16:36:40,873 INFO > >> [org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] > - > >> Setting ContextPath for cookies to: /cas > >> 2007-05-09 16:36:52,436 INFO > >> [org.jasig.cas.authentication.AuthenticationManagerImpl] > - > >> AuthenticationHandler: > >> > org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler > >> failed to authenticate the user which provided the following > >> credentials: > >> jsalvaggio > >> 2007-05-09 16:36:54,775 INFO > >> > [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] > >> - Starting cleaning of expired tickets from ticket registry at [Wed May > >> 09 > >> 16:36:54 EDT 2007] > >> 2007-05-09 16:36:54,775 INFO > >> > [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] > >> - 0 found to be removed. Removing now. > >> 2007-05-09 16:36:54,775 INFO > >> > [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] > >> - Finished cleaning of expired tickets from ticket registry at [Wed May > >> 09 > >> 16:36:54 EDT 2007] > >> > >> Can you tell me, please, what I still need to do to configure the LDAP > >> authentication to work? > >> > >> Thank you > >> > >> Joe > >> _______________________________________________ > >> Yale CAS mailing list > >> [email protected] > >> http://tp.its.yale.edu/mailman/listinfo/cas > >> > >> > > > > > > -- > > Dmitry Kochelaev > > eVelopers Corporation > > > > > > ------------------------------ > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > End of cas Digest, Vol 48, Issue 21 > > *********************************** > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- Dmitry Kochelaev eVelopers Corporation _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
