The CAS LDAP support should be drastically better than the JAASAuthenticationHandler using that specific LDAP JAAS module. I wrote the JAASAuthenticationHandler and edu.uconn.netid.jaas.LDAPLoginModule as a quick hack job due to some historical Kerberos/LDAP/ActiveDirectory needs. Scott cleaned up the JAASAuthenticationHandler to make it CAS-worthy, but the JAAS LDAPLoginModule has suffered from severe bit-rot and should be purged from this plane of existence.
I'd recommend either using the stock CAS LDAP support, or the more popular (at least in the Shib community) Virginia Tech LDAPLoginModule http://www.middleware.vt.edu/doku.php?id=middleware:opensource:ldap#jaas_support . -Matt On Thu, Jan 15, 2009 at 5:13 PM, inas inassen <mezgh...@hotmail.com> wrote: > Thanks Andrew > > Yes, all my applications are role based autorization using JAAS framework > inside strust, tiles and taglibs. > > So my need is that I want to have a CAS server running let say in W1 server > site that authenticate against an ldap > Using a CAS client, my others applications that are running in W2, W3 and > so one will authenticate against a CAS Server in W1 and I need a JAAS > subject to keep my application's security (autorization and authentication) > working. > > thanks again > > Inas. > > > ________________________________ > Date: Thu, 15 Jan 2009 15:01:37 -0600 > Subject: Re: CAS and LDAP and JAAS > From: afel...@lsu.edu > To: cas@tp.its.yale.edu > > Inas, > > Is there any reason you are going through JAAS for LDAP authentication > instead of using the LDAP authentication handler? > > LDAP wiki entry: http://www.ja-sig.org/wiki/display/CASUM/LDAP > JAAS wiki entry: http://www.ja-sig.org/wiki/display/CASUM/JAAS > > HTH, > A- > > On 1/15/09 2:51 PM, "inas inassen" <mezgh...@hotmail.com> wrote: > > > > Hi all, > > I'm trying to configure CAS to authenticate against an LDAP and my > applications are using JAAS as an Authentication and Autorization framework. > > Everything work fine using Tomcat JNDIRealm > > My Tomcat JNDIRealm > > > <Realm className="org.apache.catalina.realm.JNDIRealm" > connectionURL="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"; > userPattern="uid={0},ou=people,ou=ait,o=b2b,dc=net" > roleBase="ou=roles,ou=ait,o=b2b,dc=net" > roleName="cn" > roleSearch="(uniqueMember={0})" /> > > > this is my jaas.conf file (configured in > -Djava.security.auth.login.config=jaas.conf) > > > CAS { > edu.uconn.netid.jaas.LDAPLoginModule sufficient > java.naming.provider.url="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"; > java.naming.security.principal="cn=Manager,ou=ait,o=b2b,dc=net" > java.naming.security.credentials="secret" > Attribute="uid" > startTLS="true"; > }; > > > and this is my delpoyConfigContext file > > <?xml version="1.0" encoding="UTF-8"?> > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:p="http://www.springframework.org/schema/p"; > xsi:schemaLocation="http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";> > <bean id="authenticationManager" > class="org.jasig.cas.authentication.AuthenticationManagerImpl"> > <property name="credentialsToPrincipalResolvers"> > <list> > <bean > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > /> > <bean > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" > /> > </list> > </property> > <property name="authenticationHandlers"> > <list> > <bean > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > p:httpClient-ref="httpClient" /> > <bean > class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler" > /> > <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> > <property name="filter" value="uid=%u" /> > <property name="searchBase" value="ou=people,ou=ait,o=b2b,dc=net" /> > <property name="contextSource" ref="contextSource" /> > </bean> > </list> > </property> > </bean> > > <bean id="userDetailsService" > class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> > <property name="userMap"> > <value></value> > </property> > </bean> > > <bean id="attributeRepository" > class="org.jasig.services.persondir.support.StubPersonAttributeDao"> > <property name="backingMap"> > <map> > <entry key="uid" value="uid" /> > <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> > <entry key="groupMembership" value="groupMembership" /> > </map> > </property> > </bean> > > <bean id="serviceRegistryDao" > class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" /> > > <!-- LDAP context --> > <bean id="contextSource" > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="pooled" value="true"/> > <property name="urls"> > <list> > <value>ldap://ladpsrv:389/ou=ait,o=b2b,dc=net</value> > </list> > </property> > <property name="userName" value="cn=Manager,ou=ait,o=b2b,dc=net"/> > <property name="password" value="secret"/> > <property name="baseEnvironmentProperties"> > <map> > <entry> > <key> > <value>java.naming.security.authentication</value> > </key> > <value>simple</value> > </entry> > > <entry> > <key> > <value>ldap.initial.context.factory</value> > </key> > <value>com.sun.jndi.ldap.LdapCtxFactory</value> > </entry> > </map> > </property> > </bean> > > </beans> > > > my ldap schema is > > ou=ait,o=b2b,dc=net > ou=people > uid=user1 > uid=user2 > ou=roles > cn=role1 > uniqueMember: uid=user1,ou=people,ou=ait,o=b2b,dc=net > cn=role2 > uniqueMember: uid=user2,ou=people,ou=ait,o=b2b,dc=net > > > > when I try to login I get a bad credential > > any help please? > > thanks a lot. > > Mezghena. > > > ________________________________ > Découvrez toutes les possibilités de communication avec vos proches > <http://www.microsoft.com/windows/windowslive/default.aspx> > > ________________________________ > Découvrez tout ce que Windows Live a à vous apporter ! > <http://www.microsoft.com/windows/windowslive/> > ________________________________ > _______________________________________________ > Yale CAS mailing list > cas@tp.its.yale.edu > http://tp.its.yale.edu/mailman/listinfo/cas > > -- > Andrew Feller, Analyst > LSU University Information Services > 200 Frey Computing Services Center > Baton Rouge, LA 70803 > Office: 225.578.3737 > Fax: 225.578.6400 > > ________________________________ > Découvrez toutes les possibilités de communication avec vos proches > _______________________________________________ > Yale CAS mailing list > cas@tp.its.yale.edu > http://tp.its.yale.edu/mailman/listinfo/cas > > -- m...@forsetti.com Key ID:D6EEC5B5 _______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas
