doahh wrote:
CAS is set to use the Roller database and the users were in there before I
tried to use CAS. I set the password field in the Roller database to be
'tester' in plain text (no encryption). CAS seems happy but now I look in
Roller's security.xml file I find:
<bean id="casAuthenticationProvider"
class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
<property name="key" value="rollerlovesacegi"/>
</bean>
That would seem to be telling CAS that the password field is encrypted with
the given key of 'rollerlovesacegi'. My use of a plain text password may be
causing problems even though CAS seems happy. I wonder how CAS is told which
encryption algorithm is used.
I don't think that will affect anything, at least as far as the Roller
password field is concerned. CAS shouldn't even be looking at that,
unless you have explicitly defined the CAS configuration that way. If
so, I guess there could be an issue. To be completely honest, I'm not
exactly sure what the particular property is used for. But FWIW, my
configuration also has that line in it. But my CAS configuration pulls
authentication info from a completely separate source and the password
field in the Roller table is completely ignored.
<bean id="casProxyTicketValidator"
class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
<property name="trustStore"
value="/Library/Java/Home/lib/security/cacerts"/>
</bean>
and that makes me wonder if I added my certificate to the correct
trustStore. I wonder where '/Library/Java/Home/lib/security/cacerts' is?
I don't remember doing it, but I have that "trustStore" property
commented out. You might try taking it out and see what happens.
TTYL,
--
Phillip Rhodes
Chief Architect - OpenQabal
https://openqabal.dev.java.net
LinkedIn: http://www.linkedin.com/in/philliprhodes
