[cas-dev] CASifying Sun Identity Manager Help Needed
Michael A Jones
M.A.Jones at hull.ac.uk
Tue Dec 2 12:05:00 EST 2008
Thanks for that. Well so far I can confirm that CAS in my circumstances
is about 70% working in IDM version 8. I have got a trace of the error
being generated at my IDM login screen and wondered if anyone has seen
this error before and can offer any advice, before I start delving
deeper into the java code involved. The trace error is as follows:
WavesetException:
com.waveset.util.WavesetException: Authentication failed using CAS
at
com.waveset.util.WavesetException.checkBreakpoint(WavesetException.java:
497)
at
com.waveset.util.WavesetException.<init>(WavesetException.java:193)
at
edu.ucmerced.idm.adapter.CASResourceAdapter.authenticate(CASResourceAdap
ter.java:439)
at
com.waveset.adapter.ResourceAdapterProxy.authenticate(ResourceAdapterPro
xy.java:972)
at
com.waveset.security.authn.WSResourceLoginModule.login(WSResourceLoginMo
dule.java:153)
at
com.waveset.session.LocalSession.login(LocalSession.java:1699)
at
com.waveset.session.LocalSession.login(LocalSession.java:1541)
at
com.waveset.session.SessionFactory.getSession(SessionFactory.java:820)
at
com.waveset.ui.web.common.LoginForm.processLogin(LoginForm.java:506)
at
com.waveset.ui.web.common.LoginForm.process(LoginForm.java:409)
at
org.apache.jsp.user.login_jsp._jspService(login_jsp.java:232)
at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.ja
va:374)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)
at
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:401)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)
at
com.sun.idm.profiler.instrumentation.RequestTimingFilter.doFilter(Reques
tTimingFilter.java:81)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2
86)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:84
5)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
From: cas-dev-bounces at tp.its.yale.edu
[mailto:cas-dev-bounces at tp.its.yale.edu] On Behalf Of Scott Battaglia
Sent: 01 December 2008 16:57
To: Mailing list for CAS developers
Subject: Re: [cas-dev] CASifying Sun Identity Manager Help Needed
On Mon, Dec 1, 2008 at 11:01 AM, Michael A Jones <M.A.Jones at hull.ac.uk>
wrote:
Many thanks.
I have got the CAS system talking to IDM now and getting as far
as the IDM login screen, but getting a general error saying user doesn't
exist in CAS resource. It appears there could be a mismatch somewhere
between my users credentials in IDM and the CAS server resource, which
is using Active Directory.
A few comments to make on getting this far I had to make the
following changes:
1. I was using the latest CAS client version 3 jar.
However this doesn't work as the paths to the classes have changed, so
it only works with version 2 at present.
It probably still works. Its just that the configuration is different.
They're not the same library, architecture, or packages. They both
support the CAS1 and CAS2 protocol though.
-Scott
2. My server has a port number assigned so that was needed
in the server name in the web.xml
3. As pointed out the location back to IDM in web.xml
needs to be set to /*
From: cas-dev-bounces at tp.its.yale.edu
[mailto:cas-dev-bounces at tp.its.yale.edu] On Behalf Of Shivani Chandna
Sent: 29 November 2008 04:05
To: Mailing list for CAS developers
Subject: Re: [cas-dev] CASifying Sun Identity Manager Help
Needed
You need to give url pattern in web.xml as follows:
<url-pattern>/*</url-pattern>
instead of
<url-pattern>http://
my-IDM-Server:8081/idm/user/login.jsp</url-pattern>
Regards,
Shivani
On Fri, Nov 28, 2008 at 5:24 PM, Michael A Jones
<M.A.Jones at hull.ac.uk> wrote:
Hi there,
I am trying to setup SSO to Sun Identity Manager 8.0 through CAS
using instructions posted in the CAS Wiki by the University of
California merced. I successfully got IDM to recognise the custom
compiled java class to create a new CAS resource and associated this
with my IDM users. Then associated this with a new login group, which is
set to be used in place of the default user login.
I then made the various changes needed in the IDM web.xml and
userLogout.jsp and restarted my tomcat webserver. I then began the
process of testing and below is the URL I use to login to CAS:
https://mycas-server/cas/login?service=http://my-IDM-Server:8081/idm/use
r/login.jsp
I login with one of my casified IDM users and a ticket is
generated ok, but then when the system redirects back to the IDM
CASified login page I am getting an HTTP 404 not found page error in my
browser, being generated by my IDM web server. I think the problem is
something to do with the IDM web.xml entry, as in my webserver catalina
logs it is reporting an error with parsing my IDM web.xml as follows:
Invalid <url-pattern> http://
my-IDM-Server:8081/idm/user/login.jsp in filter mapping
Below is the xml code for my IDM web.xml:
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://mycas-server/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https:// mycas-server
/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value> my-IDM-Server </param-value>
</init-param>
<!-- wrap request such that getRemoteUser() returns username
-->
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.wrapRequest</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>http://
my-IDM-Server:8081/idm/user/login.jsp</url-pattern>
</filter-mapping>
Could anyone who has managed to get this working or the authors
of this method give some advice.
Regards
Mike Jones
Identity Management Systems Administrator
e-sig
University of Hull
************************************************************************
*****************
To view the terms under which this email is distributed, please
go to http://www.hull.ac.uk/legal/email_disclaimer.html
************************************************************************
*****************
_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev
************************************************************************
*****************
To view the terms under which this email is distributed, please
go to http://www.hull.ac.uk/legal/email_disclaimer.html
************************************************************************
*****************
_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20081202/c2d90868/attachment-0001.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
Url: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20081202/c2d90868/attachment-0001.pl
More information about the cas-dev
mailing list