[cas-dev] CASifying Sun Identity Manager Help Needed
Michael A Jones
M.A.Jones at hull.ac.uk
Wed Dec 3 05:55:01 EST 2008
I did already take note of this section. You can see an example below of
CAS listed in a users assigned resources on their account page:
Account Information
Assigned Resources
CAS
MySql_Demo_Users
LDAPDirectory
Current Resource Accounts
MySql_Demo_Users: 3496065432
LDAPDirectory:
uid=3496065432,cn=Student,ou=Identities,dc=uni,dc=ac,dc=uk
CAS: 3496065432
In the above example '3496065432' is the idm userid set.
From: cas-dev-bounces at tp.its.yale.edu
[mailto:cas-dev-bounces at tp.its.yale.edu] On Behalf Of Shivani Chandna
Sent: 03 December 2008 03:50
To: Mailing list for CAS developers
Subject: Re: [cas-dev] CASifying Sun Identity Manager Help Needed
I think that you have not configured CAS user with IDM account:
Read this:
For every person you want to be able to allow to log in through CAS, you
must assign the CAS resource to their IDM account. If CAS authentication
succeeds but they don't have the CAS resource assigned, you will
probably see a Java exception being thrown on the IDM server when CAS
redirects to IDM
See more on the URL :
http://www.ja-sig.org/wiki/display/CAS/CASifying+Sun+Identity+Manager
<http://www.ja-sig.org/wiki/display/CAS/CASifying+Sun+Identity+Manager>
Regards,
Shivani.
On Tue, Dec 2, 2008 at 10:35 PM, Michael A Jones <M.A.Jones at hull.ac.uk>
wrote:
Thanks for that. Well so far I can confirm that CAS in my circumstances
is about 70% working in IDM version 8. I have got a trace of the error
being generated at my IDM login screen and wondered if anyone has seen
this error before and can offer any advice, before I start delving
deeper into the java code involved. The trace error is as follows:
WavesetException:
com.waveset.util.WavesetException: Authentication failed using CAS
at
com.waveset.util.WavesetException.checkBreakpoint(WavesetException.java:
497)
at
com.waveset.util.WavesetException.<init>(WavesetException.java:193)
at
edu.ucmerced.idm.adapter.CASResourceAdapter.authenticate(CASResourceAdap
ter.java:439)
at
com.waveset.adapter.ResourceAdapterProxy.authenticate(ResourceAdapterPro
xy.java:972)
at
com.waveset.security.authn.WSResourceLoginModule.login(WSResourceLoginMo
dule.java:153)
at
com.waveset.session.LocalSession.login(LocalSession.java:1699)
at
com.waveset.session.LocalSession.login(LocalSession.java:1541)
at
com.waveset.session.SessionFactory.getSession(SessionFactory.java:820)
at
com.waveset.ui.web.common.LoginForm.processLogin(LoginForm.java:506)
at
com.waveset.ui.web.common.LoginForm.process(LoginForm.java:409)
at
org.apache.jsp.user.login_jsp._jspService(login_jsp.java:232)
at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.ja
va:374)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)
at
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:401)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)
at
com.sun.idm.profiler.instrumentation.RequestTimingFilter.doFilter(Reques
tTimingFilter.java:81)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2
86)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:84
5)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
From: cas-dev-bounces at tp.its.yale.edu
[mailto:cas-dev-bounces at tp.its.yale.edu] On Behalf Of Scott Battaglia
Sent: 01 December 2008 16:57
To: Mailing list for CAS developers
Subject: Re: [cas-dev] CASifying Sun Identity Manager Help Needed
On Mon, Dec 1, 2008 at 11:01 AM, Michael A Jones <M.A.Jones at hull.ac.uk>
wrote:
Many thanks.
I have got the CAS system talking to IDM now and getting as far
as the IDM login screen, but getting a general error saying user doesn't
exist in CAS resource. It appears there could be a mismatch somewhere
between my users credentials in IDM and the CAS server resource, which
is using Active Directory.
A few comments to make on getting this far I had to make the
following changes:
1. I was using the latest CAS client version 3 jar.
However this doesn't work as the paths to the classes have changed, so
it only works with version 2 at present.
It probably still works. Its just that the configuration is different.
They're not the same library, architecture, or packages. They both
support the CAS1 and CAS2 protocol though.
-Scott
2. My server has a port number assigned so that was needed
in the server name in the web.xml
3. As pointed out the location back to IDM in web.xml
needs to be set to /*
From: cas-dev-bounces at tp.its.yale.edu
[mailto:cas-dev-bounces at tp.its.yale.edu] On Behalf Of Shivani Chandna
Sent: 29 November 2008 04:05
To: Mailing list for CAS developers
Subject: Re: [cas-dev] CASifying Sun Identity Manager Help
Needed
You need to give url pattern in web.xml as follows:
<url-pattern>/*</url-pattern>
instead of
<url-pattern>http://
my-IDM-Server:8081/idm/user/login.jsp</url-pattern>
Regards,
Shivani
On Fri, Nov 28, 2008 at 5:24 PM, Michael A Jones
<M.A.Jones at hull.ac.uk> wrote:
Hi there,
I am trying to setup SSO to Sun Identity Manager 8.0 through CAS
using instructions posted in the CAS Wiki by the University of
California merced. I successfully got IDM to recognise the custom
compiled java class to create a new CAS resource and associated this
with my IDM users. Then associated this with a new login group, which is
set to be used in place of the default user login.
I then made the various changes needed in the IDM web.xml and
userLogout.jsp and restarted my tomcat webserver. I then began the
process of testing and below is the URL I use to login to CAS:
https://mycas-server/cas/login?service=http://my-IDM-Server:8081/idm/use
r/login.jsp
I login with one of my casified IDM users and a ticket is
generated ok, but then when the system redirects back to the IDM
CASified login page I am getting an HTTP 404 not found page error in my
browser, being generated by my IDM web server. I think the problem is
something to do with the IDM web.xml entry, as in my webserver catalina
logs it is reporting an error with parsing my IDM web.xml as follows:
Invalid <url-pattern> http://
my-IDM-Server:8081/idm/user/login.jsp in filter mapping
Below is the xml code for my IDM web.xml:
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://mycas-server/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https:// mycas-server
/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value> my-IDM-Server </param-value>
</init-param>
<!-- wrap request such that getRemoteUser() returns username
-->
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.wrapRequest</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>http://
my-IDM-Server:8081/idm/user/login.jsp</url-pattern>
</filter-mapping>
Could anyone who has managed to get this working or the authors
of this method give some advice.
Regards
Mike Jones
Identity Management Systems Administrator
e-sig
University of Hull
************************************************************************
*****************
To view the terms under which this email is distributed, please
go to http://www.hull.ac.uk/legal/email_disclaimer.html
************************************************************************
*****************
_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev
************************************************************************
*****************
To view the terms under which this email is distributed, please
go to http://www.hull.ac.uk/legal/email_disclaimer.html
************************************************************************
*****************
_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev
************************************************************************
*****************
To view the terms under which this email is distributed, please go to
http://www.hull.ac.uk/legal/email_disclaimer.html
************************************************************************
*****************
_______________________________________________
cas-dev mailing list
cas-dev at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20081203/23e5553f/attachment-0001.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
Url: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20081203/23e5553f/attachment-0001.pl
More information about the cas-dev
mailing list