Username/password authentication
Jonathan Hayward http://JonathansCorner.com
christos.jonathan.hayward at gmail.com
Tue Dec 4 15:24:23 EST 2007
P.S.
>From a fresh computer I installed maven, downloaded a fresh copy of
http://www.ja-sig.org/downloads/cas/cas-server-3.1.1-release.zip , unzipped
it, changed pom.xml by adding:
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${project.version}</version>
</dependency>
and cas-server-3.1.1/cas-server-webapp/src/main/webapp/WEB-INF/deployeConfigContext.xml
by adding what's at the end of this e-mail, and then running:
mvn -Dmaven.test.skip=true package install
I got the cyclical dependency error I reported earlier. Is there something
wrong with the sanitized XML below that would have introduced a dependency
from cas-server-support-ldap onto itself?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "
http://www.springframework.org/dtd/spring-beans.dtd">
<!--
| deployerConfigContext.xml centralizes into one file some of the
declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make
up a CAS deployment.
| The beans declared in this file are instantiated at context
initialization time by the Spring
| ContextLoaderListener declared in web.xml. It finds this file
because this
| file is among those declared in the context parameter
"contextConfigLocation".
|
| By far the most common change you will need to make in this file
is to change the last bean
| declaration to replace the default
SimpleTestUsernamePasswordAuthenticationHandler with
| one implementing your approach for authenticating usernames and
passwords.
+-->
<beans>
<!--
| This bean declares our AuthenticationManager. The
CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this
AuthenticationManager by reference to its id,
| "authenticationManager". Most deployers will be able to
use the default AuthenticationManager
| implementation and so do not need to change the class of
this bean. We include the whole
| AuthenticationManager here in the userConfigContext.xml so
that you can see the things you will
| need to change in context.
+-->
<bean id="authenticationManager"
class="
org.jasig.cas.authentication.AuthenticationManagerImpl">
<!--
| This is the List of CredentialToPrincipalResolvers
that identify what Principal is trying to authenticate.
| The AuthenticationManagerImpl considers them in
order, finding a CredentialToPrincipalResolver which
| supports the presented credentials.
|
| AuthenticationManagerImpl uses these resolvers for
two purposes. First, it uses them to identify the Principal
| attempting to authenticate to CAS /login . In the
default configuration, it is the DefaultCredentialsToPrincipalResolver
| that fills this role. If you are using some other
kind of credentials than UsernamePasswordCredentials, you will need to
replace
| DefaultCredentialsToPrincipalResolver with a
CredentialsToPrincipalResolver that supports the credentials you are
| using.
|
| Second, AuthenticationManagerImpl uses these
resolvers to identify a service requesting a proxy granting ticket.
| In the default configuration, it is the
HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
| You will need to change this list if you are
identifying services by something more or other than their callback URL.
+-->
<property name="credentialsToPrincipalResolvers">
<list>
<!--
|
UsernamePasswordCredentialsToPrincipalResolver supports the
UsernamePasswordCredentials that we use for /login
| by default and produces
SimplePrincipal instances conveying the username from the credentials.
|
| If you've changed your
LoginFormAction to use credentials other than UsernamePasswordCredentials
then you will also
| need to change this bean
declaration (or add additional declarations) to declare a
CredentialsToPrincipalResolver that supports the
| Credentials you are using.
+-->
<bean
class="
org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<!--
|
HttpBasedServiceCredentialsToPrincipalResolver supports
HttpBasedCredentials. It supports the CAS 2.0 approach of
| authenticating services by SSL
callback, extracting the callback URL from the Credentials and representing
it as a
| SimpleService identified by that
callback URL.
|
| If you are representing services
by something more or other than an HTTPS URL whereat they are able to
| receive a proxy callback, you will
need to change this bean declaration (or add additional declarations).
+-->
<bean
class="
org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</list>
</property>
<!--
| Whereas CredentialsToPrincipalResolvers identify
who it is some Credentials might authenticate,
| AuthenticationHandlers actually authenticate
credentials. Here we declare the AuthenticationHandlers that
| authenticate the Principals that the
CredentialsToPrincipalResolvers identified. CAS will try these handlers in
turn
| until it finds one that both supports the
Credentials presented and succeeds in authenticating.
+-->
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler
that authenticates services by means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean
class="
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
/>
<!--
| This is the authentication handler
declaration that every CAS deployer will need to change before deploying CAS
| into production. The default
SimpleTestUsernamePasswordAuthenticationHandler authenticates
UsernamePasswordCredentials
| where the username equals the
password. You will need to replace this with an AuthenticationHandler that
implements your
| local authentication strategy.
You might accomplish this by coding a new such handler and declaring
|
edu.someschool.its.cas.MySpecialHandler here, or you might use one of the
handlers provided in the adaptors modules.
+-->
<bean class="
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler ">
<property name="filter"
value="sAMAccountName=%u" />
<property name="searchBase"
value="[DELETED]" />
<property name="contextSource"
ref="contextSource" />
<property
name="ignorePartialResultException" value="yes" /> <!-- fix because of how
AD returns results -->
</bean>
</list>
</property>
</bean>
<bean id="contextSource" class="
org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="anonymousReadOnly" value="false" />
<property name="pooled" value="true" />
<property name="urls">
<list>
<value>ldap://[DELETED]</value>
</list>
</property>
<property name="userName" value="[DELETED]" />
<property name="password" value="[DELETED]" />
<property name="baseEnvironmentProperties">
<map>
<entry>
<key><value>
java.naming.security.protocol</value></key>
<value>ssl</value>
</entry>
<entry>
<key><value>
java.naming.security.authentication</value></key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
</beans>
On 12/4/07, Jonathan Hayward http://JonathansCorner.com <
christos.jonathan.hayward at gmail.com> wrote:
>
> I was working with a fresh copy, and got the following error after
> changing the root pom.xml file by inserting the requested dependency
> before the others. The error also occurs if I insert it at the end, and it
> builds if I comment the dependency out. cas-server-support-ldap only depends
> on the core.
>
> What would I have done to
>
> $ mvn -Dmaven.test.skip=true clean package install
> [INFO] Scanning for projects...
> [INFO]
> ------------------------------------------------------------------------
> [ERROR] BUILD FAILURE
> [INFO]
> ------------------------------------------------------------------------
> [INFO] The projects in the reactor contain a cyclic reference: Edge
> between 'Vertex{label='org.jasig.cas:cas-server-support-ldap' }' and
> 'Vertex{label='org.jasig.cas:cas-server-support-ldap'}' introduces to
> cycle in the graph org.jasig.c
> as:cas-server-support-ldap --> org.jasig.cas:cas-server-support-ldap
> [INFO]
> ------------------------------------------------------------------------
> [INFO] For more information, run Maven with the -e switch
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Total time: < 1 second
> [INFO] Finished at: Tue Dec 04 13:33:44 CST 2007
> [INFO] Final Memory: 1M/3M
> [INFO]
> ------------------------------------------------------------------------
>
> On Dec 4, 2007 12:44 PM, Scott Battaglia < scott.battaglia at gmail.com>
> wrote:
>
> > If its still authenticating username/username that means that your
> > deployerConfigContext.xml in cas-server-webapp/src/main/webapp/WEB-INF
> > has not been updated or you've deployed an incorrect WAR file.
> >
> > -Scott
> >
> >
> > On Dec 4, 2007 11:41 AM, Jonathan Hayward http://JonathansCorner.com<http://jonathanscorner.com/><christos.jonathan.hayward at gmail.com >
> > wrote:
> >
> > > I had some initial issues with a web proxy handing Maven a "Please
> > > authenticate yourself" redirect when Maven tried to download its first XML
> > > file. Those are solved now.
> > >
> > > After that, I tried a rebuild, wiped Liferay's tmp directory, and
> > > bounced Liferay. It's still authenticating username/username rather than
> > > password/password.
> > >
> > >
> > > On Dec 3, 2007 10:03 PM, Scott Battaglia <scott.battaglia at gmail.com>
> > > wrote:
> > >
> > > > If you have correctly added the cas-server-support-ldap to the
> > > > cas-server-webapp/pom.xml all you should need to do is run
> > > > mvn -Dmaven.test.skip=true clean package install
> > > >
> > > > Then you'll find the war with the correct jars in
> > > > cas-server-webapp/target/cas.war
> > > >
> > > > You'll want to delete any cas directory in the Tomcat webapps just
> > > > to make sure your new one gets deployed correctly.
> > > >
> > > > -Scott
> > > >
> > > >
> > > > On Dec 3, 2007 5:44 PM, Jonathan Hayward http://JonathansCorner.com<http://jonathanscorner.com/><
> > > > christos.jonathan.hayward at gmail.com> wrote:
> > > >
> > > > > I had already placed that in the webapp pom.xml, modulo a variable
> > > > > interpolation for the groupId. I tried adding the jar to the CAS WEB-INF/lib
> > > > > directory; I can't tell any improvement in the behaviour.
> > > > >
> > > > > Are there other possibilities?
> > > > >
> > > > > On Dec 3, 2007 4:15 PM, Dale Ogilvie <Dale.Ogilvie at trimble.co.nz>
> > > > > wrote:
> > > > >
> > > > >
> > > > > > The missing class will be defined in cas-server-support-ldap.
> > > > > > Adding this dependency to the webapp pom.xml should include it
> > > > > > in the built cas.jar
> > > > > >
> > > > > > *-* <dependency>
> > > > > > * * <groupId> *org.jasig.cas*</groupId>
> > > > > > * * <artifactId> *cas-server-support-ldap*</artifactId>
> > > > > > * * <version> *${project.version}*</version>
> > > > > > </dependency>
> > > > > >
> > > > > > Or, as a quick fix you could copy
> > > > > > cas-server-support-ldap-3.1.1.jar to the cas WEB-INF/lib
> > > > > > directory on the app server.
> > > > > >
> > > > > >
> > > > > > ------------------------------
> > > > > > *From:* cas-bounces at tp.its.yale.edu [mailto:
> > > > > > cas-bounces at tp.its.yale.edu] *On Behalf Of *Jonathan Hayward
> > > > > > http://JonathansCorner.com <http://jonathanscorner.com/>
> > > > > >
> > > > > > *Sent:* Tuesday, 4 December 2007 10:30 a.m.
> > > > > > *To:* Yale CAS mailing list
> > > > > > *Subject:* Re: Username/password authentication
> > > > > >
> > > > > >
> > > > > >
> > > > > > I ran through that and got an error on trying to log in to CAS:
> > > > > >
> > > > > > CAS is Unavailable
> > > > > >
> > > > > > There was a fatal error initializing the CAS application
> > > > > > context. This is almost always because of an error in the Spring bean
> > > > > > configuration files. Are the files valid XML? Do the beans they refer to all
> > > > > > exist?
> > > > > >
> > > > > > Before placing CAS in production, you should change this page to
> > > > > > present a UI appropriate for the case where the CAS web application is
> > > > > > fundamentally broken. Perhaps "Sorry, CAS is currently unavailable." with
> > > > > > some links to your user support information.
> > > > > >
> > > > > > The Throwable encountered at context listener initialization
> > > > > > was:
> > > > > >
> > > > > > org.springframework.beans.factory.BeanDefinitionStoreException:
> > > > > > Error registering bean with name 'contextSource' defined in ServletContext
> > > > > > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
> > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]
> > > > > > not found; nested exception is java.lang.ClassNotFoundException:
> > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > > > > >
> > > > > > The Throwable encountered at dispatcher servlet initialization
> > > > > > was:
> > > > > >
> > > > > > org.springframework.beans.factory.BeanDefinitionStoreException:
> > > > > > Error registering bean with name 'contextSource' defined in ServletContext
> > > > > > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
> > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]
> > > > > > not found; nested exception is java.lang.ClassNotFoundException:
> > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > > > > > I built it incorporating changes from http://www.ja-sig.org/wiki/display/CAS/Examples+to+Configure+CAS
> > > > > > and http://www.ja-sig.org/wiki/display/CASUM/LDAP .
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > Yale CAS mailing list
> > > > > > cas at tp.its.yale.edu
> > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > > > ** To see an award-winning website with stories, essays, artwork,
> > > > > ** games, and a four-dimensional maze, why not visit my home page?
> > > > > ** All of this is waiting for you at http://JonathansCorner.com<http://jonathanscorner.com/>
> > > > >
> > > > > _______________________________________________
> > > > > Yale CAS mailing list
> > > > > cas at tp.its.yale.edu
> > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > >
> > > > -Scott Battaglia
> > > >
> > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > >
> > >
> > > --
> > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > ** To see an award-winning website with stories, essays, artwork,
> > > ** games, and a four-dimensional maze, why not visit my home page?
> > > ** All of this is waiting for you at http://JonathansCorner.com<http://jonathanscorner.com/>
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> >
> >
> > --
> > -Scott Battaglia
> >
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
>
> --
> ++ Jonathan Hayward, jonathan.hayward at pobox.com
> ** To see an award-winning website with stories, essays, artwork,
> ** games, and a four-dimensional maze, why not visit my home page?
> ** All of this is waiting for you at http://JonathansCorner.com<http://jonathanscorner.com/>
>
--
++ Jonathan Hayward, jonathan.hayward at pobox.com
** To see an award-winning website with stories, essays, artwork,
** games, and a four-dimensional maze, why not visit my home page?
** All of this is waiting for you at http://JonathansCorner.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071204/6de7b089/attachment-0001.html
More information about the cas
mailing list