Username/password authentication
Scott Battaglia
scott.battaglia at gmail.com
Tue Dec 4 15:52:42 EST 2007
Which pom.xml did you edit?
On Dec 4, 2007 3:24 PM, Jonathan Hayward http://JonathansCorner.com <
christos.jonathan.hayward at gmail.com> wrote:
> P.S.
>
> From a fresh computer I installed maven, downloaded a fresh copy of
> http://www.ja-sig.org/downloads/cas/cas-server-3.1.1-release.zip ,
> unzipped it, changed pom.xml by adding:
>
> <dependency>
> <groupId>${project.groupId}</groupId>
> <artifactId> cas-server-support-ldap</artifactId>
> <version>${project.version}</version>
> </dependency>
>
> and cas-server-3.1.1/cas-server-webapp/src/main/webapp/WEB-INF/deployeConfigContext.xml
> by adding what's at the end of this e-mail, and then running:
>
> mvn -Dmaven.test.skip=true package install
>
> I got the cyclical dependency error I reported earlier. Is there something
> wrong with the sanitized XML below that would have introduced a dependency
> from cas-server-support-ldap onto itself?
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "
> http://www.springframework.org/dtd/spring-beans.dtd">
> <!--
> | deployerConfigContext.xml centralizes into one file some of the
> declarative configuration that
> | all CAS deployers will need to modify.
> |
> | This file declares some of the Spring-managed JavaBeans that
> make up a CAS deployment.
> | The beans declared in this file are instantiated at context
> initialization time by the Spring
> | ContextLoaderListener declared in web.xml. It finds this file
> because this
> | file is among those declared in the context parameter
> "contextConfigLocation".
> |
> | By far the most common change you will need to make in this file
> is to change the last bean
> | declaration to replace the default
> SimpleTestUsernamePasswordAuthenticationHandler with
> | one implementing your approach for authenticating usernames and
> passwords.
> +-->
> <beans>
> <!--
> | This bean declares our AuthenticationManager. The
> CentralAuthenticationService service bean
> | declared in applicationContext.xml picks up this
> AuthenticationManager by reference to its id,
> | "authenticationManager". Most deployers will be able to
> use the default AuthenticationManager
> | implementation and so do not need to change the class of
> this bean. We include the whole
> | AuthenticationManager here in the userConfigContext.xmlso that you can see the things you will
> | need to change in context.
> +-->
> <bean id="authenticationManager"
> class="
> org.jasig.cas.authentication.AuthenticationManagerImpl">
> <!--
> | This is the List of
> CredentialToPrincipalResolvers that identify what Principal is trying to
> authenticate.
> | The AuthenticationManagerImpl considers them in
> order, finding a CredentialToPrincipalResolver which
> | supports the presented credentials.
> |
> | AuthenticationManagerImpl uses these resolvers
> for two purposes. First, it uses them to identify the Principal
> | attempting to authenticate to CAS /login . In
> the default configuration, it is the DefaultCredentialsToPrincipalResolver
> | that fills this role. If you are using some
> other kind of credentials than UsernamePasswordCredentials, you will need to
> replace
> | DefaultCredentialsToPrincipalResolver with a
> CredentialsToPrincipalResolver that supports the credentials you are
> | using.
> |
> | Second, AuthenticationManagerImpl uses these
> resolvers to identify a service requesting a proxy granting ticket.
> | In the default configuration, it is the
> HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
> | You will need to change this list if you are
> identifying services by something more or other than their callback URL.
> +-->
> <property name="credentialsToPrincipalResolvers">
> <list>
> <!--
> |
> UsernamePasswordCredentialsToPrincipalResolver supports the
> UsernamePasswordCredentials that we use for /login
> | by default and produces
> SimplePrincipal instances conveying the username from the credentials.
> |
> | If you've changed your
> LoginFormAction to use credentials other than UsernamePasswordCredentials
> then you will also
> | need to change this bean
> declaration (or add additional declarations) to declare a
> CredentialsToPrincipalResolver that supports the
> | Credentials you are using.
> +-->
> <bean
> class="
> org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
> <!--
> |
> HttpBasedServiceCredentialsToPrincipalResolver supports
> HttpBasedCredentials. It supports the CAS 2.0 approach of
> | authenticating services by SSL
> callback, extracting the callback URL from the Credentials and representing
> it as a
> | SimpleService identified by that
> callback URL.
> |
> | If you are representing services
> by something more or other than an HTTPS URL whereat they are able to
> | receive a proxy callback, you
> will need to change this bean declaration (or add additional declarations).
> +-->
> <bean
> class="
> org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> />
> </list>
> </property>
>
> <!--
> | Whereas CredentialsToPrincipalResolvers identify
> who it is some Credentials might authenticate,
> | AuthenticationHandlers actually authenticate
> credentials. Here we declare the AuthenticationHandlers that
> | authenticate the Principals that the
> CredentialsToPrincipalResolvers identified. CAS will try these handlers in
> turn
> | until it finds one that both supports the
> Credentials presented and succeeds in authenticating.
> +-->
> <property name="authenticationHandlers">
> <list>
> <!--
> | This is the authentication
> handler that authenticates services by means of callback via SSL, thereby
> validating
> | a server side SSL certificate.
> +-->
> <bean
> class="
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> />
>
> <!--
> | This is the authentication
> handler declaration that every CAS deployer will need to change before
> deploying CAS
> | into production. The default
> SimpleTestUsernamePasswordAuthenticationHandler authenticates
> UsernamePasswordCredentials
> | where the username equals the
> password. You will need to replace this with an AuthenticationHandler that
> implements your
> | local authentication strategy.
> You might accomplish this by coding a new such handler and declaring
> |
> edu.someschool.its.cas.MySpecialHandler here, or you might use one of the
> handlers provided in the adaptors modules.
> +-->
> <bean class="
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler ">
> <property name="filter"
> value="sAMAccountName=%u" />
> <property name="searchBase"
> value="[DELETED]" />
> <property name="contextSource"
> ref="contextSource" />
> <property
> name="ignorePartialResultException" value="yes" /> <!-- fix because of how
> AD returns results -->
> </bean>
>
>
> </list>
> </property>
> </bean>
>
> <bean id="contextSource" class="
> org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> <property name="anonymousReadOnly" value="false" />
> <property name="pooled" value="true" />
> <property name="urls">
> <list>
> <value>ldap://[DELETED]</value>
> </list>
> </property>
> <property name="userName" value="[DELETED]" />
> <property name="password" value="[DELETED]" />
> <property name="baseEnvironmentProperties">
> <map>
> <entry>
> <key><value>
> java.naming.security.protocol</value></key>
> <value>ssl</value>
> </entry>
> <entry>
> <key><value>
> java.naming.security.authentication</value></key>
> <value>simple</value>
> </entry>
> </map>
> </property>
> </bean>
>
> </beans>
>
> On 12/4/07, Jonathan Hayward http://JonathansCorner.com <christos.jonathan.hayward at gmail.com
> > wrote:
> >
> > I was working with a fresh copy, and got the following error after
> > changing the root pom.xml file by inserting the requested dependency
> > before the others. The error also occurs if I insert it at the end, and it
> > builds if I comment the dependency out. cas-server-support-ldap only depends
> > on the core.
> >
> > What would I have done to
> >
> > $ mvn -Dmaven.test.skip=true clean package install
> > [INFO] Scanning for projects...
> > [INFO]
> > ------------------------------------------------------------------------
> > [ERROR] BUILD FAILURE
> > [INFO]
> > ------------------------------------------------------------------------
> > [INFO] The projects in the reactor contain a cyclic reference: Edge
> > between 'Vertex{label='org.jasig.cas:cas-server-support-ldap ' }' and
> > 'Vertex{label='org.jasig.cas:cas-server-support-ldap'}' introduces to
> > cycle in the graph org.jasig.c
> > as:cas-server-support-ldap --> org.jasig.cas:cas-server-support-ldap
> > [INFO]
> > ------------------------------------------------------------------------
> > [INFO] For more information, run Maven with the -e switch
> > [INFO]
> > ------------------------------------------------------------------------
> > [INFO] Total time: < 1 second
> > [INFO] Finished at: Tue Dec 04 13:33:44 CST 2007
> > [INFO] Final Memory: 1M/3M
> > [INFO]
> > ------------------------------------------------------------------------
> >
> > On Dec 4, 2007 12:44 PM, Scott Battaglia < scott.battaglia at gmail.com>
> > wrote:
> >
> > > If its still authenticating username/username that means that your
> > > deployerConfigContext.xml in cas-server-webapp/src/main/webapp/WEB-INF
> > > has not been updated or you've deployed an incorrect WAR file.
> > >
> > > -Scott
> > >
> > >
> > > On Dec 4, 2007 11:41 AM, Jonathan Hayward http://JonathansCorner.com<http://jonathanscorner.com/><christos.jonathan.hayward at gmail.com >
> > > wrote:
> > >
> > > > I had some initial issues with a web proxy handing Maven a "Please
> > > > authenticate yourself" redirect when Maven tried to download its first XML
> > > > file. Those are solved now.
> > > >
> > > > After that, I tried a rebuild, wiped Liferay's tmp directory, and
> > > > bounced Liferay. It's still authenticating username/username rather than
> > > > password/password.
> > > >
> > > >
> > > > On Dec 3, 2007 10:03 PM, Scott Battaglia <scott.battaglia at gmail.com>
> > > > wrote:
> > > >
> > > > > If you have correctly added the cas-server-support-ldap to the
> > > > > cas-server-webapp/pom.xml all you should need to do is run
> > > > > mvn -Dmaven.test.skip=true clean package install
> > > > >
> > > > > Then you'll find the war with the correct jars in
> > > > > cas-server-webapp/target/cas.war
> > > > >
> > > > > You'll want to delete any cas directory in the Tomcat webapps just
> > > > > to make sure your new one gets deployed correctly.
> > > > >
> > > > > -Scott
> > > > >
> > > > >
> > > > > On Dec 3, 2007 5:44 PM, Jonathan Hayward
> > > > > http://JonathansCorner.com <http://jonathanscorner.com/> <christos.jonathan.hayward at gmail.com>
> > > > > wrote:
> > > > >
> > > > > > I had already placed that in the webapp pom.xml, modulo a
> > > > > > variable interpolation for the groupId. I tried adding the jar to the CAS
> > > > > > WEB-INF/lib directory; I can't tell any improvement in the behaviour.
> > > > > >
> > > > > > Are there other possibilities?
> > > > > >
> > > > > > On Dec 3, 2007 4:15 PM, Dale Ogilvie <
> > > > > > Dale.Ogilvie at trimble.co.nz> wrote:
> > > > > >
> > > > > >
> > > > > > > The missing class will be defined in
> > > > > > > cas-server-support-ldap. Adding this dependency to the webapp
> > > > > > > pom.xml should include it in the built cas.jar
> > > > > > >
> > > > > > > *-* <dependency>
> > > > > > > * * <groupId> *org.jasig.cas*</groupId>
> > > > > > > * * <artifactId> *cas-server-support-ldap*</artifactId>
> > > > > > > * * <version> *${project.version}*</version>
> > > > > > > </dependency>
> > > > > > >
> > > > > > > Or, as a quick fix you could copy
> > > > > > > cas-server-support-ldap-3.1.1.jar to the cas WEB-INF/lib
> > > > > > > directory on the app server.
> > > > > > >
> > > > > > >
> > > > > > > ------------------------------
> > > > > > > *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
> > > > > > > *On Behalf Of *Jonathan Hayward http://JonathansCorner.com<http://jonathanscorner.com/>
> > > > > > >
> > > > > > > * Sent:* Tuesday, 4 December 2007 10:30 a.m.
> > > > > > > *To:* Yale CAS mailing list
> > > > > > > *Subject:* Re: Username/password authentication
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > I ran through that and got an error on trying to log in to
> > > > > > > CAS:
> > > > > > >
> > > > > > > CAS is Unavailable
> > > > > > >
> > > > > > > There was a fatal error initializing the CAS application
> > > > > > > context. This is almost always because of an error in the Spring bean
> > > > > > > configuration files. Are the files valid XML? Do the beans they refer to all
> > > > > > > exist?
> > > > > > >
> > > > > > > Before placing CAS in production, you should change this page
> > > > > > > to present a UI appropriate for the case where the CAS web application is
> > > > > > > fundamentally broken. Perhaps "Sorry, CAS is currently unavailable." with
> > > > > > > some links to your user support information.
> > > > > > >
> > > > > > > The Throwable encountered at context listener initialization
> > > > > > > was:
> > > > > > >
> > > > > > > org.springframework.beans.factory.BeanDefinitionStoreException:
> > > > > > > Error registering bean with name 'contextSource' defined in ServletContext
> > > > > > > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
> > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]
> > > > > > > not found; nested exception is
> > > > > > > java.lang.ClassNotFoundException:
> > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > > > > > >
> > > > > > > The Throwable encountered at dispatcher servlet initialization
> > > > > > > was:
> > > > > > >
> > > > > > > org.springframework.beans.factory.BeanDefinitionStoreException:
> > > > > > > Error registering bean with name 'contextSource' defined in ServletContext
> > > > > > > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
> > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]
> > > > > > > not found; nested exception is
> > > > > > > java.lang.ClassNotFoundException:
> > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > > > > > > I built it incorporating changes from http://www.ja-sig.org/wiki/display/CAS/Examples+to+Configure+CAS
> > > > > > > and http://www.ja-sig.org/wiki/display/CASUM/LDAP .
> > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Yale CAS mailing list
> > > > > > > cas at tp.its.yale.edu
> > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > > > > ** To see an award-winning website with stories, essays,
> > > > > > artwork,
> > > > > > ** games, and a four-dimensional maze, why not visit my home
> > > > > > page?
> > > > > > ** All of this is waiting for you at http://JonathansCorner.com
> > > > > > <http://jonathanscorner.com/>
> > > > > >
> > > > > > _______________________________________________
> > > > > > Yale CAS mailing list
> > > > > > cas at tp.its.yale.edu
> > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > -Scott Battaglia
> > > > >
> > > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > > >
> > > > > _______________________________________________
> > > > > Yale CAS mailing list
> > > > > cas at tp.its.yale.edu
> > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > > ** To see an award-winning website with stories, essays, artwork,
> > > > ** games, and a four-dimensional maze, why not visit my home page?
> > > > ** All of this is waiting for you at http://JonathansCorner.com<http://jonathanscorner.com/>
> > > >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > >
> > >
> > > --
> > > -Scott Battaglia
> > >
> > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> >
> >
> > --
> > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > ** To see an award-winning website with stories, essays, artwork,
> > ** games, and a four-dimensional maze, why not visit my home page?
> > ** All of this is waiting for you at http://JonathansCorner.com
> > <http://jonathanscorner.com/>
> >
>
>
>
> --
> ++ Jonathan Hayward, jonathan.hayward at pobox.com
> ** To see an award-winning website with stories, essays, artwork,
> ** games, and a four-dimensional maze, why not visit my home page?
> ** All of this is waiting for you at http://JonathansCorner.com
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071204/a4a899b0/attachment.html
More information about the cas
mailing list