Recommended Environment
Andrew R Feller
afelle1 at lsu.edu
Tue Jul 24 16:34:35 EDT 2007
Howdy Rob,
As far as our approach to dealing with Active Directory, I just used the
JAAS handler to send authentication requests using Kerberos rather than
LDAP. This was mainly due to our Active Directory being organized by
budget codes. =P
HTH,
Andrew R Feller, Analyst
Subversion Administrator
University Information Systems
Louisiana State University
afelle1 at lsu.edu
(office) 225.578.3737
-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
On Behalf Of Rob Wiltbank
Sent: Tuesday, July 24, 2007 1:00 PM
To: Yale CAS mailing list
Subject: Re: Recommended Environment
I'd finally gotten maven properly on the go and the demo cas.war
compiled and worked fine -- I'll list the changes I've made and see
about getting guidance on moving forward with AD LDAP authentication:
1) I installed Sun java and used 'alternatives' to begin using it.
2) I built the cas-server-support-ldap with maven.
3) I changed the pom.xml in -webapp and added:
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${project.version}</version>
</dependency>
4) I changed my deployerConfigContext.xml to the following:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredential
sToPrincipalResolver"
/>
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredential
sToPrincipalResolver"
/>
</list>
</property>
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter"
value="sAMAccountName=%u" />
<property name="searchBase" value="ou=Domain
Users,ou=Employees,ou=County,ou=Campus,dc=domain,dc=edu" />
<property name="contextSource"
ref="contextSource" />
<property name="ignorePartialResultException"
value="yes" />
</bean>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldaps://ldap.domain.edu/</value>
</list>
</property>
<property name="userName"
value="cn=myUserName,ou=Domain
Users,ou=Employees,ou=County,ou=Campus,dc=domain,dc=edu"/>
<property name="password" value="myPassword"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
</beans>
In short, I tried to hardset the AD path to my user account and hard
coded my password, just to see if I could get an authentication. Though
the cas.war file compiled fine, when I replaced it within Tomcat and
restarted the application, I then got a 404: The requested resource
(/cas/) is not available, even though the cas/ directory was created.
Any thoughts?
Rob Wiltbank wrote:
>> Have you been able to successfully run the test WAR file on your Red
Hat
>> Enterprise system?
>
> Scott,
>
> I was able to run the test WAR; however, the getting the
deployerConfig
> to be recognized as valid XML (which it was, confirmed by the list),
> failed and only threw java exceptions.
>
> I found a misconfiguration with maven that was preventing the RC
package
> from building properly which I'm doing now, so I'll see if I still
> encounter the same issues when I setup this deployerConfig. If I'm
able
> to get things working, perhaps I'd be permitted to write a
step-by-step
> process for other RHE5 users who are looking for detailed
instructions.
>
> Rob
>
>
>> -Scott
>>
>> On 7/24/07, *Rob Wiltbank* <chade at dtcc.edu <mailto:chade at dtcc.edu>>
wrote:
>>
>> Well, I've been trying for several weeks to get CAS running on
RedHat
>> Enterprise 5 without success, mainly due to incompatibilities
with java
>> -- even the latest RC can't be built with Maven because of
IBM/GNU Java
>> issues.
>>
>> At this point, I'm getting a bit desperate -- before I recommend
a
>> different solution to the college, I'd like to make one
last-ditch
>> effort by taking the RedHat distribution out of the equation. If
any
>> one could kindly answer a few questions for me, I'd greatly
appreciate
>> the time:
>>
>> - What distribution has the greatest chance of successfully
compiling
>> and deploying Maven/CAS?
>>
>> - Are there any recommendations on pre-built packages/RPMs for
these
>> distributions that would facilitate this? Ideally, they'd be
available
>> with the distribution itself.
>>
>> - Have any pre-configured distributions been compiled into an ISO
or
>> even something along the lines of a VMWare appliance been
released from
>> which we can use as a base starting or reference point?
>>
>> Thank you,
>> RHW
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>>
>>
>> --
>> -Scott Battaglia
>>
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>
>>
>>
>>
------------------------------------------------------------------------
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>> !DSPAM:46a607a3109871330615004!
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
> !DSPAM:46a60cae109871527715231!
>
>
>
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
More information about the cas
mailing list