LDAP Authentication using CAS

Scott Battaglia scott.battaglia at gmail.com
Wed Jun 20 07:54:56 EDT 2007 

Yes, that login screen is correct (because you have not modified it at
all).  The exception you are getting is that your LDAP server refused the
connection from the LDAP server.  Your LDAP server may be behind a firewall
or you may be attempting to access it via an incorrect protocol (i.e. ldap
vs. ldaps) for what you are trying to do.  You may want to talk to your LDAP
admins.

-Scott


On 6/20/07, sriram purushothaman <sp_bits at yahoo.com> wrote:
>
>
> Hi
>
> I removed the CAS-FILTER related entries from my CAS web.xml. I am
> attaching it as CAS-web.xml
> I have added the CAS-FILTER related entries in my project's web.xml. I am
> attaching it as project-web.xml
>
> Now, When i give https://localhost:8443/cas/login, i get the
> Security-Alert dialog box and when i click on YES, i get CAS login screen. I
> am attaching this screen also here (cas-login.doc). Is this the correct
> screen, because as per the description in this page "usernames equals
> passwords" is given.
>
> In this login page (if this is the correct page), When i give my Id and
> password and click on LOGIN button, i get an exception. I am attaching the
> exception trace also(exception-on-click-of-login).
>
> In all, i am adding 4 attachments.Sorry for bothering so much.
>
> Please let me know where i am going wrong.
>
> Thanks
>
> *Adrien Futschik <adrien.futschik at atosorigin.com>* wrote:
>
> On Wednesday 20 June 2007 08:18:26 sriram purushothaman wrote:
> > Scott,
> >
> > I am attaching my WEB.XML available under tomcat-5.5.16/cas/WEB-INF
> folder.
> > I have given entries only loginURL, validateURL and ServerName. I have
> not
> > given an entry for ServiceURL. Is that required?
> >
> > Please check my web.xml and tell me which URL should I use in my IE?
> > I tried using http://localhost:8080/cas/login. I got CAS login page. But
> > after giving my credentials i got an exception. My LDAP auth did not
> happen
> >
> > Thanks
> >
> > Scott Battaglia <scott.battaglia at gmail.com> wrote: This might help you:
> > http://www.ja-sig.org/wiki/display/CASUM/LDAP
> >
> > (note that the first step about the dependency relates to CAS 3.1 and
> not
> > CAS 3.0.x but the rest of the information should be okay).
> >
> > -Scott
> >
> > On 6/19/07, sriram purushothaman <sp_bits at yahoo.com> wrote: Please check
> > this bean entry in deployer..xml <bean id="contextSource"
> > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> > <property name="authenticatedReadOnly" value="false" /> <property
> > name="userName" value="" />
> > <property name="password" value="" />
> > <property name="urls">
> > <list>
> > <value>ldap://XX.XXX.X.XXX:389/</value>
> > </list>
> > </property>
> >
> > <property name="baseEnvironmentProperties">
> > <map>
> > <entry>
> >
> > <key><value>java.naming.security.authentication</value></key>
> > <value>simple</value>
> > </entry>
> > </map>
> > </property>
> > </bean>
> >
> > What should i give for UserName and Password?
> > Should i give the Distinguished Name and password that i normally use in
> > httpd.conf(Apache web-server + weblogic) and what should i give for URLs
> > list
> >
> > Please let me know
> >
> > Thanks
> >
> > Scott Battaglia <scott.battaglia at gmail.com> wrote: If you're using a
> > non-Sun JVM, then you need to set the "responseControlFactory" property
> on
> > the ContextSource. The default is an internal Sun implementation.
> >
> > -Scott
> >
> > On 6/19/07, sriram purushothaman <sp_bits at yahoo.com> wrote: Hi
> >
> > I have done LDAP authentication using Apache Webserver 2.0.59 and
> Weblogic
> > 8.1 and I am successful with it. Now i want to do it with CAS.
> >
> > I am new to CAS and i am trying out few stuff. I am using Tomcat 5.5.16,
> > JDK 1.42
> >
> > 1. I have download cas-server-3.0.7 and cas-client-java-2.1.1
> > 2. I have downloaded cas-server-ldap-3.0.7 JAR , spring-ldap1.1.2 JAR,
> > ldapbp1.0 JAR and put these 3 JARs in localplugins/lib folder. 3. Did
> ant
> > jar and ant war. Got the localplugins.jar and the WAR file 4. I changed
> my
> > deployerConfigContext.xml. I have attached the same here.Please check
> and
> > tell me whether it is correct. 5. Copied the WAR into my tomcat/webapps
> > 6. When i start my tomcat, i am getting the attached error.
> >
> > I have downloaded this folder structure com.sun.jndi.ldap.<>, but not
> sure
> > what to do with it.
> >
> > Regards,
> > Sriram
> >
> >
> > ---------------------------------
> > Don't pick lemons.
> > See all the new 2007 cars at Yahoo! Autos.
> >
> >
> > 2007-06-19 14:55:45,250 ERROR
> > [org.springframework.web.context.ContextLoader] - <Context
> initialization
> > failed> org.springframework.beans.factory.BeanCreationException: Error
> > creating bean with name 'centralAuthenticationService' defined in
> > ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot
> resolve
> > reference to bean 'authenticationManager' while setting bean property
> > 'authenticationManager'; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'authenticationManager' defined in ServletContext
> resource
> > [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean '
> > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752' of
> type
> > [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] while
> setting
> > bean property 'authenticationHandlers' with key [1]; nested exception is
>
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name
> > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752'
> defined
> > in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot
> > resolv!
> > e reference to bean 'contextSource' while setting bean property
> > 'contextSource'; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'contextSource' defined in ServletContext resource
> > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> nested
> > exception is java.lang.NoClassDefFoundError:
> > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'authenticationManager' defined in ServletContext
> resource
> > [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean '
> > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752' of
> type
> > [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] while
> setting
> > bean property 'authenticationHandlers' with key [1]; nested exception is
>
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name
> > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752'
> defined
> > in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot
> > resolve reference to bean 'contextSource' while setting bean property
> > 'contextSource'; nested exception is
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'contextSource' defined in ServletContext resource
> > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> nested
> > exce!
> > ption is java.lang.NoClassDefFoundError:
> > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name
> > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752 '
> > defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]:
> > Cannot resolve reference to bean 'contextSource' while setting bean
> > property 'contextSource'; nested exception is
> > org.springframework.beans.factory.BeanCreationException : Error creating
> > bean with name 'contextSource' defined in ServletContext resource
> > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> nested
> > exception is java.lang.NoClassDefFoundError:
> > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > org.springframework.beans.factory.BeanCreationException: Error creating
> > bean with name 'contextSource' defined in ServletContext resource
> > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> nested
> > exception is java.lang.NoClassDefFoundError:
> > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > java.lang.NoClassDefFoundError:
> > com.sun.jndi.ldap.ctl.ResponseControlFactory at
> > org.springframework.ldap.support.LdapContextSource.class$
> > (LdapContextSource.java:42) at
> > org.springframework.ldap.support.LdapContextSource
> .<clinit>(LdapContextSour
> >ce.java:42) at sun.reflect.NativeConstructorAccessorImpl.newInstance0
> (Native
> > Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance
> > (NativeConstructorAccessorImpl.java:39) at
> > sun.reflect.DelegatingConstructorAccessorImpl.newInstance
> (DelegatingConstru
> >ctorAccessorImpl.java:27) at
> > java.lang.reflect.Constructor.newInstance(Constructor.java :274) at
> > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:84)
> at
> > org.springframework.beans.BeanUtils.instantiateClass (BeanUtils.java:60)
> at
> >
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.insta
> >ntiate (SimpleInstantiationStrategy.java:45) at
> >
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> >y.instantiateBean (AbstractAutowireCapableBeanFactory.java:739) at
> >
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> >y.createBeanInstance (AbstractAutowireCapableBeanFactory.java:727) at
> >
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> >y.createBean (AbstractAutowireCapableBeanFactory.java:390) at
> >
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject
> > (AbstractBeanFactory.java:254) at
> >
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getS
> >ingleton (DefaultSingletonBeanRegistry.java:144) at
> > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > (AbstractBeanFactory.java:251) at
> > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > (AbstractBeanFactory.java:163) at
> >
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> >veReference(BeanDefinitionValueResolver.java :271) at
> >
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> >veValueIfNecessary (BeanDefinitionValueResolver.java:128) at
> >
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> >y.applyPropertyValues (AbstractAutowireCapableBeanFactory.java:1047) at
> >
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> >y.populateBean (AbstractAutowireCapableBeanFactory.java:843) at
> >
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> >y.createBean (AbstractAutowireCapableBeanFactory.java:427) at
> >
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> >veInnerBean (BeanDefinitionValueResolver.java:221) at
> >
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> >veValueIfNecessary (BeanDefinitionValueResolver.java:111) at
> >
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> >veManagedList (BeanDefinitionValueResolver.java:291) at
> >
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> >veValueIfNecessary (BeanDefinitionValueResolver.java:132) at
> >
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> >y.applyPropertyValues (AbstractAutowireCapableBeanFactory.java:1047) at
> >
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> >y.populateBean (AbstractAutowireCapableBeanFactory.java:843) at
> >
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> >y.createBean (AbstractAutowireCapableBeanFactory.java:427) at
> >
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject
> > (AbstractBeanFactory.java:254) at
> >
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getS
> >ingleton (DefaultSingletonBeanRegistry.java:144) at
> > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > (AbstractBeanFactory.java:251) at
> > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > (AbstractBeanFactory.java:163)
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
> >
> >
> >
> > --
> > -Scott Battaglia
> >
> >
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > _______________________________________________ Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
> > ---------------------------------
> > We won't tell. Get more on shows you hate to love
> > (and love to hate): Yahoo! TV's Guilty Pleasures list.
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
>  you mixed up a few things. The cas-filter is to be used with your client
> application not with cas. This means that your web.xml for cas is wrong.
> It should look like this ....
>  <?xml version="1.0" encoding="ISO-8859-1"?>
> <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
>  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
>  version="2.4">
>  <display-name>Central Authentication System (CAS) 3.0</display-name>
>  <context-param>
>  <param-name>contextConfigLocation</param-name>
>  <param-value>
>  /WEB-INF/applicationContext.xml,
>  /WEB-INF/deployerConfigContext.xml
>  </param-value>
>  </context-param>
>   <!-- DEBUT Ajout pour OPIAM -->
>  <filter>
>  <filter-name>additional cookie</filter-name>
>  <filter-class>com.atosorigin.opiam.auth.cas.CreateAdditionalCookie
> </filter-class>
>  </filter>
>   <filter-mapping>
>  <filter-name>additional cookie</filter-name>
>  <url-pattern>/*</url-pattern>
>  </filter-mapping>
>   <!-- FIN Ajout pour OPIAM -->
>  <!--
>  place this into the contextConfigLocation to enable
>  service restrictions.
>  /WEB-INF/approvedServices.xml, .....
>  In fact I didn't not even change anything in-there.
> The first thing you have to do is try out https connection to CAS. For me
> it was :
>  https://localhost:8443/cas/login but by default the port is 8444, so it
> would be
> https://localhost:8444/cas/login
> Then if you've made the changes you need to in deployerConfigContext.xml,
> you should be able to authenticate with a valid user&password.
>  See my configuration attached.
>  Hope it helps
>  --
> Futschik Adrien
> Atos Origin
> Tour "Les Miroirs"
> 18, avenue d'Alsace
> 92296 Paris La Défense Cedex
> FRANCE
>
> Phone: +33 (0) 1 55 91 24 82
>  adrien.futschik at atosorigin.com
> www.si.fr.atosorigin.com
>
>
>
>
>
>
> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>
>
>
>
>
> class="
> org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> />
>
>
> class="
> org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> />
>
>
>
>
>
>
>
>
> class="
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> >
>
>
>
>
>
> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ldap://localhost:4800/
>
>
>
>
>
>
> java.naming.security.authentication
> simple
>
>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------
> You snooze, you lose. Get messages ASAP with AutoCheck<http://us.rd.yahoo.com/evt=47959/*http://advision.webevents.yahoo.com/mailbeta/newmail_html.html>
> in the all-new Yahoo! Mail Beta.
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070620/eba8cdc9/attachment.html

More information about the cas mailing list