LDAP Authentication using CAS

Scott Battaglia scott.battaglia at gmail.com
Wed Jun 20 08:49:36 EDT 2007 

Unless your LDAP server and CAS are on the same machine you don't want to
use localhost as the server name. Also, this is just a guess, but your
searchbase of "*cn=Admin
Annuity,OU=MUMBAI,OU=INDIA,OU=myCompanyusers,dc=myCompany,dc=com"* might be
too specific.

-Scott

On 6/20/07, sriram purushothaman <sp_bits at yahoo.com> wrote:
>
>
> Scott,
>
> Did you check my two XMLs. are they okay. I just want to know.
>
> I am attaching a plain java program which does LDAP authentication
> correctly. It authenticates the sAMAccountName (basically employee-id) which
> i give in the program.
>
> Please look at the value that is put for Context.PROVIDER_URL. Is this the
> IP which i should give in my deployerConfig..xml for URLs property.
> Currently i have given something like "localhost:389".
>
> Please let me know.
>
> Thanks
>
>
> *Scott Battaglia <scott.battaglia at gmail.com>* wrote:
>
> Yes, that login screen is correct (because you have not modified it at
> all).  The exception you are getting is that your LDAP server refused the
> connection from the LDAP server.  Your LDAP server may be behind a firewall
> or you may be attempting to access it via an incorrect protocol ( i.e.
> ldap vs. ldaps) for what you are trying to do.  You may want to talk to your
> LDAP admins.
>
> -Scott
>
>
> On 6/20/07, sriram purushothaman < sp_bits at yahoo.com> wrote:
> >
> >
> > Hi
> >
> > I removed the CAS-FILTER related entries from my CAS web.xml. I am
> > attaching it as CAS-web.xml
> > I have added the CAS-FILTER related entries in my project's web.xml. I
> > am attaching it as project-web.xml
> >
> > Now, When i give https://localhost:8443/cas/login, i get the
> > Security-Alert dialog box and when i click on YES, i get CAS login screen. I
> > am attaching this screen also here (cas-login.doc). Is this the correct
> > screen, because as per the description in this page "usernames equals
> > passwords" is given.
> >
> > In this login page (if this is the correct page), When i give my Id and
> > password and click on LOGIN button, i get an exception. I am attaching the
> > exception trace also(exception-on-click-of-login).
> >
> > In all, i am adding 4 attachments.Sorry for bothering so much.
> >
> > Please let me know where i am going wrong.
> >
> > Thanks
> >
> > *Adrien Futschik < adrien.futschik at atosorigin.com>* wrote:
> >
> > On Wednesday 20 June 2007 08:18:26 sriram purushothaman wrote:
> > > Scott,
> > >
> > > I am attaching my WEB.XML available under tomcat-5.5.16/cas/WEB-INF
> > folder.
> > > I have given entries only loginURL, validateURL and ServerName. I have
> > not
> > > given an entry for ServiceURL. Is that required?
> > >
> > > Please check my web.xml and tell me which URL should I use in my IE?
> > > I tried using http://localhost:8080/cas/login. I got CAS login page.
> > But
> > > after giving my credentials i got an exception. My LDAP auth did not
> > happen
> > >
> > > Thanks
> > >
> >  > Scott Battaglia <scott.battaglia at gmail.com> wrote: This might help
> > you:
> > > http://www.ja-sig.org/wiki/display/CASUM/LDAP
> > >
> > > (note that the first step about the dependency relates to CAS 3.1 and
> > not
> > > CAS 3.0.x but the rest of the information should be okay).
> > >
> > > -Scott
> > >
> > > On 6/19/07, sriram purushothaman <sp_bits at yahoo.com> wrote: Please
> > check
> > > this bean entry in deployer..xml <bean id="contextSource"
> > > class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > ">
> > > <property name="authenticatedReadOnly" value="false" /> <property
> > > name="userName" value="" />
> > > <property name="password" value="" />
> > > <property name="urls">
> > > <list>
> > > <value>ldap://XX.XXX.X.XXX:389/</value>
> > > </list>
> > > </property>
> > >
> > > <property name="baseEnvironmentProperties">
> > > <map>
> >  > <entry>
> > >
> > > <key><value>java.naming.security.authentication</value></key>
> >  > <value>simple</value>
> > > </entry>
> > > </map>
> > > </property>
> > > </bean>
> > >
> > > What should i give for UserName and Password?
> > > Should i give the Distinguished Name and password that i normally use
> > in
> > > httpd.conf(Apache web-server + weblogic) and what should i give for
> > URLs
> > > list
> > >
> > > Please let me know
> > >
> > > Thanks
> > >
> > > Scott Battaglia <scott.battaglia at gmail.com > wrote: If you're using a
> > > non-Sun JVM, then you need to set the "responseControlFactory"
> > property on
> > > the ContextSource. The default is an internal Sun implementation.
> > >
> > > -Scott
> > >
> > > On 6/19/07, sriram purushothaman <sp_bits at yahoo.com > wrote: Hi
> > >
> > > I have done LDAP authentication using Apache Webserver 2.0.59 and
> > Weblogic
> > > 8.1 and I am successful with it. Now i want to do it with CAS.
> > >
> > > I am new to CAS and i am trying out few stuff. I am using Tomcat
> > 5.5.16,
> > > JDK 1.42
> > >
> > > 1. I have download cas-server-3.0.7 and cas-client-java-2.1.1
> >  > 2. I have downloaded cas-server-ldap-3.0.7 JAR , spring-ldap1.1.2JAR,
> > > ldapbp1.0 JAR and put these 3 JARs in localplugins/lib folder. 3. Did
> > ant
> > > jar and ant war. Got the localplugins.jar and the WAR file 4. I
> > changed my
> > > deployerConfigContext.xml. I have attached the same here.Please check
> > and
> > > tell me whether it is correct. 5. Copied the WAR into my
> > tomcat/webapps
> > > 6. When i start my tomcat, i am getting the attached error.
> > >
> > > I have downloaded this folder structure com.sun.jndi.ldap.<>, but not
> > sure
> > > what to do with it.
> > >
> > > Regards,
> > > Sriram
> > >
> > >
> > > ---------------------------------
> > > Don't pick lemons.
> > > See all the new 2007 cars at Yahoo! Autos.
> > >
> > >
> > > 2007-06-19 14:55:45,250 ERROR
> > > [org.springframework.web.context.ContextLoader ] - <Context
> > initialization
> > > failed> org.springframework.beans.factory.BeanCreationException: Error
> > > creating bean with name 'centralAuthenticationService' defined in
> > > ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot
> > resolve
> > > reference to bean 'authenticationManager' while setting bean property
> > > 'authenticationManager'; nested exception is
> > > org.springframework.beans.factory.BeanCreationException : Error
> > creating
> > > bean with name 'authenticationManager' defined in ServletContext
> > resource
> > > [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean '
> > > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752 ' of
> > type
> > > [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] while
> > setting
> > > bean property 'authenticationHandlers' with key [1]; nested exception
> > is
> > > org.springframework.beans.factory.BeanCreationException: Error
> > creating
> > > bean with name
> > > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752'
> > defined
> > > in ServletContext resource [/WEB-INF/deployerConfigContext.xml]:
> > Cannot
> > > resolv!
> > > e reference to bean 'contextSource' while setting bean property
> > > 'contextSource'; nested exception is
> > > org.springframework.beans.factory.BeanCreationException : Error
> > creating
> > > bean with name 'contextSource' defined in ServletContext resource
> > > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> > nested
> > > exception is java.lang.NoClassDefFoundError:
> > > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > > org.springframework.beans.factory.BeanCreationException: Error
> > creating
> > > bean with name 'authenticationManager' defined in ServletContext
> > resource
> > > [/WEB-INF/deployerConfigContext.xml]: Cannot create inner bean '
> > > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752' of
> > type
> > > [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] while
> > setting
> > > bean property 'authenticationHandlers' with key [1]; nested exception
> > is
> > > org.springframework.beans.factory.BeanCreationException : Error
> > creating
> > > bean with name
> > > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752'
> > defined
> > > in ServletContext resource [/WEB-INF/deployerConfigContext.xml]:
> > Cannot
> > > resolve reference to bean 'contextSource' while setting bean property
> > > 'contextSource'; nested exception is
> > > org.springframework.beans.factory.BeanCreationException : Error
> > creating
> > > bean with name 'contextSource' defined in ServletContext resource
> > > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> > nested
> > > exce!
> > > ption is java.lang.NoClassDefFoundError:
> > > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > > org.springframework.beans.factory.BeanCreationException: Error
> > creating
> > > bean with name
> > > 'org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler#b2e752 '
> > > defined in ServletContext resource
> > [/WEB-INF/deployerConfigContext.xml]:
> > > Cannot resolve reference to bean 'contextSource' while setting bean
> > > property 'contextSource'; nested exception is
> > > org.springframework.beans.factory.BeanCreationException : Error
> > creating
> > > bean with name 'contextSource' defined in ServletContext resource
> > > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> > nested
> > > exception is java.lang.NoClassDefFoundError:
> > > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > > org.springframework.beans.factory.BeanCreationException: Error
> > creating
> > > bean with name 'contextSource' defined in ServletContext resource
> > > [/WEB-INF/deployerConfigContext.xml]: Instantiation of bean failed;
> > nested
> > > exception is java.lang.NoClassDefFoundError:
> > > com.sun.jndi.ldap.ctl.ResponseControlFactory Caused by:
> > > java.lang.NoClassDefFoundError:
> > > com.sun.jndi.ldap.ctl.ResponseControlFactory at
> > > org.springframework.ldap.support.LdapContextSource.class$
> > > (LdapContextSource.java :42) at
> > > org.springframework.ldap.support.LdapContextSource
> > .<clinit>(LdapContextSour
> > >ce.java:42) at sun.reflect.NativeConstructorAccessorImpl.newInstance0
> > (Native
> > > Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance
> > > (NativeConstructorAccessorImpl.java:39) at
> > > sun.reflect.DelegatingConstructorAccessorImpl.newInstance
> > (DelegatingConstru
> > > ctorAccessorImpl.java:27) at
> > > java.lang.reflect.Constructor.newInstance(Constructor.java :274) at
> > > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:84)
> > at
> > > org.springframework.beans.BeanUtils.instantiateClass (BeanUtils.java:60)
> > at
> > >
> > org.springframework.beans.factory.support.SimpleInstantiationStrategy.insta
> > >ntiate (SimpleInstantiationStrategy.java:45) at
> > >
> > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > >y.instantiateBean (AbstractAutowireCapableBeanFactory.java:739) at
> > >
> > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > >y.createBeanInstance (AbstractAutowireCapableBeanFactory.java:727) at
> > >
> > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > >y.createBean (AbstractAutowireCapableBeanFactory.java:390) at
> > >
> > org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject
> > > (AbstractBeanFactory.java:254) at
> > >
> > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getS
> > >ingleton (DefaultSingletonBeanRegistry.java:144) at
> > > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > > (AbstractBeanFactory.java:251) at
> > > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > > (AbstractBeanFactory.java:163) at
> > >
> > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> >  >veReference(BeanDefinitionValueResolver.java :271) at
> > >
> > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > >veValueIfNecessary (BeanDefinitionValueResolver.java:128) at
> > >
> > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > >y.applyPropertyValues (AbstractAutowireCapableBeanFactory.java:1047) at
> > >
> > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > >y.populateBean (AbstractAutowireCapableBeanFactory.java :843) at
> > >
> > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > >y.createBean (AbstractAutowireCapableBeanFactory.java:427) at
> > >
> > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > >veInnerBean (BeanDefinitionValueResolver.java:221) at
> > >
> > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > >veValueIfNecessary (BeanDefinitionValueResolver.java:111) at
> > >
> > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > >veManagedList (BeanDefinitionValueResolver.java:291) at
> > >
> > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resol
> > >veValueIfNecessary (BeanDefinitionValueResolver.java:132) at
> > >
> > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > >y.applyPropertyValues (AbstractAutowireCapableBeanFactory.java:1047) at
> > >
> > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > >y.populateBean (AbstractAutowireCapableBeanFactory.java :843) at
> > >
> > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactor
> > >y.createBean (AbstractAutowireCapableBeanFactory.java:427) at
> > >
> > org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject
> > > (AbstractBeanFactory.java:254) at
> > >
> > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getS
> > >ingleton (DefaultSingletonBeanRegistry.java:144) at
> > > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > > (AbstractBeanFactory.java:251) at
> > > org.springframework.beans.factory.support.AbstractBeanFactory.getBean
> > > ( AbstractBeanFactory.java:163)
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> >  >
> > >
> > >
> > >
> > >
> > >
> > > --
> > > -Scott Battaglia
> > >
> > >
> > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > _______________________________________________ Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > >
> > > ---------------------------------
> > > We won't tell. Get more on shows you hate to love
> > > (and love to hate): Yahoo! TV's Guilty Pleasures list.
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> >  you mixed up a few things. The cas-filter is to be used with your
> > client
> > application not with cas. This means that your web.xml for cas is wrong.
> > It should look like this ....
> >   <?xml version="1.0" encoding="ISO-8859-1"?>
> > <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
> >  xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"
> >  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
> > http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
> >  version="2.4">
> >  <display-name>Central Authentication System (CAS) 3.0</display-name>
> >  <context-param>
> >  <param-name>contextConfigLocation</param-name>
> >  <param-value>
> >  /WEB-INF/applicationContext.xml,
> >  /WEB-INF/deployerConfigContext.xml
> >  </param-value>
> >  </context-param>
> >   <!-- DEBUT Ajout pour OPIAM -->
> >  <filter>
> >  <filter-name>additional cookie</filter-name>
> >  <filter-class>com.atosorigin.opiam.auth.cas.CreateAdditionalCookie
> > </filter-class>
> >  </filter>
> >   <filter-mapping>
> >  <filter-name>additional cookie</filter-name>
> >  <url-pattern>/*</url-pattern>
> >  </filter-mapping>
> >   <!-- FIN Ajout pour OPIAM -->
> >  <!--
> >  place this into the contextConfigLocation to enable
> >  service restrictions.
> >  /WEB-INF/approvedServices.xml, .....
> >  In fact I didn't not even change anything in-there.
> > The first thing you have to do is try out https connection to CAS. For
> > me it was :
> >  https://localhost:8443/cas/login but by default the port is 8444, so it
> > would be
> > https://localhost:8444/cas/login
> > Then if you've made the changes you need to in deployerConfigContext.xml,
> > you should be able to authenticate with a valid user&password.
> >  See my configuration attached.
> >  Hope it helps
> >  --
> > Futschik Adrien
> > Atos Origin
> > Tour "Les Miroirs"
> > 18, avenue d'Alsace
> > 92296 Paris La Défense Cedex
> > FRANCE
> >
> > Phone: +33 (0) 1 55 91 24 82
> >  adrien.futschik at atosorigin.com
> > www.si.fr.atosorigin.com
> >
> >
> >
> >
> >
> >
> >  class="org.jasig.cas.authentication.AuthenticationManagerImpl">
> >
> >
> >
> >
> >
> > class="
> > org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> > />
> >
> >
> > class="
> > org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
> >
> >
> >
> >
> >
> >
> >
> >
> > class="
> > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> > >
> >
> >
> >
> >
> >
> > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ldap://localhost:4800/
> >
> >
> >
> >
> >
> >
> > java.naming.security.authentication
> > simple
> >
> >
> >
> >
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> > ------------------------------
> > You snooze, you lose. Get messages ASAP with AutoCheck<http://us.rd.yahoo.com/evt=47959/*http://advision.webevents.yahoo.com/mailbeta/newmail_html.html>
> > in the all-new Yahoo! Mail Beta.
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia_______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------
> Be a better Globetrotter. Get better travel answers
> <http://us.rd.yahoo.com/evt=48254/*http://answers.yahoo.com/dir/_ylc=X3oDMTI5MGx2aThyBF9TAzIxMTU1MDAzNTIEX3MDMzk2NTQ1MTAzBHNlYwNCQUJwaWxsYXJfTklfMzYwBHNsawNQcm9kdWN0X3F1ZXN0aW9uX3BhZ2U-?link=list&sid=396545469>from
> someone who knows.
> Yahoo! Answers - Check it out.
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070620/56812ca2/attachment.html

More information about the cas mailing list