CAS + LDAP
Scott Battaglia
scott.battaglia at gmail.com
Thu May 3 09:13:35 EDT 2007
Two things:
First your Httpbasedservicescredentialsauthenticationhandler will need a
<property name="httpClient" ref="httpClient" />
Second, you've defined the ContextSource bean within the
AuthenticationManager bean. Just move it outside (you'll notice the bottom
of your xml is </bean></bean>).
-Scott
On 5/3/07, Zouhair BOUNOUALA <bozouhair at gmail.com> wrote:
>
> Hi,
>
> I want to deploy cas.war after modification in the cas-server (V3.0.7)
> with OpenlDAP 2.2.In fact, my deployerConfigContext.xml configuration
> is as below:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
> "http://www.springframework.org/dtd/spring-beans.dtd">
> <!--
> | deployerConfigContext.xml centralizes into one file some of the
> declarative configuration that
> | all CAS deployers will need to modify.
> |
> | This file declares some of the Spring-managed JavaBeans that
> make
> up a CAS deployment.
> | The beans declared in this file are instantiated at context
> initialization time by the Spring
> | ContextLoaderListener declared in web.xml. It finds this file
> because this
> | file is among those declared in the context parameter
> "contextConfigLocation".
> |
> | By far the most common change you will need to make in this file
> is
> to change the last bean
> | declaration to replace the default
> SimpleTestUsernamePasswordAuthenticationHandler with
> | one implementing your approach for authenticating usernames and
> passwords.
> +-->
> <beans>
> <!--
> | This bean declares our AuthenticationManager. The
> CentralAuthenticationService service bean
> | declared in applicationContext.xml picks up this
> AuthenticationManager by reference to its id,
> | "authenticationManager". Most deployers will be able to
> use the
> default AuthenticationManager
> | implementation and so do not need to change the class of
> this
> bean. We include the whole
> | AuthenticationManager here in the userConfigContext.xmlso that
> you can see the things you will
> | need to change in context.
> +-->
> <bean id="authenticationManager"
> class="
> org.jasig.cas.authentication.AuthenticationManagerImpl">
> <!--
> | This is the List of
> CredentialToPrincipalResolvers that identify
> what Principal is trying to authenticate.
> | The AuthenticationManagerImpl considers them in
> order, finding a
> CredentialToPrincipalResolver which
> | supports the presented credentials.
> |
> | AuthenticationManagerImpl uses these resolvers
> for two purposes.
> First, it uses them to identify the Principal
> | attempting to authenticate to CAS /login . In
> the default
> configuration, it is the DefaultCredentialsToPrincipalResolver
> | that fills this role. If you are using some
> other kind of
> credentials than UsernamePasswordCredentials, you will need to replace
> | DefaultCredentialsToPrincipalResolver with a
> CredentialsToPrincipalResolver that supports the credentials you are
> | using.
> |
> | Second, AuthenticationManagerImpl uses these
> resolvers to
> identify a service requesting a proxy granting ticket.
> | In the default configuration, it is the
> HttpBasedServiceCredentialsToPrincipalResolver that serves this
> purpose.
> | You will need to change this list if you are
> identifying services
> by something more or other than their callback URL.
> +-->
> <property name="credentialsToPrincipalResolvers">
> <list>
> <!--
> |
> UsernamePasswordCredentialsToPrincipalResolver supports the
> UsernamePasswordCredentials that we use for /login
> | by default and produces
> SimplePrincipal instances conveying the
> username from the credentials.
> |
> | If you've changed your
> LoginFormAction to use credentials other
> than UsernamePasswordCredentials then you will also
> | need to change this bean
> declaration (or add additional
> declarations) to declare a CredentialsToPrincipalResolver that
> supports the
> | Credentials you are using.
> +-->
> <bean
> class="
> org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver
> "
> />
> <!--
> |
> HttpBasedServiceCredentialsToPrincipalResolver supports
> HttpBasedCredentials. It supports the CAS 2.0 approach of
> | authenticating services by SSL
> callback, extracting the
> callback URL from the Credentials and representing it as a
> | SimpleService identified by that
> callback URL.
> |
> | If you are representing services
> by something more or other
> than an HTTPS URL whereat they are able to
> | receive a proxy callback, you
> will need to change this bean
> declaration (or add additional declarations).
> +-->
> <bean
> class="
> org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver
> "
> />
> </list>
> </property>
>
> <!--
> | Whereas CredentialsToPrincipalResolvers identify
> who it is some
> Credentials might authenticate,
> | AuthenticationHandlers actually authenticate
> credentials. Here
> we declare the AuthenticationHandlers that
> | authenticate the Principals that the
> CredentialsToPrincipalResolvers identified. CAS will try these
> handlers in turn
> | until it finds one that both supports the
> Credentials presented
> and succeeds in authenticating.
> +-->
>
> <property name="authenticationHandlers">
> <list>
> <!--
> | This is the authentication handler that authenticates
> services by
> means of callback via SSL, thereby validating
> | a server side SSL certificate.
> +-->
>
>
>
> <bean
>
>
> class="
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
> ">
> <property name="httpClient" ref="httpClient" />
> </bean>
>
>
>
> <!--
> | This is the authentication handler declaration
> that every CAS
> deployer will need to change before deploying CAS
> | into production.
> | With this configuration you'll be using LDAP
> search-and-bind
> authentication.
> +-->
> <bean
> class="
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
> <property name="filter" value="uid=%u" />
> <property name="searchBase"
> value="ou=users,dc=chabaka,dc=net" />
> <property name="contextSource"
> ref="contextSource" />
> </bean>
> </list>
> </property>
>
>
>
>
> <bean id="contextSource"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> <property name="authenticatedReadOnly" value="true" />
> <property name="userName" value="{username_goes_here}" />
> <property name="password" value="{password_goes_here}" />
> <property name="urls">
> <list>
> <value>ldaps://127.0.0.1/</value>
> <value>ldaps://127.0.0.1/</value>
> </list>
> </property>
> <property name="baseEnvironmentProperties">
> <map>
> <entry>
>
> <key><value>java.naming.security.authentication</value></key>
> <value>simple</value>
> </entry>
> </map>
> </property>
> </bean>
>
> </bean>
>
> </beans>
>
>
> But when I deployed cas.war under tomcat, one error in the
> catalina.out is noticed as below :
>
> INFO: DÃ(c)ploiement de l'archive cas.war de l'application web
> 2007-05-03 12:37:50,607 ERROR
> [org.springframework.web.context.ContextLoader] - <Context
> initialization failed>
> org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
> Line 128 in XML document from ServletContext resource
> [/WEB-INF/deployerConfigContext.x
> ml] is invalid; nested exception is org.xml.sax.SAXParseException: The
> content of element type "bean" must match
> "(description?,(constructor-arg|property|look
> up-method|replaced-method)*)".
> Caused by:
> org.xml.sax.SAXParseException: The content of element type "bean" must
> match
> "(description?,(constructor-arg|property|lookup-method|replaced-method)*)".
> at
> org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown
> Source)
> at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown
> Source)
> at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
> Source)
> at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
> Source)
> at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement
> (Unknown
> Source)
> at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(Unknown
> Source)
> at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement
> (Unknown
> Source)
> at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch
> (Unknown
> Source)
> at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
> Source)
> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
> Source)
> at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
> Source)
> at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
> at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
> at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown
> Source)
> at
> org.springframework.beans.factory.xml.DefaultDocumentLoader.loadDocument(
> DefaultDocumentLoader.java:76)
> at
> org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions
> (XmlBeanDefinitionReader.java:351)
> at
> org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions
> (XmlBeanDefinitionReader.java:303)
> at
> org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions
> (XmlBeanDefinitionReader.java:280)
> at
> org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions
> (AbstractBeanDefinitionReader.java:131)
> at
> org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions
> (AbstractBeanDefinitionReader.java:147)
> at
> org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions
> (XmlWebApplicationContext.java:124)
> at
> org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions
> (XmlWebApplicationContext.java:92)
> at
> org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory
> (AbstractRefreshableApplicationContext.java:100)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(
> AbstractApplicationContext.java:298)
> at
> org.springframework.web.context.ContextLoader.createWebApplicationContext(
> ContextLoader.java:241)
> at
> org.springframework.web.context.ContextLoader.initWebApplicationContext(
> ContextLoader.java:184)
> at
> org.springframework.web.context.ContextLoaderListener.contextInitialized(
> ContextLoaderListener.java:49)
> at
> org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(
> SafeContextLoaderListener.java:62)
> at org.apache.catalina.core.StandardContext.listenerStart(
> StandardContext.java:3729)
> at org.apache.catalina.core.StandardContext.start(
> StandardContext.java:4187)
> at org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:759)
> at org.apache.catalina.core.ContainerBase.addChild(
> ContainerBase.java:739)
> at org.apache.catalina.core.StandardHost.addChild(
> StandardHost.java:524)
> at org.apache.catalina.startup.HostConfig.deployWAR(
> HostConfig.java:809)
> at org.apache.catalina.startup.HostConfig.deployWARs(
> HostConfig.java:698)
> at org.apache.catalina.startup.HostConfig.deployApps(
> HostConfig.java:472)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java
> :1122)
> at org.apache.catalina.startup.HostConfig.lifecycleEvent(
> HostConfig.java:310)
> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(
> LifecycleSupport.java:119)
>
>
>
> I don't know when I made one mistake? If they are an example of this
> file deployerConfigContext.xml to connect CAS + LDAP, I will be glad!
>
> Thank you for your reply.
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070503/c64ae6cc/attachment.html
More information about the cas
mailing list