CAS + LDAP
Zouhair BOUNOUALA
bozouhair at gmail.com
Thu May 3 13:44:30 EDT 2007
Hi,
I have suuced to deploy my cas.war under tomcat. When I want to
connect to my http://bidaya.chabaka.net:8080/cas/login?null I have one
error : "CAS is UNvailable"
I have this error in my catalina.out
2007-05-03 17:37:49,931 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
<Starting cleaning of expired tickets from ticket registry at [Thu May
03 17:37:49 WET 2007]>
2007-05-03 17:37:49,931 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
<0 found to be removed. Removing now.>
2007-05-03 17:37:49,931 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
<Finished cleaning of expired tickets from ticket registry at [Thu May
03 17:37:49 WET 2007]>
2007-05-03 17:37:55,558 INFO
[org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - <Setting
ContextPath for cookies to: /cas>
2007-05-03 17:38:07,946 ERROR
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]]
- <"Servlet.service()" pour la servlet cas a gÃ(c)nÃ(c)rÃ(c) une
exception>
javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2926)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at org.springframework.ldap.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:59)
at org.springframework.ldap.support.AbstractContextSource.createContext(AbstractContextSource.java:193)
at org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:104)
at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
at org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:70)
at org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.authenticate(AbstractUsernamePasswordAuthenticationHandler.java:58)
at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:79)
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:282)
at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:116)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103)
at org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136)
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
at org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
at org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61)
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
at org.springframework.webflow.engine.State.enter(State.java:200)
at org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:207)
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
at org.springframework.webflow.engine.State.enter(State.java:200)
at org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:207)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
at org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:238)
at org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
at org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:170)
at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:819)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:754)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:399)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:364)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
How could I resolve this problem?
Thanks for everybody can help me!
PS : My deployerConfigContext.xml configuartion
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<!--
| deployerConfigContext.xml centralizes into one file some of the
declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make
up a CAS deployment.
| The beans declared in this file are instantiated at context
initialization time by the Spring
| ContextLoaderListener declared in web.xml. It finds this file because this
| file is among those declared in the context parameter
"contextConfigLocation".
|
| By far the most common change you will need to make in this file is
to change the last bean
| declaration to replace the default
SimpleTestUsernamePasswordAuthenticationHandler with
| one implementing your approach for authenticating usernames and passwords.
+-->
<beans>
<!--
| This bean declares our AuthenticationManager. The
CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this
AuthenticationManager by reference to its id,
| "authenticationManager". Most deployers will be able to use the
default AuthenticationManager
| implementation and so do not need to change the class of this
bean. We include the whole
| AuthenticationManager here in the userConfigContext.xml so that
you can see the things you will
| need to change in context.
+-->
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<!--
| This is the List of CredentialToPrincipalResolvers that identify
what Principal is trying to authenticate.
| The AuthenticationManagerImpl considers them in order, finding a
CredentialToPrincipalResolver which
| supports the presented credentials.
|
| AuthenticationManagerImpl uses these resolvers for two purposes.
First, it uses them to identify the Principal
| attempting to authenticate to CAS /login . In the default
configuration, it is the DefaultCredentialsToPrincipalResolver
| that fills this role. If you are using some other kind of
credentials than UsernamePasswordCredentials, you will need to replace
| DefaultCredentialsToPrincipalResolver with a
CredentialsToPrincipalResolver that supports the credentials you are
| using.
|
| Second, AuthenticationManagerImpl uses these resolvers to
identify a service requesting a proxy granting ticket.
| In the default configuration, it is the
HttpBasedServiceCredentialsToPrincipalResolver that serves this
purpose.
| You will need to change this list if you are identifying services
by something more or other than their callback URL.
+-->
<property name="credentialsToPrincipalResolvers">
<list>
<!--
| UsernamePasswordCredentialsToPrincipalResolver supports the
UsernamePasswordCredentials that we use for /login
| by default and produces SimplePrincipal instances conveying the
username from the credentials.
|
| If you've changed your LoginFormAction to use credentials other
than UsernamePasswordCredentials then you will also
| need to change this bean declaration (or add additional
declarations) to declare a CredentialsToPrincipalResolver that
supports the
| Credentials you are using.
+-->
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<!--
| HttpBasedServiceCredentialsToPrincipalResolver supports
HttpBasedCredentials. It supports the CAS 2.0 approach of
| authenticating services by SSL callback, extracting the
callback URL from the Credentials and representing it as a
| SimpleService identified by that callback URL.
|
| If you are representing services by something more or other
than an HTTPS URL whereat they are able to
| receive a proxy callback, you will need to change this bean
declaration (or add additional declarations).
+-->
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</list>
</property>
<!--
| Whereas CredentialsToPrincipalResolvers identify who it is some
Credentials might authenticate,
| AuthenticationHandlers actually authenticate credentials. Here
we declare the AuthenticationHandlers that
| authenticate the Principals that the
CredentialsToPrincipalResolvers identified. CAS will try these
handlers in turn
| until it finds one that both supports the Credentials presented
and succeeds in authenticating.
+-->
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services
by means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
<property name="httpClient" ref="httpClient" />
</bean>
<!--
| This is the authentication handler declaration that every CAS
deployer will need to change before deploying CAS
| into production. The default
SimpleTestUsernamePasswordAuthenticationHandler authenticates
UsernamePasswordCredentials
| where the username equals the password. You will need to
replace this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by
coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use
one of the handlers provided in the adaptors modules.
+-->
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u" />
<property name="searchBase" value="ou=users,dc=chabaka,dc=net" />
<property
name="contextSource"
ref="contextSource" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="anonymousReadOnly" value="false"/>
<property name="password" value="{password_goes_here}" />
<property name="pooled" value="true" />
<property name="urls">
<list>
<value>ldaps://127.0.0.1</value>
<value>ldaps://127.0.0.1</value>
</list>
</property>
<property name="userName" value="{username_goes_here}" />
<property name="baseEnvironmentProperties">
<map>
<entry>
<key><value>java.naming.security.protocol</value></key>
<value>ssl</value>
</entry>
<entry>
<key><value>java.naming.security.authentication</value></key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
</beans>
More information about the cas
mailing list