cas login exception

Andrew Feller afelle1 at lsu.edu
Wed Aug 27 07:58:30 EDT 2008 

Laura,

Hrmmm just a couple of quick things:

1. There is a wiki article on the JA-SIG sit about the LDAP authentication
handler that is worth checking out (
http://www.ja-sig.org/wiki/display/CASUM/LDAP )
2. In your contextSource bean, you specify anonymousReadOnly=²false²; if
this is intentional, make sure you are providing the username and password
properties 
3. In your baseEnvironmentProperties, you specify
java.naming.security.protocol; I don¹t know if this is necessary as you are
specifying LDAPS for your LDAP URLs.  Try commenting this out and see if
that changes anything.

Those are my knee-jerk thoughts; hope they help.
A-


On 8/27/08 5:26 AM, "Laura QCaballero" <shaory1985 at hotmail.com> wrote:

> Thanks Andrew for your quick answer.
>  
> I got the certificate from the LDAP server, and I have imported it to my
> keystore. Now, when I try to login to CAS, it tells that my credentials are
> invalid.
>  
> Could be that instead of the LDAP server name I have wroten the server IP
> address on deployerConfigContext.xml??
>  
> Thanks again! 
>  
> Here it is my deployerConfigContext.xml:
>  
> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
>        <property name="filter" value="uid=%u" />
>                     <property name="searchBase" value="dc=aaa, dc=aaa,
> dc=aa"/> (those aaa are the dc of the ldap)
>                     <property name="contextSource" ref="contextSource" />
>                 </bean>
>             </list>
>         </property>
>     </bean>
> 
>             
>     <bean id="contextSource"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>     <property name="anonymousReadOnly" value="false"/>
>     <property name="pooled" value="true"/>
>     <property name="urls">
>         <list>
>                        <value>ldaps://XXX.XXX.XX.XX:636</value> (those XXX are
> the IP of the LDAP server)
>         </list>
>     </property>
>        <property name="baseEnvironmentProperties">
>         <map>
>             <entry>
>                 <key>
>                     <value>java.naming.security.protocol</value>
>                 </key>
>                 <value>ssl</value>
>             </entry>
>             <entry>
>                 <key>
>                     <value>java.naming.security.authentication</value>
>                 </key>
>                 <value>simple</value>
>             </entry>
>         </map>
>     </property>
> </bean>
> 
>  
>> > Laura,
>> > 
>> > It appears that Tomcat is having issues with the SSL certificate used by
>> > your OpenLDAP server; i.e. it does not trust it. I am having trouble
>> > accessing the URL you specified within your email
>> > (http://www.ja-sig.org/wiki/pages/viewpage.action?pageId=10649670). If you
>> > are handling SSL certificates with keystores, then you will need to add the
>> > LDAP server?s SSL certificate to your keystore.
>> > 
>> > A-
>> > 
>>> > > My deployerConfigContext is:
>>> > > 
>>> > > 
>>> > > ldaps://XXX.XXX.XX.XX:636/
>>> > > 
>>> > > 
>>> > > 
>>> > > Can I use an IP address there instead of LDAP server name?
>>> > > 
> 
> 
> 
> ¿Todavía no conoces El Duelo? Descúbrelo y reta a tus contactos de Messenger
> El Duelo <http://www.vivelive.com/duelo>
> 
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080827/b5d1a614/attachment.html

More information about the cas mailing list