How to SPNEGO + username/password authentication
Alatalo, Antoni
antoni.alatalo at logica.com
Thu May 29 06:56:08 EDT 2008
Hi,
Is it possible to create authentication via kerberos and if not authenticated then username/password authentication?
Kerberos works fine separately and also username/password authentication works fine along.
I did try the next:
<?xml version="1.0" encoding="UTF-8"?>
<!--
| deployerConfigContext.xml centralizes into one file some of the declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
| The beans declared in this file are instantiated at context initialization time by the Spring
| ContextLoaderListener declared in web.xml. It finds this file because this
| file is among those declared in the context parameter "contextConfigLocation".
|
| By far the most common change you will need to make in this file is to change the last bean
| declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with
| one implementing your approach for authenticating usernames and passwords.
+-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<!--
| This bean declares our AuthenticationManager. The CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this AuthenticationManager by reference to its id,
| "authenticationManager". Most deployers will be able to use the default AuthenticationManager
| implementation and so do not need to change the class of this bean. We include the whole
| AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
| need to change in context.
+-->
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<!-- ... the others credentialsToPrincipalResolvers ... -->
<bean
class="org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver" />
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler">
<property name="authentication">
<bean class="jcifs.spnego.Authentication" />
</property>
<property name="principalWithDomainName"
value="false" />
<property name="NTLMallowed" value="true" />
</bean>
<!-- ... the others authenticationHandlers... -->
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u" />
<property name="searchBase"
value="CN=Roles,CN=xxx,DC=foo,DC=bar,DC=fi" />
<property name="contextSource" ref="contextSource" />
</bean>
</list>
</property>
</bean>
<bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
<property name="jcifsServicePrincipal"
value="HTTP/foo.bar.fi at FOO.BAR.FI" />
<property name="jcifsServicePassword" value="adfgsfg" />
<property name="kerberosDebug" value="true" />
<property name="kerberosRealm" value="FOO.BAR.FI" />
<property name="kerberosKdc" value="15.15.15.15" />
<property name="loginConf" value="/WEB-INF/login.conf" />
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="pooled" value="true" />
<property name="urls">
<list>
<value>ldap://foo.bar.fi/</value>
</list>
</property>
<property name="userName"
value="CN=antoni,CN=xxx,DC=foo,DC=bar,DC=fi" />
<property name="password" value="xxx" />
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>
java.naming.security.authentication
</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
</beans>
This configuration doesn't work for username/password authentication. What I did wrong?
Thanks
Antoni Alatalo
Ohjelmistoasiantuntija
Kuntatoimiala, sosiaalitoimi
_________________________________________
Logica - Releasing your potential
Karvaamokuja 2
PL 38
00381 Helsinki
Vaihde: 010 302 010
Suora: 040 583 1097
antoni.alatalo at logica.com
www.logica.fi<http://www.logicacmg.fi>
WM-datan nimi on nyt Logica.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080529/960ea3ef/attachment.html
More information about the cas
mailing list