CAS and LDAP and JAAS
inas inassen
mezghena at hotmail.com
Thu Jan 15 15:51:31 EST 2009
Hi all, I'm trying to configure CAS to authenticate against an LDAP and my applications are using JAAS as an Authentication and Autorization framework.
Everything work fine using Tomcat JNDIRealm
My Tomcat JNDIRealm <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net" userPattern="uid={0},ou=people,ou=ait,o=b2b,dc=net" roleBase="ou=roles,ou=ait,o=b2b,dc=net" roleName="cn" roleSearch="(uniqueMember={0})" /> this is my jaas.conf file (configured in -Djava.security.auth.login.config=jaas.conf) CAS {edu.uconn.netid.jaas.LDAPLoginModule sufficientjava.naming.provider.url="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"java.naming.security.principal="cn=Manager,ou=ait,o=b2b,dc=net"java.naming.security.credentials="secret"Attribute="uid"startTLS="true";}; and this is my delpoyConfigContext file <?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <bean class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler" /> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="filter" value="uid=%u" /> <property name="searchBase" value="ou=people,ou=ait,o=b2b,dc=net" /> <property name="contextSource" ref="contextSource" /> </bean> </list> </property> </bean> <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value></value> </property> </bean> <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" /> <!-- LDAP context --> <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="pooled" value="true"/> <property name="urls"> <list> <value>ldap://ladpsrv:389/ou=ait,o=b2b,dc=net</value> </list> </property> <property name="userName" value="cn=Manager,ou=ait,o=b2b,dc=net"/> <property name="password" value="secret"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> <entry> <key> <value>ldap.initial.context.factory</value> </key> <value>com.sun.jndi.ldap.LdapCtxFactory</value> </entry> </map> </property> </bean> </beans> my ldap schema is ou=ait,o=b2b,dc=net ou=people uid=user1 uid=user2 ou=roles cn=role1 uniqueMember: uid=user1,ou=people,ou=ait,o=b2b,dc=net cn=role2 uniqueMember: uid=user2,ou=people,ou=ait,o=b2b,dc=net
when I try to login I get a bad credential
any help please? thanks a lot.
Mezghena.
Découvrez toutes les possibilités de communication avec vos proches
_________________________________________________________________
Découvrez tout ce que Windows Live a à vous apporter !
http://www.microsoft.com/windows/windowslive/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20090115/9182a746/attachment.html
More information about the cas
mailing list