CAS and LDAP and JAAS

Andrew Feller afelle1 at lsu.edu
Thu Jan 15 16:01:37 EST 2009 

Inas,

Is there any reason you are going through JAAS for LDAP authentication
instead of using the LDAP authentication handler?

LDAP wiki entry: http://www.ja-sig.org/wiki/display/CASUM/LDAP
JAAS wiki entry: http://www.ja-sig.org/wiki/display/CASUM/JAAS

HTH,
A-

On 1/15/09 2:51 PM, "inas inassen" <mezghena at hotmail.com> wrote:

> 
> Hi all,
>  
> I'm trying to configure CAS to authenticate against an LDAP and my
> applications are using JAAS as an Authentication and Autorization framework.
>  
> Everything work fine using Tomcat JNDIRealm
>  
> My Tomcat JNDIRealm
>  
>  
> <Realm className="org.apache.catalina.realm.JNDIRealm"
>            connectionURL="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"
>            userPattern="uid={0},ou=people,ou=ait,o=b2b,dc=net"
>            roleBase="ou=roles,ou=ait,o=b2b,dc=net"
>            roleName="cn"
>            roleSearch="(uniqueMember={0})" />
> 
>  
> this is my jaas.conf file (configured in
> -Djava.security.auth.login.config=jaas.conf)
>  
>  
> CAS {
> edu.uconn.netid.jaas.LDAPLoginModule sufficient
> java.naming.provider.url="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"
> java.naming.security.principal="cn=Manager,ou=ait,o=b2b,dc=net"
> java.naming.security.credentials="secret"
> Attribute="uid"
> startTLS="true";
> };
>  
> 
> and this is my delpoyConfigContext file
>  
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
>        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>        xmlns:p="http://www.springframework.org/schema/p"
>        xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>  <bean id="authenticationManager"
> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>   <property name="credentialsToPrincipalResolvers">
>    <list>
>     <bean 
> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPri
> ncipalResolver" />
>     <bean 
> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPri
> ncipalResolver" />
>    </list>
>   </property>
>   <property name="authenticationHandlers">
>    <list>
>     <bean 
> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredential
> sAuthenticationHandler" p:httpClient-ref="httpClient" />
>     <bean 
> class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler"
> />
>     <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
>      <property name="filter" value="uid=%u" />
>      <property name="searchBase" value="ou=people,ou=ait,o=b2b,dc=net" />
>      <property name="contextSource" ref="contextSource" />
>     </bean>
>    </list>
>   </property>
>  </bean>
> 
>  <bean id="userDetailsService"
> class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
>   <property name="userMap">
>    <value></value>
>   </property>
>  </bean> 
>  
>  <bean id="attributeRepository"
> class="org.jasig.services.persondir.support.StubPersonAttributeDao">
>   <property name="backingMap">
>    <map>
>     <entry key="uid" value="uid" />
>     <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
>     <entry key="groupMembership" value="groupMembership" />
>    </map>
>   </property>
>  </bean>
>  
>  <bean id="serviceRegistryDao"
> class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
>  
>  <!-- LDAP context -->
>  <bean id="contextSource"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>   <property name="pooled" value="true"/>
>   <property name="urls">
>    <list>
>     <value>ldap://ladpsrv:389/ou=ait,o=b2b,dc=net</value>
>    </list>
>   </property>
>   <property name="userName" value="cn=Manager,ou=ait,o=b2b,dc=net"/>
>   <property name="password" value="secret"/>
>   <property name="baseEnvironmentProperties">
>    <map>
>     <entry>
>      <key>
>       <value>java.naming.security.authentication</value>
>      </key>
>      <value>simple</value>
>     </entry>
>     
>     <entry>
>      <key>
>       <value>ldap.initial.context.factory</value>
>      </key>
>      <value>com.sun.jndi.ldap.LdapCtxFactory</value>
>     </entry>
>    </map>
>   </property>
>  </bean>
>  
> </beans>
> 
>  
> my ldap schema is
>  
> ou=ait,o=b2b,dc=net
>     ou=people
>          uid=user1
>          uid=user2
>     ou=roles
>         cn=role1
>              uniqueMember: uid=user1,ou=people,ou=ait,o=b2b,dc=net
>         cn=role2
>              uniqueMember: uid=user2,ou=people,ou=ait,o=b2b,dc=net
>  
>  
> 
> when I try to login I get a bad credential
> 
> any help please?
>  
> thanks a lot.
> 
> Mezghena.
> 
> 
> 
> 
> Découvrez toutes les possibilités de communication avec vos proches
> <http://www.microsoft.com/windows/windowslive/default.aspx>
> 
> 
> Découvrez tout ce que  Windows Live a à vous apporter !
> <http://www.microsoft.com/windows/windowslive/>
> 
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
> 
> -- 
> Andrew Feller, Analyst
> LSU University Information Services
> 200 Frey Computing Services Center
> Baton Rouge, LA 70803
> Office: 225.578.3737
> Fax: 225.578.6400

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20090115/2a341d07/attachment.html

More information about the cas mailing list