CAS and LDAP and JAAS

inas inassen mezghena at hotmail.com
Thu Jan 15 17:13:38 EST 2009 

Thanks Andrew
 
Yes, all my applications are role based autorization using JAAS framework inside strust, tiles and taglibs.
 
So my need is that I want to have a CAS server running let say in W1 server site that authenticate against an ldap
Using a CAS client,  my others applications that are running in W2, W3 and so one will authenticate against a CAS Server in W1 and I need a JAAS subject to keep my application's security (autorization and authentication) working.
 
thanks again
 
Inas.



Date: Thu, 15 Jan 2009 15:01:37 -0600Subject: Re: CAS and LDAP and JAASFrom: afelle1 at lsu.eduTo: cas at tp.its.yale.eduInas,Is there any reason you are going through JAAS for LDAP authentication instead of using the LDAP authentication handler?LDAP wiki entry: http://www.ja-sig.org/wiki/display/CASUM/LDAPJAAS wiki entry: http://www.ja-sig.org/wiki/display/CASUM/JAASHTH,A-On 1/15/09 2:51 PM, "inas inassen" <mezghena at hotmail.com> wrote:
Hi all, I'm trying to configure CAS to authenticate against an LDAP and my applications are using JAAS as an Authentication and Autorization framework. Everything work fine using Tomcat JNDIRealm My Tomcat JNDIRealm <Realm className="org.apache.catalina.realm.JNDIRealm"            connectionURL="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"           userPattern="uid={0},ou=people,ou=ait,o=b2b,dc=net"           roleBase="ou=roles,ou=ait,o=b2b,dc=net"           roleName="cn"           roleSearch="(uniqueMember={0})" /> this is my jaas.conf file (configured in -Djava.security.auth.login.config=jaas.conf) CAS {edu.uconn.netid.jaas.LDAPLoginModule sufficientjava.naming.provider.url="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"java.naming.security.principal="cn=Manager,ou=ait,o=b2b,dc=net"java.naming.security.credentials="secret"Attribute="uid"startTLS="true";}; and this is my delpoyConfigContext file<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:p="http://www.springframework.org/schema/p"       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">  <property name="credentialsToPrincipalResolvers">   <list>    <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />    <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />   </list>  </property>  <property name="authenticationHandlers">   <list>    <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" />    <bean class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler" />    <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">     <property name="filter" value="uid=%u" />     <property name="searchBase" value="ou=people,ou=ait,o=b2b,dc=net" />     <property name="contextSource" ref="contextSource" />    </bean>   </list>  </property> </bean> <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">  <property name="userMap">   <value></value>  </property> </bean>   <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao">  <property name="backingMap">   <map>    <entry key="uid" value="uid" />    <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />     <entry key="groupMembership" value="groupMembership" />   </map>  </property> </bean>  <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />  <!-- LDAP context --> <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">  <property name="pooled" value="true"/>  <property name="urls">   <list>    <value>ldap://ladpsrv:389/ou=ait,o=b2b,dc=net</value>   </list>  </property>  <property name="userName" value="cn=Manager,ou=ait,o=b2b,dc=net"/>  <property name="password" value="secret"/>  <property name="baseEnvironmentProperties">   <map>    <entry>     <key>      <value>java.naming.security.authentication</value>     </key>     <value>simple</value>    </entry>        <entry>     <key>      <value>ldap.initial.context.factory</value>     </key>     <value>com.sun.jndi.ldap.LdapCtxFactory</value>    </entry>   </map>  </property> </bean> </beans> my ldap schema isou=ait,o=b2b,dc=net    ou=people         uid=user1         uid=user2    ou=roles        cn=role1             uniqueMember: uid=user1,ou=people,ou=ait,o=b2b,dc=net        cn=role2             uniqueMember: uid=user2,ou=people,ou=ait,o=b2b,dc=net  when I try to login I get a bad credentialany help please? thanks a lot.Mezghena.

Découvrez toutes les possibilités de communication avec vos proches <http://www.microsoft.com/windows/windowslive/default.aspx> 

Découvrez tout ce que  Windows Live a à vous apporter ! <http://www.microsoft.com/windows/windowslive/> 

_______________________________________________Yale CAS mailing listcas at tp.its.yale.eduhttp://tp.its.yale.edu/mailman/listinfo/cas-- Andrew Feller, AnalystLSU University Information Services200 Frey Computing Services CenterBaton Rouge, LA 70803Office: 225.578.3737Fax: 225.578.6400
_________________________________________________________________
Découvrez toutes les possibilités de communication avec vos proches
http://www.microsoft.com/windows/windowslive/default.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20090115/508c9cf6/attachment.html

More information about the cas mailing list