RE: [cas-dev] CAS 4 attribute release

[Danner, Mearl]

Nevermind;

Attempting to use the map AND the list. It expects either.

    <bean id="authenticationManager" 
class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"
                    p:authenticationPolicy-ref="authenticationPolicy">
        <constructor-arg>
            <list>
                                                    <ref 
bean="ldapAuthenticationHandler" />
</list>
        </constructor-arg>
        <property name="authenticationMetaDataPopulators">
           <bean 
class="org.jasig.cas.authentication.SuccessfulHandlerMetaDataPopulator" />
        </property>
    </bean>

This shows an attribute map. The CAS client is still failing with the "out of 
range" message. Are there updated CAS java client libraries or would I be 
better to go with PHP clients for the moment?

2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: [cn[cas-test]]
2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: 
[distinguishedName[CN=cas-test,OU=administrative,DC=ad,DC=samford,DC=edu]]
2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: [displayName[cas-test]]
2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: [givenName[Cas]]
2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: [sn[Tester]]
2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - postauth response: 
LdapAuthenticationHandler:org.jasig.cas.authentication.BasicCredentialMetaData@6d9992fa
2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: [cn[cas-test]]
2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: 
[distinguishedName[CN=cas-test,OU=administrative,DC=ad,DC=samford,DC=edu]]
2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: [displayName[cas-test]]
2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: [givenName[Cas]]
2013-07-18 17:21:46,838 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: [sn[Tester]]
2013-07-18 17:21:46,839 INFO 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 
LdapAuthenticationHandler successfully authenticated cas-test+password
2013-07-18 17:21:46,842 DEBUG 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - No resolver 
configured for LdapAuthenticationHandler. Falling back to handler principal 
cas-test
2013-07-18 17:21:46,842 INFO 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated 
cas-test with credentials [cas-test+password].
2013-07-18 17:21:46,842 DEBUG 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Attribute map 
for cas-test: {Name=cas-test, 
DN=CN=cas-test,OU=administrative,DC=ad,DC=samford,DC=edu, FullName=cas-test, 
FirstName=Cas,
LastName=Tester}



Mearl Danner
Systems Programmer
Samford University Technology Services
http://www.samford.edu

From: Danner, Mearl [mailto:jmdan...@samford.edu]
Sent: Thursday, July 18, 2013 3:57 PM
To: cas-dev@lists.jasig.org
Subject: RE: [cas-dev] CAS 4 attribute release

I can't it wired properly using the examples I've seen.

Original XML is

     <bean id="authenticationManager" 
class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"
                    p:authenticationPolicy-ref="authenticationPolicy">
        <constructor-arg>
            <map>
                <entry key-ref="ldapAuthenticationHandler" 
value-ref="ldapPrincipalResolver" />
                <entry key-ref="httpBasedAuthenticationHandler" 
value-ref="httpBasedCredentialsResolver" />
            </map>
        </constructor-arg>
        <property name="authenticationMetaDataPopulators">
           <bean 
class="org.jasig.cas.authentication.AuthenticationMetaDataPopulator" />
        </property>
    </bean>

                   <!--
       | Credential-to-principal resolver beans
       -->
    <bean id="ldapPrincipalResolver"
          class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" 
/>

    <bean id="httpBasedCredentialsResolver"
          class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" 
/>

I've been trying different xml configurations but can't seem to get it done. 
How can I declare the handler outside of the handler/resolver map?

Thanks

Mearl

Hi,

This is a major change with 4.0 : you don't necessarily need a 
credentialstoprincipalresolver as an authentication handler can rerturn a 
principal with attributes.
It's exactly the way the LdapAuthenticationHandler works : 
https://github.com/Jasig/cas/blob/master/cas-server-support-ldap/src/main/java/org/jasig/cas/authentication/LdapAuthenticationHandler.java#L196.
Would you mind removing your resolver and re-test again ?
Thanks.
Best regards,
Jérôme


2013/7/17 Danner, Mearl <jmdan...@samford.edu<mailto:jmdan...@samford.edu>>
I've successfully configured CAS logins and the LDAP service registry. I 
haven't tried to modify a service, but they properly authorize URLS.

I am using TestApp1 and TestApp2 to check attribute release and am getting:

java.lang.StringIndexOutOfBoundsException: String index out of range: -1 from 
the CAS client

I believe it is because I am not populating attributes for the principal. 
cas.log shows:

2013-07-17 14:10:13,758 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: [givenName[John]]
2013-07-17 14:10:13,758 DEBUG 
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal 
attribute: [sn[Danner]]
2013-07-17 14:10:13,758 INFO 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 
LdapAuthenticationHandler successfully authenticated jmdanner+password
2013-07-17 14:10:13,758 DEBUG 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 
org.jasig.cas.authentication.principal.BasicPrincipalResolver@32039440<mailto:org.jasig.cas.authentication.principal.BasicPrincipalResolver@32039440>
 resolved jmdanner from jmdanner+password
2013-07-17 14:10:13,759 INFO 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated 
jmdanner with credentials [jmdanner+password].
2013-07-17 14:10:13,759 DEBUG 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Attribute map 
for jmdanner: {}

The attribute map for jmdanner is empty. Do I still need to configure an 
attributeRepository in CAS 4?


Mearl Danner
Systems Programmer
Samford University Technology Services
http://www.samford.edu

> -----Original Message-----
> From: Danner, Mearl [mailto:jmdan...@samford.edu<mailto:jmdan...@samford.edu>]
> Sent: Monday, July 15, 2013 8:54 AM
> To: cas-dev@lists.jasig.org<mailto:cas-dev@lists.jasig.org>
> Subject: RE: RE:[cas-dev] Cas 4.0 ldap configuration
>
> That did it for me also. Thanks,
>
> Mearl Danner
> Systems Programmer
> Samford University Technology Services
> http://www.samford.edu
>
> > -----Original Message-----
> > From: Art O Cathain 
> > [mailto:art.ocath...@ipl.com<mailto:art.ocath...@ipl.com>]
> > Sent: Monday, July 15, 2013 5:51 AM
> > To: cas-dev@lists.jasig.org<mailto:cas-dev@lists.jasig.org>
> > Subject: RE:[cas-dev] Cas 4.0 ldap configuration
> >
> > I think the problem is on line 156 of LdapAuthenticationHandler
> >
> >         if (response.getResult()) {
> >             doPostAuthentication(response);
> >         }
> >
> > This should be
> >
> >         if (response.getResult()) {
> >             return doPostAuthentication(response);
> >         }
> >
> > Works for me, anyway.
> > --
> > You are currently subscribed to 
> > cas-dev@lists.jasig.org<mailto:cas-dev@lists.jasig.org> as:
> > jmdan...@samford.edu<mailto:jmdan...@samford.edu>
> > To unsubscribe, change settings or access archives, see http://www.ja-
> > sig.org/wiki/display/JSG/cas-dev<http://sig.org/wiki/display/JSG/cas-dev>
>
>
> --
> You are currently subscribed to 
> cas-dev@lists.jasig.org<mailto:cas-dev@lists.jasig.org> as:
> jmdan...@samford.edu<mailto:jmdan...@samford.edu>
> To unsubscribe, change settings or access archives, see http://www.ja-
> sig.org/wiki/display/JSG/cas-dev<http://sig.org/wiki/display/JSG/cas-dev>

--
You are currently subscribed to 
cas-dev@lists.jasig.org<mailto:cas-dev@lists.jasig.org> as: 
lel...@gmail.com<mailto:lel...@gmail.com>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev


--
You are currently subscribed to 
cas-dev@lists.jasig.org<mailto:cas-dev@lists.jasig.org> as: 
jmdan...@samford.edu<mailto:jmdan...@samford.edu>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

--
You are currently subscribed to 
cas-dev@lists.jasig.org<mailto:cas-dev@lists.jasig.org> as: 
jmdan...@samford.edu<mailto:jmdan...@samford.edu>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

-- 
You are currently subscribed to cas-dev@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev