Misagh,
I tried value=”#{null}”, but CAS is now encountering an error message about
creating a bean ‘#{null}’. I assume I need to change something else in my
deployerConfigContext file. Below is the message I am getting in the CAS log:
Error creating bean with name 'centralAuthenticationService' defined in
ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]:
Cannot resolve reference to bean 'authenticationManager' while setting
constructor argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'authenticationManager' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'#{null}' while setting constructor argument with key
[<ldapAuthenticationHandler>]; nested exception is
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named
'null' is defined
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:334)
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
at
org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:637)
at
org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1077)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:981)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:636)
at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:934)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
at
org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
at
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
at
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
at
org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized_aroundBody0(SafeContextLoaderListener.java:75)
at
org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized_aroundBody1$advice(SafeContextLoaderListener.java:54)
at
org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeContextLoaderListener.java:1)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4973)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5467)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)
at
org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1073)
at
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1857)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authenticationManager' defined in ServletContext
resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'#{null}' while setting constructor argument with key
[<ldapAuthenticationHandler>]; nested exception is
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named
'null' is defined
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:334)
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authenticationManager' defined in ServletContext
resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'#{null}' while setting constructor argument with key
[<ldapAuthenticationHandler>]; nested exception is
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named
'null' is defined
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:334)
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedMap(BeanDefinitionValueResolver.java:384)
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:165)
at
org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:651)
at
org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1077)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:981)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
... 33 more
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No
bean named 'null' is defined
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:575)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocalBeanDefinition(AbstractBeanFactory.java:1111)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:276)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
... 47 more
From: [email protected] [mailto:[email protected]] On Behalf Of Misagh
Moayyed
Sent: Tuesday, January 26, 2016 3:32 PM
To: [email protected]
Subject: RE: [cas-user] Alternate Username with SAML 2.0
No this isn’t. You see, you either use the attribute repository (and the
associated resolver it’s linked to), or you use the authentication handler
directly. Right now, you have declared them both. When you do this, your
attribute repository/resolver takes precedence, which means you get static
[stubbed] hardcoded attribute values, which means you just get employeeID
verbatim.
Null out your primaryPrincipalResolver with: value="#{null}" and try again. Let
your handler retrieve attributes for you.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of David Abney
Sent: Tuesday, January 26, 2016 12:49 PM
To: Misagh Moayyed <[email protected]<mailto:[email protected]>>;
[email protected]<mailto:[email protected]>
Subject: RE: [cas-user] Alternate Username with SAML 2.0
Misagh,
It is used in the primaryPrincipalResolver, which is used by the
authenticationManager. Is this setup correct to create the attribute
repository?
<bean id="authenticationManager"
class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<entry key-ref="proxyAuthenticationHandler"
value-ref="proxyPrincipalResolver" />
<entry key-ref="ldapAuthenticationHandler"
value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy"
/>
</property>
</bean>
<bean id="primaryPrincipalResolver"
class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"
>
<property name="attributeRepository" ref="attributeRepository" />
</bean>
I have attached the deployerConfigContext.xml file to make it easier to look
at, if that helps.
Thanks,
David Abney
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Misagh Moayyed
Sent: Tuesday, January 26, 2016 2:22 PM
To: [email protected]<mailto:[email protected]>
Subject: RE: [cas-user] Alternate Username with SAML 2.0
Where is your attributeRepository used in the configuration?
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of David Abney
Sent: Tuesday, January 26, 2016 6:36 AM
To: [email protected]<mailto:[email protected]>
Subject: [cas-user] Alternate Username with SAML 2.0
I have CAS 4.0.7 running and I’m testing using a different value from LDAP to
authenticate with a service that uses the SAML 2.0 (Google Apps) support
provided by CAS. I would like to use the employeeID attribute from Active
Directory as the principal Id for this service only. I have tried this setup:
Setup in deployerConifgContext.xml file:
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.StubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid" />
<entry key="mail" value="mail" />
<entry key="employeeID" value="employeeID" />
</util:map>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="5" />
<property name="name" value="---service name---" />
<property name="description" value="---service description---" />
<property name="serviceId" value="---server url---" />
<property name="evaluationOrder" value="5" />
<property name="usernameAttribute" value="employeeID" />
<property name="allowedAttributes">
<list>
<value>employeeID</value>
</list>
</property>
</bean>
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="sAMAccountName"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<!--
| This map provides a simple attribute resolution mechanism.
| Keys are LDAP attribute names, values are CAS attribute names.
| Use this facility instead of a PrincipalResolver if LDAP is
| the only attribute source.
-->
<entry key="displayName" value="displayName" />
<entry key="mail" value="mail" />
<entry key="employeeID" value="employeeID" />
</map>
</property>
</bean>
Setup in the argumentExtractorsConfiguration.xml file:
<bean id="googleAccountsArgumentExtractor"
class="org.jasig.cas.support.saml.web.support.GoogleAccountsArgumentExtractor"
p:privateKey-ref="privateKeyFactoryBean"
p:publicKey-ref="publicKeyFactoryBean"
p:alternateUsername="employeeID" />
However, in the SAML assertion that comes from CAS, the name id that is sent
over is just the text “employeeID” instead of the actual employee ID attribute
in Active Directory. Any thoughts on why it isn’t sending the employee ID
value? If I remove the alternateUsername field from the
googleAccountsArgumentExtractor, then CAS does send over the sAMAccountName
like it normally should.
Thanks,
David Abney
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
