Folks I'm trying to configure CAS 5.0.0 RC1 with X509 Authentication, but it isn't working.
I'm getting errors: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'x509AuthenticationConfiguration': Unsatisfied dependency expressed through field 'revocationChecker': Error creating bean with name 'resourceCrlRevocationChecker' defined in class path resource [org/apereo/cas/adaptors/x509/config/X509AuthenticationConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.adaptors.x509.authentication.handler.support.RevocationChecker]: Circular reference involving containing bean 'x509AuthenticationConfiguration' - consider declaring the factory method as static for independence from its containing instance. Factory method 'resourceCrlRevocationChecker' threw exception; nested exception is java.lang.NullPointerException; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'resourceCrlRevocationChecker' defined in class path resource [org/apereo/cas/adaptors/x509/config/X509AuthenticationConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.adaptors.x509.authentication.handler.support.RevocationChecker]: Circular reference involving containing bean 'x509AuthenticationConfiguration' - consider declaring the factory method as static for independence from its containing instance. Factory method 'resourceCrlRevocationChecker' threw exception; nested exception is java.lang.NullPointerException In fact i'm not sure how to do it. I did read https://apereo.github.io/cas/development/installation/X509-Authentication.html I tryed this: <bean id="crlCache" class="org.springframework.cache.ehcache.EhCacheFactoryBean" p:cacheName="CRLCache" p:eternal="false" p:overflowToDisk="false" p:maxElementsInMemory="100" p:timeToLive="3600" p:timeToIdle="3600"> <property name="cacheManager"> <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" /> </property> </bean> <alias name="resourceCrlRevocationChecker" alias="x509RevocationChecker" /> <util:set id="x509CrlResources" > <ref bean="crlCache"/> </util:set> Can somebody show me what I'm doing wrong? Thanks Em quarta-feira, 8 de junho de 2016 15:53:50 UTC-3, Nick Couchman escreveu: > > First, I'm new to CAS and am still working my way around it, Spring, and > Maven. Have mercy on the newbie. My environment is a Linux server running > Apache Tomcat 8 with JDK 1.8. I've successfully configured LDAP > authentication based on the cas/login page - I can enter an e-mail address > and password for an LDAP user and get a successful login. > > I'm still working on "CASifying" my apps, or at least finding the ones > that support SAML, OAUTH, and OpenID and beginning to integrate those into > CAS. Very early on in those stages. > > However, one thing I'd like to do is configure x509 client certificate > ("PKI") authentication to CAS along with LDAP. We issue certificates with > a local CA, and the certificate subject name matches the user's LDAP DN. > So, what I'd like to do with the login flow with CAS is something like > this: > - User/Application directs to CAS login page. > - CAS looks for/prompts for x509 certificate from user/browser. > - If user provides a certificate, CAS verifies it is issued by local CA, > looks for the certificate subject name in LDAP, compares provided cert to > the LDAP userCertificate field, and examines CRL distribution point to make > sure certificate is valid. > - If certificate matches, is valid, etc., login succeeds, and the LDAP > mail attribute is used as the login name/principal name for the login, and > control is returned to app that requested login. > - If certificate is not provided, does not match, etc., user is directed > to login page. > - User can enter e-mail address and LDAP password at login page. > - If LDAP authentication succeeds, user is logged in and control is > returned to the requesting app. > - Else login fails. > > So, first, I'd like to know if a configuration like this is possible? I > suspect that it is, based on how flexible and powerful the CAS server is, > but don't want to make that assumption and start working on it only to find > out it doesn't work. If it is possible, can anyone provide any hints, > example configurations, etc., that would get me headed in the right > direction? > > Thanks, > Nick > -- CAS gitter chatroom: https://gitter.im/apereo/cas CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html CAS documentation website: https://apereo.github.io/cas CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8e9f8381-10a7-4c89-a74d-addcaf55d0ca%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
