I am using Tomcat5.5 CAS3.3.3 I get no exceptions in syslog if I remove cas and restart.
Please help. Thanks, Sri. Aug 13 17:45:23 megha jsvc.exec[29469]: log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester.sax). Aug 13 17:45:23 megha jsvc.exec[29469]: log4j:WARN Please initialize the log4j system properly. Aug 13 17:45:23 megha jsvc.exec[29469]: 2009-08-13 17:45:23,702 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas]] -<Exception sending context initialized event to listener instance of class org.springframework.web.util.Log4jConfigListener> java.security.AccessControlException: access denied (java.io.FilePermission /var/lib/tomcat5.5/logs/cas.log write) ^Iat java.security.AccessControlContext.checkPermission(AccessControlContext.java:342 ) ^Iat java.security.AccessController.checkPermission(AccessController.java:553) ^Iat java.lang.SecurityManager.checkPermission(SecurityManager.java:549) ^Iat java.lang.SecurityManager.checkWrite(SecurityManager.java:979) ^Iat java.io.FileOutputStream.<init>(FileOutputStream.java:198) ^Iat java.io.FileOutputStream.<init>(FileOutputStream.java:131) ^Iat org.apache.log4j.FileAppender.setFile(FileAppender.java:290) ^Iat org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:194) ^Iat org.apache.log4j.FileAppender.activateOptions(FileAppender ________________________________ From: John King <[email protected]> To: [email protected] Sent: Thursday, August 13, 2009 9:53:54 AM Subject: Re: [cas-user] SSO credential caching and Oracle External Apps Thanks for your help everyone! I suppose I'm looking for a generic way of front-ending applications that don't directly support CAS (and that I can't make changes to). I think ClearPass will be a great way of doing this. I don't need to make changes to CAS directly, I'll just write an app that grabs the attributes using the CAS client and passes the credentials along. I also really like the idea of being able to store credentials in memory - it provides a distinct security advantage to Oracle's method of caching this information to a database. Thanks again, John Dale Ogilvie wrote: > In some cases we return clear text credentials to the application in an > attribute of the CAS validation response. So you might define user > attributes OraclePortalUser, > OraclePortalPassword and these would be configured in service > management to only be returned to the OraclePortal service. Then the > CAS'ified OraclePortal can establish an appropriate user session after > validating the service ticket. > > ________________________________ > > From: Scott Battaglia [mailto:[email protected]] Sent: Wednesday, 12 > August 2009 3:41 a.m. > To: [email protected] > Subject: Re: [cas-user] SSO credential caching and Oracle External Apps > > > You might want to take a look at ClearPass: > http://www.ja-sig.org/wiki/display/CAS/Proxying+clear-text+credentials > > Cheers, > Scott > > > > On Tue, Aug 11, 2009 at 11:36 AM, John King <[email protected]> wrote: > > > Hello, > > Our campus has been using an SSO approach that combines Oracle > External Applications with a little custom code. This basically caches > the user's credentials and supplies them (via a bit of javascript) when > you link from the portal. > > This is, of course, less than ideal. While the password is > scrambled, it shouldn't be there in a reversible way at all. Secondly, > the SSO only works one-way, from the portal to the external app. > > We're preparing a CAS setup as part of our move from Oracle > Portal to uPortal. I'd like to eventually CAS-ify all of our > applications, but I need a temporary solution that removes the > dependency on our Oracle infrastructure but provides similar > functionality. Any recommendations? Has anyone built something like this > before that ties into CAS? > > Thanks! > John > > -- John N. King > Web Developer > Computing & Information Technology > SUNY Geneseo > South Hall 124A2 > 585-245-5577 > [email protected] > > -- You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- John N. King Web Developer Computing & Information Technology SUNY Geneseo South Hall 124A2 585-245-5577 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
