One immediate problem I notice is that you have no CredentialsToPrincipalResolver to convert the result returned from LDAP into a Principal. You've got one to convert any results returned via SPNEGO and any results returned from the proxy-authentication (i.e. the Http-Based resolver)
Adding a resolver should allow you to authenticate via the login page. Cheers, Scott On Thu, Jan 21, 2010 at 3:06 PM, Brandon Jackson <[email protected]>wrote: > Hello, > > Our company wanted me to configure CAS to authenticate against Active > Directory using the SPNEGO protocol and if that did not work, prompt a user > for a username and password that could authenticate them against active > directory that way. > > My interpretation of the wiki was, setup SPNEGO. (DONE). > Then setup LDAP binding authenticating method. (DONE). > > Having these two correctly configured, if one fails, the other will pick up > the slack. The login-webflow seem indicate trying SPNEGO first, then resort > to username and pass, which can be tried against AD, presumably with the > LDAP method. > > I see some ticket activity that seems to indicate success in the cas.log > file, but I do see the login screen, which to me indicates either SPNEGO > failure or handling success in the wrong way. If I try to enter a username > and password, it looks like they both make it in the program, there is more > success of one thing or another and I see a failure message on the login > screen. > > Would you please glance at my configuration and the cas log to see what's > actually working and what's not? > There are enough moving parts that I'm not sure how to limit the scope of > my focus at the moment. > > Thank you ahead of time for looking. The passwords revealed in the setup > files have all been changed. > > From the bottom of cas.log up: > 1) An attempt at using a username and password > 2) Preceeded by viewing the website using Internet Explorer (trying > SPNEGO). My user was logged into the domain on that Windows computer. > > Brandon > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
