Hi Will,
From what you posted it looks like your SPNEGO configuration is
incomplete. I am successfully doing CAS + SPNEGO with my cas servers hosted
on RHEL v5.
Here is my list of credentialsToPrincipalResolvers in mydeployerConfig.xml
file
<bean
class="org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver"
/>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
And here is my jcifs spnego auth handler support bean config
<bean
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler">
<property name="authentication">
<bean class="jcifs.spnego.Authentication" />
</property>
<property name="principalWithDomainName" value="false" />
<property name="NTLMallowed" value="false" />
</bean>
And finally, here is my jcifsConfig bean
<bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
<property name="jcifsServicePrincipal"
value="${cas.jcifs.service.principal}" />
<property name="jcifsServicePassword"
value="${cas.jcifs.service.password}"/>
<property name="kerberosDebug" value="${cas.jcifs.kerberos.debug}" />
<property name="kerberosConf" value="${cas.kerberos.conf.path}" />
<property name="loginConf" value="${cas.jcifs.login.conf.path}" />
</bean>
Hope this helps
Dean
--
View this message in context:
http://n4.nabble.com/CAS-SPNEGO-authentication-always-right-with-IE-tp1568991p1578668.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
