[cas-user] simple problem with cas

Mon, 10 May 2010 17:42:43 -0700 

Hello,

I set up a cas server with a simple configuration (using  AD for 
authentication). I can go to the CAS login screen directly and 
successfully login.

I tried using mod_cas to use simple apache authentication for TWiki 
editing. Apache sends the request to the cas server page to login, which 
redirects back to the apache page, but the 'Authentication Required' 
error page shows up.

I also tried using the twiki cas module with perl AuthCAS. The edit 
request gets redirected to the cas login page, which redirects back to 
the twiki, but that yields an Internal Server Error, which, looking at 
the twiki cas auth code, has to do with the query string from the URL 
not being what the Twiki CAS auth component is expecting. The URL that 
the CAS server sends back is this one:

http://a.b.c/bin/login/TWiki/TWikiSite?t=1273537473;ticket=ST-5-xhJu5deURaXKWSbN7hu6-cas;origurl=/bin/edit/TWiki/TWikiSite%3Ft%3D1273537473%26ticket%3DST-5-xhJu5deURaXKWSbN7hu6-cas
 
<http://twiki.tcsg.igt.com/bin/login/TWiki/TWikiSite?t=1273537473;ticket=ST-5-xhJu5deURaXKWSbN7hu6-cas;origurl=/bin/edit/TWiki/TWikiSite%3Ft%3D1273537473%26ticket%3DST-5-xhJu5deURaXKWSbN7hu6-cas>

There are no useful messages returned by apache, TWiki or CAS.

Since neither client works, I am assuming I have left something very 
simple out of my server configuration, despite several reviews of the 
documentation.

I've attached my deployerConfigContext.html in case that's useful. I can 
send along the Apache and Twiki configuration related to CAS auth if needed.

What I am using:

     CentOS 5.5
     tomcat5-5.5.23-0jpp.7.el5_3.2
     java-1.6.0-openjdk-devel-1.6.0.0-1.7.b09.el5
     cas-server-3.3.5
     mod_auth_cas-1.0.7-3_ITSudParis
     httpd-2.2.3-31.el5.centos.4
     perl-AuthCAS-1.4-1.el5.rf

Thanks for any clues.

Brian

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
       xmlns:p="http://www.springframework.org/schema/p";
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
	<bean id="authenticationManager"
		class="org.jasig.cas.authentication.AuthenticationManagerImpl">
		<property name="credentialsToPrincipalResolvers">
			<list>
				<bean
					class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
				<bean
					class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
			</list>
		</property>
		<property name="authenticationHandlers">
			<list>
				<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
					<property name="httpClient" ref="httpClient" />
				</bean>
				<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
					<property name="filter" value="sAMAccountName=%u" />
					<property name="searchBase" value="cn=ad-read,ou=People,dc=b,dc=c" />
					<property name="contextSource" ref="contextSource" />
					<property name="ignorePartialResultException" value="yes" /> <!-- fix because of how AD returns results -->
				</bean>
			</list>
		</property>
	</bean>

	<bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
		<property name="userMap">
			<value>
				<!-- battags=notused,ROLE_ADMIN -->
			</value>
		</property>
	</bean> 
	
	<bean id="attributeRepository"
		class="org.jasig.services.persondir.support.StubPersonAttributeDao">
		<property name="backingMap">
			<map>
				<entry key="uid" value="uid" />
				<entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> 
				<entry key="groupMembership" value="groupMembership" />
			</map>
		</property>
	</bean>
	
	<bean
		id="serviceRegistryDao"
		class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />


	<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
		<property name="pooled" value="true"/>
		<property name="urls">
			<list>
				<value>ldaps://ad1.b.c/</value>
				<value>ldaps://ad2.b.c/</value>
			</list>
		</property>
		<property name="userDn" value="ou=People,dc=b,dc=c"/>
		<property name="password" value="abcdef"/>
		<property name="baseEnvironmentProperties">
			<map>
				<entry>
					<key>
						<value>java.naming.security.authentication</value>
					</key>
					<value>simple</value>
				</entry>
				<entry>
					<key>
						<value>com.sun.jndi.ldap.connect.timeout</value>
					</key>
					<value>5000</value>
				</entry>
				<entry>
					<key>
						<value>com.sun.jndi.ldap.read.timeout</value>
					</key>
					<value>5000</value>
				</entry>
			</map>
		</property>
	</bean>
</beans>

Reply via email to