I'm currently running CAS 3.3.5 and attempting to get SPNEGO
authentication working. I'm planning to use CAS as an intermediary
between JAMWiki and Active directory.
I've gone through the guide at
http://www.ja-sig.org/wiki/display/CASUM/SPNEGO and it appears that CAS
is attempting to perform a kerberos login for me, but I eventually get
thrown back to the forms-based login screen.
I've been following the cas.log file, but it doesn't seem to have
anything interesting in it. Glassfish's server.log and jvm.log files
don't have anything of interest either.
Here is my partially sanitised jcifsConfig. I'm a bit unsure about the
loginConf directive:
<bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
<property name="jcifsServicePrincipal" value="HTTP/[email protected]" />
<property name="jcifsServicePassword" value="password" />
<property name="kerberosDebug" value="true" />
<property name="kerberosRealm" value="KERBEROS.REALM" />
<property name="kerberosKdc" value="192.168.1.25" />
<property name="loginConf"
value="c:\glassfishv3\glassfish\domains\domain1\applications\cas-server-webapp-3.3.5\WEB-INF\login.conf"
/>
</bean>
Here are the relevant headers captured from a login attempt:
http://dublin:8080/cas/login
GET /cas/login HTTP/1.1
Host: dublin:8080
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4 AutoPager/0.6.0.28
AutoPager/0.6.0.28
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-AutoPager: 0.6.0.28
Cookie: JSESSIONID=a39183b8d223cff15fd6e5b099fa;
treeForm:tree-hi=treeForm:tree:applications;
JSESSIONID=a07370534c602d94f15d3c49e883
Cache-Control: max-age=0
HTTP/1.1 401 Unauthorized
X-Powered-By: JSP/2.1
Server: GlassFish v3
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store
WWW-Authenticate: Negotiate
Set-Cookie: JSESSIONID=a451bfdb7fa1827c6c85fba528a4; Path=/cas
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked
Date: Sat, 15 May 2010 04:42:20 GMT
----------------------------------------------------------
http://dublin:8080/cas/login
GET /cas/login HTTP/1.1
Host: dublin:8080
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4 AutoPager/0.6.0.28
AutoPager/0.6.0.28 AutoPager/0.6.0.28
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-AutoPager: 0.6.0.28
Cookie: JSESSIONID=a451bfdb7fa1827c6c85fba528a4;
treeForm:tree-hi=treeForm:tree:applications;
JSESSIONID=a07370534c602d94f15d3c49e883
Cache-Control: max-age=0, max-age=0
Authorization: Negotiate
[BIG LONG KEY HERE]
HTTP/1.1 401 Unauthorized
X-Powered-By: JSP/2.1
Server: GlassFish v3
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked
Date: Sat, 15 May 2010 04:42:20 GMT
--
<BR>
You are currently subscribed to [email protected] as:
[email protected]
<BR>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
