Re:[cas-user] Problems with CAS-ifying a JEE application using JAAS

Wed, 17 Nov 2010 02:11:18 -0800 


Marvin Addison wrote:
> 
>> How can I debug this?
> 
> Debugging JAAS is a pain, and I can't really offer any additional
> suggestions for more logging.  It will likely be a trial-and-error
> effort.
> 

I have managed to spot a nasty typo in my login-config.xml:

instead of 
<login-module code="org.jasig.cas.client.jaas.CasLoginModule"
flag="required"> options </login-module>

a wrote:

<login-module code="org.jasig.cas.client.jaas.CasLoginModule"
flag="required" /> options

I must have make that error when translating by hand the old Sun syntax from
the wiki page to XML version. If you plan to update the wiki (e.g. in order
to mention about the redirection filter), consider adding the XML config as
well, it might help other, here it is:

  <application-policy name="cas">
    <authentication>
                <login-module code="org.jasig.cas.client.jaas.CasLoginModule"
flag="required">
                        <module-option
name="ticketValidatorClass">org.jasig.cas.client.validation.Saml11TicketValidator</module-option>
                        <module-option
name="casServerUrlPrefix">https://cas.example.com/cas</module-option>
                        <module-option name="tolerance">20000</module-option>
                        <module-option
name="service">https://webapp.example.com/webapp</module-option>
                        <module-option 
name="defaultRoles">admin,operator</module-option>
                        <module-option
name="roleAttributeNames">memberOf,eduPersonAffiliation</module-option>
                        <module-option 
name="principalGroupName">CallerPrincipal</module-option>
                        <module-option 
name="roleGroupName">Roles</module-option>
                        <module-option 
name="cacheAssertions">true</module-option>
                        <module-option name="cacheTimeout">480</module-option>
                </login-module>
    </authentication>


Also, it turned out that apart from cas-client-core*.jar and
cas-client-integration-jboss*.jar JAR supporting the ticket validation might
be required, e.g. opensaml-1.1.jar in case of the Saml11TicketValidator.

Now I have the EJB->JAAS->CAS integration almost working, just need to solve
the SSL certificate issues.

Thanks a lot, Maciek
-- 
View this message in context: 
http://jasig.275507.n4.nabble.com/Problems-with-CAS-ifying-a-JEE-application-using-JAAS-tp3044438p3046402.html
Sent from the CAS Users mailing list archive at Nabble.com.

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to