Re: [cas-user] SPNEGO and CAS Server on Windows Server 2008

Pavel Tavoda Mon, 31 Jan 2011 06:17:04 -0800

Normally when I download cas-server...tar.gz I just extract war and
then also config from war. Than I update configuration and libraries
directly in war without necessity to rebuild with maven. Something
like
   jar uvf WEB-INF/login.conf ../cas-web.war
or
   jar uvf WEB-INF/lib/somelib.jar ../cas-web.war


Then if exception is fired you can see it in log/catalina.out. For
debugging is good to run it on command line with:
   -Dsun.security.krb5.debug=true
and also don't forget
   -Djava.security.krb5.conf=N:\outils\apache-tomcat-6.0.30\krb5.conf

Pavel

On Mon, Jan 31, 2011 at 11:15 AM, Romain LEGUAY <[email protected]> wrote:
> Thanks for your reply.
>
> I think I might have some problems to deploy CAS.
> I use this procedure:
> 0) For more precision, I use maven 2.2.1, java 1.6.0_20.
> 1) I download CAS 
> (http://downloads.jasig.org/cas/cas-server-3.4.5-release.tar.gz)
> 2) I download Tomcat 6 for windows x64 
> (http://mirror.mkhelif.fr/apache/tomcat/tomcat-6/v6.0.30/bin/apache-tomcat-6.0.30-windows-x64.zip)
> 3) I extract CAS in N:\CAS and Tomcat in N:\outils\apache-tomcat-6.0.30\.
> 4) In a DOS window, I go to N:\CAS and do "mvn eclipse:eclipse" to create 
> eclipse project from cas sources.
> 5) In Eclipse, I import those projects (and enable Maven dependencies) (with 
> m2eclipse plugin).
> 6) In cas-server-webapp project I follow this : 
> https://wiki.jasig.org/display/CASUM/SPNEGO
> 7) I create the war package (from cas-server-webapp project) with: mvn 
> package (or in Eclipse Run as... -> Maven package)
> 8) I put the war package in the webapp folder in Tomcat.
>
> I attach you the three XML files I modify in cas-server-webapp project, 
> login.conf and krb5.conf.
> Did I forget to put any packages?
>
> Regards,
> Romain
>
> --------------------------------------------------------------------
> N:\outils\apache-tomcat-6.0.30\krb5.conf
> --------------------------------------------------------------------
> [libdefaults]
>    ticket_lifetime = 24000
>    default_realm = ENM.JUSTICE.FR
>        default_keytab_name = N:\KerberosKDC\ADLecteur.keytab
>        dns_lookup_realm = false
>        dns_lookup_kdc = false
>        default_tkt_enctypes = rc4-hmac
>        default_tgs_enctypes = rc4-hmac
>        default_domain = ENM.JUSTICE.FR
>
> [realms]
>        ENM.JUSTICE.FR  = {
>            kdc = kirk.enm.justice.fr
>        default_domain = ENM.JUSTICE.FR
>        }
>
> [domain_realm]
>        .ENM.JUSTICE.FR = ENM.JUSTICE.FR
>                enm.justice.fr = ENM.JUSTICE.FR
>
> [appdefaults]
> pam = {
>   debug = true
>   ticket_lifetime = 36000
>   renew_lifetime = 36000
>   forwardable = true
>   krb4_convert = false
> }
>
>
> --------------------------------------------------------------------
> N:\outils\apache-tomcat-6.0.30\login.conf
> --------------------------------------------------------------------
> spnego-client {
>        com.sun.security.auth.module.Krb5LoginModule required;
> };
>
> spnego-server {
>        com.sun.security.auth.module.Krb5LoginModule required
>        storeKey=true
>        isInitiator=false;
> };
>
> jcifs.spnego.initiate {
>   com.sun.security.auth.module.Krb5LoginModule required storeKey=true;
> };
>
> jcifs.spnego.accept {
>   com.sun.security.auth.module.Krb5LoginModule required storeKey=true;
> };
>
> custom-client {
>  com.sun.security.auth.module.Krb5LoginModule required
>    storeKey=true
>    useKeyTab=true
>    keyTab="file:///N:/KerberosKDC/ADLecteur.keytab"
>    principal=adlecteur;
> };
>
>
> --------------------------------------------------------------------
> deployerConfigContext.xml
> --------------------------------------------------------------------
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
>        | deployerConfigContext.xml centralizes into one file some of the 
> declarative configuration that
>        | all CAS deployers will need to modify.
>        |
>        | This file declares some of the Spring-managed JavaBeans that make up 
> a CAS deployment.
>        | The beans declared in this file are instantiated at context 
> initialization time by the Spring
>        | ContextLoaderListener declared in web.xml.  It finds this file 
> because this
>        | file is among those declared in the context parameter 
> "contextConfigLocation".
>        |
>        | By far the most common change you will need to make in this file is 
> to change the last bean
>        | declaration to replace the default 
> SimpleTestUsernamePasswordAuthenticationHandler with
>        | one implementing your approach for authenticating usernames and 
> passwords.
>        +-->
> <beans xmlns="http://www.springframework.org/schema/beans";
>       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>       xmlns:p="http://www.springframework.org/schema/p";
>       xmlns:sec="http://www.springframework.org/schema/security";
>       xsi:schemaLocation="http://www.springframework.org/schema/beans 
> http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
>       http://www.springframework.org/schema/security 
> http://www.springframework.org/schema/security/spring-security-3.0.xsd";>
>        <!--
>                | This bean declares our AuthenticationManager.  The 
> CentralAuthenticationService service bean
>                | declared in applicationContext.xml picks up this 
> AuthenticationManager by reference to its id,
>                | "authenticationManager".  Most deployers will be able to use 
> the default AuthenticationManager
>                | implementation and so do not need to change the class of 
> this bean.  We include the whole
>                | AuthenticationManager here in the userConfigContext.xml so 
> that you can see the things you will
>                | need to change in context.
>                +-->
>        <bean id="authenticationManager"
>                class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>                <!--
>                        | This is the List of CredentialToPrincipalResolvers 
> that identify what Principal is trying to authenticate.
>                        | The AuthenticationManagerImpl considers them in 
> order, finding a CredentialToPrincipalResolver which
>                        | supports the presented credentials.
>                        |
>                        | AuthenticationManagerImpl uses these resolvers for 
> two purposes.  First, it uses them to identify the Principal
>                        | attempting to authenticate to CAS /login .  In the 
> default configuration, it is the DefaultCredentialsToPrincipalResolver
>                        | that fills this role.  If you are using some other 
> kind of credentials than UsernamePasswordCredentials, you will need to replace
>                        | DefaultCredentialsToPrincipalResolver with a 
> CredentialsToPrincipalResolver that supports the credentials you are
>                        | using.
>                        |
>                        | Second, AuthenticationManagerImpl uses these 
> resolvers to identify a service requesting a proxy granting ticket.
>                        | In the default configuration, it is the 
> HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
>                        | You will need to change this list if you are 
> identifying services by something more or other than their callback URL.
>                        +-->
>                <property name="credentialsToPrincipalResolvers">
>                        <list>
>                                <bean 
> class="org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver"
>  />
>                        </list>
>                </property>
>
>                <!--
>                        | Whereas CredentialsToPrincipalResolvers identify who 
> it is some Credentials might authenticate,
>                        | AuthenticationHandlers actually authenticate 
> credentials.  Here we declare the AuthenticationHandlers that
>                        | authenticate the Principals that the 
> CredentialsToPrincipalResolvers identified.  CAS will try these handlers in 
> turn
>                        | until it finds one that both supports the 
> Credentials presented and succeeds in authenticating.
>                        +-->
>                <property name="authenticationHandlers">
>                        <list>
>                                <bean 
> class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler">
>                                        <property name="authentication">
>                                          <bean 
> class="jcifs.spnego.Authentication" />
>                                        </property>
>                                        <property 
> name="principalWithDomainName" value="false" />
>                                        <property name="NTLMallowed" 
> value="true"/>
>                                </bean>
>                        </list>
>                </property>
>        </bean>
>
>        <bean name="jcifsConfig" 
> class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
>          <property name="jcifsServicePrincipal" 
> value="HTTP/[email protected]" />
>          <property name="jcifsServicePassword" value="adlecteur" />
>          <property name="kerberosDebug" value="true" />
>          <property name="kerberosRealm" value="ENM.JUSTICE.FR" />
>          <property name="kerberosKdc" value="enm.justice.fr" />
>          <property name="loginConf" 
> value="N:\outils\apache-tomcat-6.0.30\login.conf" />
>        </bean>
>
>
>        <!--
>        This bean defines the security roles for the Services Management 
> application.  Simple deployments can use the in-memory version.
>        More robust deployments will want to use another option, such as the 
> Jdbc version.
>
>        The name of this should remain "userDetailsService" in order for 
> Spring Security to find it.
>         -->
>    <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" 
> authorities="ROLE_ADMIN" />-->
>
>    <!-- <sec:user-service id="userDetailsService">
>        <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" 
> authorities="ROLE_ADMIN" />
>    </sec:user-service> -->
>
>        <!--
>        Bean that defines the attributes that a service may return.  This 
> example uses the Stub/Mock version.  A real implementation
>        may go against a database or LDAP server.  The id should remain 
> "attributeRepository" though.
>         -->
>        <bean id="attributeRepository"
>                
> class="org.jasig.services.persondir.support.StubPersonAttributeDao">
>                <property name="backingMap">
>                        <map>
>                                <entry key="uid" value="uid" />
>                                <entry key="eduPersonAffiliation" 
> value="eduPersonAffiliation" />
>                                <entry key="groupMembership" 
> value="groupMembership" />
>                        </map>
>                </property>
>        </bean>
>
>        <!--
>        Sample, in-memory data store for the ServiceRegistry. A real 
> implementation
>        would probably want to replace this with the JPA-backed 
> ServiceRegistry DAO
>        The name of this bean should remain "serviceRegistryDao".
>         -->
>        <bean
>                id="serviceRegistryDao"
>        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
>            <property name="registeredServices">
>                <list>
>                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
>                        <property name="id" value="0" />
>                        <property name="name" value="HTTP" />
>                        <property name="description" value="Only Allows HTTP 
> Urls" />
>                        <property name="serviceId" value="http://**"; />
>                    </bean>
>
>                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
>                        <property name="id" value="1" />
>                        <property name="name" value="HTTPS" />
>                        <property name="description" value="Only Allows HTTPS 
> Urls" />
>                        <property name="serviceId" value="https://**"; />
>                    </bean>
>
>                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
>                        <property name="id" value="2" />
>                        <property name="name" value="IMAPS" />
>                        <property name="description" value="Only Allows HTTPS 
> Urls" />
>                        <property name="serviceId" value="imaps://**" />
>                    </bean>
>
>                    <bean class="org.jasig.cas.services.RegisteredServiceImpl">
>                        <property name="id" value="3" />
>                        <property name="name" value="IMAP" />
>                        <property name="description" value="Only Allows IMAP 
> Urls" />
>                        <property name="serviceId" value="imap://**" />
>                    </bean>
>                </list>
>            </property>
>    </bean>
> </beans>
>
>
>
> --------------------------------------------------------------------
> login-webflow.xml
> --------------------------------------------------------------------
> <?xml version="1.0" encoding="UTF-8"?>
> <flow xmlns="http://www.springframework.org/schema/webflow";
>      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>      xsi:schemaLocation="http://www.springframework.org/schema/webflow
>                          
> http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd";>
>
>    <on-start>
>        <evaluate expression="initialFlowSetupAction" />
>    </on-start>
>
>        <decision-state id="ticketGrantingTicketExistsCheck">
>                <if test="flowScope.ticketGrantingTicketId neq null" 
> then="hasServiceCheck" else="gatewayRequestCheck" />
>        </decision-state>
>
>        <decision-state id="gatewayRequestCheck">
>                <if test="externalContext.requestParameterMap['gateway'] neq 
> '' &amp;&amp; externalContext.requestParameterMap['gateway'] neq null 
> &amp;&amp; flowScope.service neq null" then="gatewayServicesManagementCheck" 
> else="startAuthenticate" />
>        </decision-state>
>
>        <decision-state id="hasServiceCheck">
>                <if test="flowScope.service != null" then="renewRequestCheck" 
> else="viewGenericLoginSuccess" />
>        </decision-state>
>
>        <decision-state id="renewRequestCheck">
>                <if test="externalContext.requestParameterMap['renew'] neq '' 
> &amp;&amp; externalContext.requestParameterMap['renew'] neq null" 
> then="startAuthenticate" else="generateServiceTicket" />
>        </decision-state>
>
>        <!--
>                The "warn" action makes the determination of whether to 
> redirect directly to the requested
>                service or display the "confirmation" page to go back to the 
> server.
>        -->
>        <decision-state id="warn">
>                <if test="flowScope.warnCookieValue" then="showWarningView" 
> else="redirect" />
>        </decision-state>
>
>        <action-state id="startAuthenticate">
>          <evaluate expression="negociateSpnego" />
>          <transition on="success" to="spnego" />
>        </action-state>
>
>        <action-state id="spnego">
>          <evaluate expression="spnego" />
>          <transition on="success" to="sendTicketGrantingTicket" />
>          <transition on="error" to="viewLoginForm" />
>        </action-state>
>
>        <!--
>        <action-state id="startAuthenticate">
>                <action bean="x509Check" />
>                <transition on="success" to="sendTicketGrantingTicket" />
>                <transition on="warn" to="warn" />
>                <transition on="error" to="viewLoginForm" />
>        </action-state>
>         -->
>        <view-state id="viewLoginForm" view="casLoginView" model="credentials">
>        <var name="credentials" 
> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentials" />
>        <binder>
>            <binding property="username" />
>            <binding property="password" />
>        </binder>
>        <on-entry>
>            <set name="viewScope.commandName" value="'credentials'" />
>        </on-entry>
>                <transition on="submit" bind="true" validate="true" 
> to="realSubmit">
>            <set name="flowScope.credentials" value="credentials" />
>            <evaluate 
> expression="authenticationViaFormAction.doBind(flowRequestContext, 
> flowScope.credentials)" />
>        </transition>
>        </view-state>
>
>        <action-state id="realSubmit">
>        <evaluate 
> expression="authenticationViaFormAction.submit(flowRequestContext, 
> flowScope.credentials, messageContext)" />
>                <transition on="warn" to="warn" />
>                <transition on="success" to="sendTicketGrantingTicket" />
>                <transition on="error" to="viewLoginForm" />
>        </action-state>
>
>        <action-state id="sendTicketGrantingTicket">
>        <evaluate expression="sendTicketGrantingTicketAction" />
>                <transition to="serviceCheck" />
>        </action-state>
>
>        <decision-state id="serviceCheck">
>                <if test="flowScope.service neq null" 
> then="generateServiceTicket" else="viewGenericLoginSuccess" />
>        </decision-state>
>
>        <action-state id="generateServiceTicket">
>        <evaluate expression="generateServiceTicketAction" />
>                <transition on="success" to ="warn" />
>                <transition on="error" to="viewLoginForm" />
>                <transition on="gateway" to="gatewayServicesManagementCheck" />
>        </action-state>
>
>    <action-state id="gatewayServicesManagementCheck">
>        <evaluate expression="gatewayServicesManagementCheck" />
>        <transition on="success" to="redirect" />
>    </action-state>
>
>    <action-state id="redirect">
>        <evaluate 
> expression="flowScope.service.getResponse(requestScope.serviceTicketId)" 
> result-type="org.jasig.cas.authentication.principal.Response" 
> result="requestScope.response" />
>        <transition to="postRedirectDecision" />
>    </action-state>
>
>    <decision-state id="postRedirectDecision">
>        <if test="requestScope.response.responseType.name() eq 'POST'" 
> then="postView" else="redirectView" />
>    </decision-state>
>
>        <!--
>                the "viewGenericLogin" is the end state for when a user 
> attempts to login without coming directly from a service.
>                They have only initialized their single-sign on session.
>        -->
>        <end-state id="viewGenericLoginSuccess" 
> view="casLoginGenericSuccessView" />
>
>        <!--
>                The "showWarningView" end state is the end state for when the 
> user has requested privacy settings (to be "warned") to be turned on.  It 
> delegates to a
>                view defines in default_views.properties that display the 
> "Please click here to go to the service." message.
>        -->
>        <end-state id="showWarningView" view="casLoginConfirmView" />
>
>    <end-state id="postView" view="postResponseView">
>        <on-entry>
>            <set name="requestScope.parameters" 
> value="requestScope.response.attributes" />
>            <set name="requestScope.originalUrl" value="flowScope.service.id" 
> />
>        </on-entry>
>    </end-state>
>
>        <!--
>                The "redirect" end state allows CAS to properly end the 
> workflow while still redirecting
>                the user back to the service required.
>        -->
>        <end-state id="redirectView" 
> view="externalRedirect:${requestScope.response.url}" />
>
>        <end-state id="viewServiceErrorView" view="viewServiceErrorView" />
>
>    <end-state id="viewServiceSsoErrorView" view="viewServiceSsoErrorView" />
>
>        <global-transitions>
>                <transition to="viewServiceErrorView" 
> on-exception="org.springframework.webflow.execution.repository.NoSuchFlowExecutionException"
>  />
>        <transition to="viewServiceSsoErrorView" 
> on-exception="org.jasig.cas.services.UnauthorizedSsoServiceException" />
>                <transition to="viewServiceErrorView" 
> on-exception="org.jasig.cas.services.UnauthorizedServiceException" />
>        </global-transitions>
> </flow>
>
>
>
> --------------------------------------------------------------------
> cas-servlet.xml
> --------------------------------------------------------------------
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans";
>       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>       xmlns:webflow="http://www.springframework.org/schema/webflow-config";
>       xmlns:p="http://www.springframework.org/schema/p";
>       xsi:schemaLocation="http://www.springframework.org/schema/beans 
> http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
>       http://www.springframework.org/schema/webflow-config 
> http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.0.xsd";>
>
>        <bean id="casPropertyPlaceholderConfigurer2" 
> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
>                p:location="/WEB-INF/cas.properties" />
>
>        <!-- Theme Resolver -->
>        <bean id="themeResolver" 
> class="org.jasig.cas.services.web.ServiceThemeResolver"
>                p:defaultThemeName="${cas.themeResolver.defaultThemeName}"
>        p:argumentExtractors-ref="argumentExtractors"
>        p:servicesManager-ref="servicesManager">
>        <property name="mobileBrowsers">
>            <map>
>                <entry key=".*iPhone.*" value="iphone" />
>                <entry key=".*Android.*" value="iphone" />
>                <entry key=".*Safari.*Pre.*" value="iphone" />
>                <entry key=".*Nokia.*AppleWebKit.*" value="iphone" />
>            </map>
>        </property>
>    </bean>
>
>        <!-- View Resolver -->
>        <bean id="viewResolver" 
> class="org.springframework.web.servlet.view.ResourceBundleViewResolver"
>                p:order="0">
>                <property name="basenames">
>                        <list>
>                                <value>${cas.viewResolver.basename}</value>
>                                <value>protocol_views</value>
>                        </list>
>                </property>
>        </bean>
>
>        <!-- Locale Resolver -->
>        <bean id="localeResolver" 
> class="org.springframework.web.servlet.i18n.CookieLocaleResolver" />
>
>        <bean id="localeChangeInterceptor" 
> class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor" />
>
>        <bean id="urlBasedViewResolver" 
> class="org.springframework.web.servlet.view.UrlBasedViewResolver"
>                
> p:viewClass="org.springframework.web.servlet.view.InternalResourceView"
>        p:prefix="/WEB-INF/view/jsp/"
>        p:suffix=".jsp"
>        p:order="1"/>
>
>        <bean id="errorHandlerResolver" 
> class="org.jasig.cas.web.NoSuchFlowExecutionExceptionResolver" />
>
>    <bean 
> class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter" />
>
>        <bean
>                id="handlerMappingC"
>                
> class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
>                <property
>                        name="mappings">
>                        <props>
>                                <prop
>                                        key="/logout">
>                                        logoutController
>                                </prop>
>                                <prop
>                                        key="/serviceValidate">
>                                        serviceValidateController
>                                </prop>
>                                <prop
>                                        key="/validate">
>                                        legacyValidateController
>                                </prop>
>                                <prop
>                                        key="/proxy">
>                                        proxyController
>                                </prop>
>                                <prop
>                                        key="/proxyValidate">
>                                        proxyValidateController
>                                </prop>
>                                <prop
>                                        key="/samlValidate">
>                                        samlValidateController
>                                </prop>
>
>                                <prop
>                                        key="/services/add.html">
>                                        
> addRegisteredServiceSimpleFormController
>                                </prop>
>
>                                <prop
>                                        key="/services/edit.html">
>                                        
> editRegisteredServiceSimpleFormController
>                                </prop>
>
>                                <prop
>                                        key="/services/loggedOut.html">
>                                        serviceLogoutViewController
>                                </prop>
>
>                <prop key="/services/viewStatistics.html">
>                    viewStatisticsController
>                </prop>
>
>                                <prop 
> key="/services/*">manageRegisteredServicesMultiActionController</prop>
>                                <prop 
> key="/openid/*">openIdProviderController</prop>
>                <prop 
> key="/authorizationFailure.html">passThroughController</prop>
>                <prop key="/403.html">passThroughController</prop>
>                        </props>
>                </property>
>                <property
>                        name="alwaysUseFullPath" value="true" />
>                <!--
>                uncomment this to enable sending PageRequest events.
>                <property
>                        name="interceptors">
>                        <list>
>                                <ref 
> bean="pageRequestHandlerInterceptorAdapter" />
>                        </list>
>                </property>
>                 -->
>        </bean>
>
>    <bean id="passThroughController" 
> class="org.springframework.web.servlet.mvc.UrlFilenameViewController" />
>
>        <bean
>                id="openIdProviderController"
>                class="org.jasig.cas.web.OpenIdProviderController"
>                
> p:loginUrl="${cas.securityContext.casProcessingFilterEntryPoint.loginUrl}" />
>
>        <bean
>                id="serviceLogoutViewController"
>                
> class="org.springframework.web.servlet.mvc.ParameterizableViewController"
>                p:viewName="serviceLogoutView" />
>
>    <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" 
> p:flowRegistry-ref="flowRegistry" p:order="2">
>        <property name="interceptors">
>            <ref local="localeChangeInterceptor" />
>        </property>
>    </bean>
>
>
>    <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerAdapter"
>        p:flowExecutor-ref="flowExecutor"
>        p:flowUrlHandler-ref="flowUrlHandler" />
>
>    <bean id="flowUrlHandler" 
> class="org.jasig.cas.web.flow.CasDefaultFlowUrlHandler" />
>
>    <webflow:flow-executor id="flowExecutor" flow-registry="flowRegistry">
>        <webflow:flow-execution-attributes>
>            <webflow:always-redirect-on-pause value="false" />
>        </webflow:flow-execution-attributes>
>    </webflow:flow-executor>
>
>    <webflow:flow-registry id="flowRegistry" flow-builder-services="builder">
>        <webflow:flow-location path="/WEB-INF/login-webflow.xml" id="login" />
>    </webflow:flow-registry>
>
>    <webflow:flow-builder-services id="builder" 
> view-factory-creator="viewFactoryCreator" 
> expression-parser="expressionParser" />
>
>    <bean id="expressionParser" 
> class="org.springframework.webflow.expression.WebFlowOgnlExpressionParser" />
>
>    <bean id="viewFactoryCreator" 
> class="org.springframework.webflow.mvc.builder.MvcViewFactoryCreator">
>        <property name="viewResolvers">
>            <list>
>                <ref local="viewResolver" />
>            </list>
>        </property>
>    </bean>
>        <bean id="proxyValidateController" 
> class="org.jasig.cas.web.ServiceValidateController"
>                
> p:centralAuthenticationService-ref="centralAuthenticationService"
>                p:proxyHandler-ref="proxy20Handler"
>                p:argumentExtractor-ref="casArgumentExtractor" />
>
>        <bean id="serviceValidateController" 
> class="org.jasig.cas.web.ServiceValidateController"
>                
> p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"
>                
> p:centralAuthenticationService-ref="centralAuthenticationService"
>                p:proxyHandler-ref="proxy20Handler"
>                p:argumentExtractor-ref="casArgumentExtractor" />
>
>        <bean id="samlValidateController" 
> class="org.jasig.cas.web.ServiceValidateController"
>                
> p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"
>                
> p:centralAuthenticationService-ref="centralAuthenticationService"
>                p:proxyHandler-ref="proxy20Handler"
>                p:argumentExtractor-ref="samlArgumentExtractor"
>                p:successView="casSamlServiceSuccessView"
>                p:failureView="casSamlServiceFailureView" />
>
>        <bean id="legacyValidateController" 
> class="org.jasig.cas.web.ServiceValidateController"
>                p:proxyHandler-ref="proxy10Handler"
>                p:successView="cas1ServiceSuccessView"
>                p:failureView="cas1ServiceFailureView"
>                
> p:validationSpecificationClass="org.jasig.cas.validation.Cas10ProtocolValidationSpecification"
>                
> p:centralAuthenticationService-ref="centralAuthenticationService"
>                p:argumentExtractor-ref="casArgumentExtractor" />
>
>        <bean id="proxyController" class="org.jasig.cas.web.ProxyController"
>                
> p:centralAuthenticationService-ref="centralAuthenticationService" />
>
>    <bean id="viewStatisticsController" 
> class="org.jasig.cas.web.StatisticsController"
>        p:casTicketSuffix="${host.name}">
>        <constructor-arg index="0" ref="ticketRegistry" />
>    </bean>
>
>        <bean id="logoutController" class="org.jasig.cas.web.LogoutController"
>                
> p:centralAuthenticationService-ref="centralAuthenticationService"
>                p:logoutView="casLogoutView"
>                p:warnCookieGenerator-ref="warnCookieGenerator"
>                
> p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
>  />
>
>        <bean id="initialFlowSetupAction" 
> class="org.jasig.cas.web.flow.InitialFlowSetupAction"
>                p:argumentExtractors-ref="argumentExtractors"
>                p:warnCookieGenerator-ref="warnCookieGenerator"
>                
> p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
>  />
>
>        <bean id="authenticationViaFormAction" 
> class="org.jasig.cas.web.flow.AuthenticationViaFormAction"
>                
> p:centralAuthenticationService-ref="centralAuthenticationService"
>                p:warnCookieGenerator-ref="warnCookieGenerator" />
>
>        <bean id="generateServiceTicketAction" 
> class="org.jasig.cas.web.flow.GenerateServiceTicketAction"
>                
> p:centralAuthenticationService-ref="centralAuthenticationService" />
>
>        <bean id="sendTicketGrantingTicketAction" 
> class="org.jasig.cas.web.flow.SendTicketGrantingTicketAction"
>                
> p:centralAuthenticationService-ref="centralAuthenticationService"
>                
> p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
>  />
>
>    <bean id="gatewayServicesManagementCheck" 
> class="org.jasig.cas.web.flow.GatewayServicesManagementCheck">
>        <constructor-arg index="0" ref="servicesManager" />
>    </bean>
>
>        <bean id="addRegisteredServiceSimpleFormController" 
> class="org.jasig.cas.services.web.RegisteredServiceSimpleFormController"
>                p:formView="addServiceView"
>                p:successView="addServiceView"
>                p:commandName="registeredService"
>                p:validator-ref="registeredServiceValidator"
>                p:sessionForm="true">
>                <constructor-arg index="0" ref="servicesManager" />
>                <constructor-arg index="1" ref="attributeRepository" />
>        </bean>
>
>        <bean id="editRegisteredServiceSimpleFormController" 
> class="org.jasig.cas.services.web.RegisteredServiceSimpleFormController"
>                p:formView="editServiceView"
>                p:successView="editServiceView"
>                p:commandName="registeredService"
>                p:validator-ref="registeredServiceValidator"
>                p:sessionForm="false">
>                <constructor-arg index="0" ref="servicesManager" />
>                <constructor-arg index="1" ref="attributeRepository" />
>        </bean>
>
>        <bean id="registeredServiceValidator" 
> class="org.jasig.cas.services.web.support.RegisteredServiceValidator"
>                p:servicesManager-ref="servicesManager" />
>
>        <bean id="manageRegisteredServicesMultiActionController" 
> class="org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController">
>                <constructor-arg index="0" ref="servicesManager" />
>        <constructor-arg index="1" 
> value="${cas.securityContext.serviceProperties.service}" />
>        </bean>
>
>    <bean id="messageInterpolator" 
> class="org.jasig.cas.util.SpringAwareMessageMessageInterpolator" />
>
>    <bean id="credentialsValidator" 
> class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean"
>            p:messageInterpolator-ref="messageInterpolator" />
>
>        <bean id="negociateSpnego" 
> class="org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction"
>  />
>
>        <bean id="spnego" 
> class="org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction">
>                <property name="centralAuthenticationService" 
> ref="centralAuthenticationService"/>
>        </bean>
>
> </beans>
>
>
> --
> You are currently subscribed to [email protected] as: 
> [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] SPNEGO and CAS Server on Windows Server 2008

Reply via email to