Re: [cas-user] AD on different virtual machine than CAS

Mon, 21 Mar 2011 09:50:45 -0700 

You mentioned you're not using SSL, but the following bean declares an
LDAP-over-SSL URL:

> <bean id="contextSource" 
> class="org.springframework.ldap.core.support.LdapContextSource">
>  <property name="urls">
>  <list>
>   <value>ldaps://yourdc.yourdomain.edu/</value>
>  </list>
>  </property>
>  <property name="userDn" 
> value="{cn=bind_user_goes_here,cn=Users,dc=yourdomain,dc=edu}"/>
>  <property name="password" value="{bind_user_password_goes_here}"/>
>  <property name="baseEnvironmentProperties">
>  <map>
>   <entry>
>     <key>
>      <value>java.naming.security.authentication</value>
>     </key>
>     <value>simple</value>
>   </entry>
>  </map>
>  </property>
> </bean>

If your AD host uses a self-signed or otherwise untrusted certificate,
you'll need to address truststore issues as described in
https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide.

> Removed the blow code:
> -------------------------------------------------------------------------------------------
> <bean 
> class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"
>  />
> -------------------------------------------------------------------------------------------
> Added in its place the code:
> -------------------------------------------------------------------------------------------
> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">

In almost all cases on AD, you can use
FastBindLdapAuthenticationHandler as I mentioned previously without
the admin credentials.

> 6) I restarted tomcat and navigated to the 
> http://localhost:8080/cas-server-webapp-3.4.6/login location
>
> The link response is now:
>
> HTTP Status 404 -

You're getting a 404 because the CAS WAR deployable failed to deploy
cleanly.  Review the Tomcat logs in $TOMCAT_HOME/logs and post
relevant output.  I imagine you've got classpath problems due to
missing dependencies since you manually copied jar files to
WEB-INF/lib.  We strongly encourage you to avoid that and instead use
Maven WAR Overlay for anything non-trivial,
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method.

M

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to