If "org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" bean is not commented out, authentication fails. The issue seems to be caused by the callback authentication of the SSL certificate. We see the following error on the LDAP side:
##### 2011-04-13 12:38:37,481 DEBUG [org.springframework.web.servlet.DispatcherServlet] - Could not complete request org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - NDS error: no such entry (-601)]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - NDS error: no such entry (-601)]; remaining name '"cn=https://our-server-FQDN:443/proxy/receptor, ou=People, dc=test, dc=com"' ##### Complete deployerConfigConetext below (CAS version 3.3.1). Thanks in advance. ##### <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:tx="http://www.springframework.org/schema/tx"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd";> <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="pooled" value="true"/> <property name="urls"> <list> <value>ldap://ldap-1.test.com/</value> </list> </property> <property name="userDn" value="cn=cas-ldap,o=System"/> <property name="password" value="our-password-here"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> <entry> <key> <value>com.sun.jndi.ldap.connect.timeout</value> </key> <value>2000</value> </entry> <entry> <key> <value>com.sun.jndi.ldap.read.timeout</value> </key> <value>2000</value> </entry> </map> </property> </bean> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="authenticationMetaDataPopulators"> <list> <bean class="com.sghe.cas.extension.UDCIDAuthenticationMetaDataPopulator"> <property name="template" ref="LdapTemplate"></property> <property name="netIdAttr" value="cn" /> <property name="baseDN" value="ou=People,dc=test,dc=com"></property> <property name="casTokenAttributes"> <map> <entry> <key><value>udcid</value></key> <value>UDC_IDENTIFIER</value> </entry> </map> </property> </bean> </list> </property> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <!-- BEAN below commented out as a workaround --> <!-- <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> --> </list> </property> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="filter" value="uid=%u" /> <property name="searchBase" value="ou=People,dc=test,dc=com" /> <property name="contextSource" ref="contextSource" /> </bean> </list> </property> </bean> <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> cas-test-1=noused,ROLE_ADMIN </value> </property> </bean> <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> <entry key="UDC_IDENTIFIER" value="UDC_IDENTIFIER" /> <entry key="Formatted Name" value="Formatted Name" /> </map> </property> </bean> <bean id="serviceRegistryDao" class="org.jasig.cas.services.JpaServiceRegistryDaoImpl" p:entityManagerFactory-ref="entityManagerFactory" /> <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> <property name="dataSource" ref="dataSource"/> <property name="jpaVendorAdapter"> <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> <property name="generateDdl" value="true"/> <property name="showSql" value="true" /> </bean> </property> <property name="jpaProperties"> <props> <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop> <prop key="hibernate.hbm2ddl.auto">update</prop> </props> </property> </bean> <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"> <property name="entityManagerFactory" ref="entityManagerFactory"/> </bean> <tx:annotation-driven transaction-manager="transactionManager"/> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" p:driverClassName="com.mysql.jdbc.Driver" p:url="jdbc:mysql://localhost:3306/cas?autoReconnect=true" p:password="our-password-here" p:username="username-here" /> <bean id="LdapTemplate" class="org.springframework.ldap.core.LdapTemplate"> <property name="contextSource" ref="contextSource"></property> </bean> <bean id="udcattributeRepository" class="com.sghe.cas.extension.UDCPersonAttributeDao"> <property name="daoUtil" ref="UDCPersonAttributeDaoUtil"></property> </bean> <bean id="UDCPersonAttributeDaoUtil" class="com.sghe.cas.extension.UDCPersonAttributeDaoUtil"> <property name="template" ref="LdapTemplate"></property> <property name="netIdAttr" value="cn" /> <property name="baseDN" value="ou=People,dc=test,dc=com" /> <property name="samlToLdapAttributeNameMap"> <map> <entry key="UDC_IDENTIFIER" value="udcid" /> <entry key="Formatted Name" value="fullName" /> </map> </property> </bean> </beans> #### -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
