Hi, I tried to setup multiple Tomcats using the same database for authetication and roles for security via JDBCRealm with a sso through cas. I was able to get this working using CASServer 3.4.10 and soulwing-casclient-0.6.0. that works very well. Then I read the following comment: "The Soulwing CAS client is officially deprecated. I will continue to provide minimal support for it for existing users. Those interested in CAS integration for Confluence, Jira, and Tomcat are strongly encouraged to use the official Jasig CAS client. The official client supports all of the functionality provided by the Soulwing CAS client, and many new features -- support for SAML, single sign-out"
So I decided it's better to use this and downloaded cas-client 3.2.1. I tried the same thing by following the description "Tomcat Container Authentication" from the jasig cas site. But I couldn't get it work... :-( When I call one of my web pages I am forwarded to cas-server login page. I can successfully login and the cas server creates a ticket...but then I always get HTTP Status 403 - Access to the requested resource has been denied I think that the Realm has a problem to get the roles but I don't know why...and what is wrong... I used this configuration Hilfe<?xml version="1.0" encoding="UTF-8"?> <Context privileged="true"> <!-- The following configuration uses the SAML 1.1 protocol and role data provided by the assertion to enable dynamic server-driven role data. The attribute used for role data is "memberOf". --> <Realm className="org.jasig.cas.client.tomcat.v6.AssertionCasRealm" roleAttributeName="memberOf" /> <Valve className="org.jasig.cas.client.tomcat.v6.Saml11Authenticator" encoding="UTF-8" casServerLoginUrl="https://server.example.com/cas/login"; casServerUrlPrefix="https://server.example.com/cas/"; serverName="client.example.com" /> <!-- Single sign-out support --> <Valve className="org.jasig.cas.client.tomcat.v6.SingleSignOutValve" artifactParameterName="SAMLart" /> </Context> Maybe it is only for LDAP and not for JDBC? But why then the comment on the soulwing cas side... I thought perhaps roleAttributeName="memberOf" has to be set to the column name for roles in the users_roles-table, but that also didn't work... Can anybody tell me what I have to do? Thanks a lot and have a nice day! Jutta -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
