Thanks Marvin,,
Iam just breifing my current problem and updated this as a new message can you
please help me.
We have a CAS server in which LDAP users can login applications as SSO with
CAS. Now we need to pass ldap attributes and roles through CAS. (Main purpose
is when login through CAS for drupal sites we need to map ldap groups as drupal
roles.)
We followed two urls: http://bowerstudios.com/node/645 and
http://isolasoftware.it/2011/07/21/cas-active-directory-ldap-attributes/
>From first link we have done almost everything except the serviceRegistryDao.
>In this CAS is working fine but CAS SAML is not working. Please see the method
>we followe dnad results we obatined while CAS SAML.
Accessing https://192.168.1.110:8443/cas/login?service=http://localhost/foo got
http://localhost/foo?ticket=ST-2-4genuO4xK3WXQ1vPPd2l-cas and whenwe access
this url :
https://192.168.1.110:8443/cas/samlValidate?TARGET=http://localhost/foo&ticket=ST-2-4genuO4xK3WXQ1vPPd2l-cas
the output is as follows:
-------------------------------------------------------------------------
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";>
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
IssueInstant="2012-01-10T11:18:23.724Z" MajorVersion="1"
MinorVersion="1"Recipient="http://localhost/foo";
ResponseID="_8831a64c0acb079503f8ee5de5423d10">
<Status>
<StatusCode Value="samlp:Responder"/>
<StatusMessage>
'service' and 'ticket' parameters are both required
</StatusMessage>
</Status>
</Response>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
------------------------------------------
Also we are able to access https://192.168.1.110:8443/cas/services but while we
supplies the credentials we are getting this error:
------------------------------------------------------
Access Denied
You've entered the wrong password for the user too many times. You've been
throttled
----------------------------------------
Please see the attached deployerConfigContext.xml .
Can anyone please help me on this. Please let us know suppose if we can solve
this ldap attributes and roles can be passed through CAS?
Please help me on this.
Thanks in advance.
Geo
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:tx="http://www.springframework.org/schema/tx";
xmlns:p="http://www.springframework.org/schema/p";
xmlns:sec="http://www.springframework.org/schema/security";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd";>
<!--
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="urls">
<list>
<value>ldap://192.168.1.115:10389/</value>
</list>
</property>
<property name="userDn" value="uid=admin,ou=system"/>
<property name="password" value="secret"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
-->
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<!-- The Principal resolver form the credentials -->
<property name="credentialsToPrincipalResolver">
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
</property>
<!-- The query made to find the Principal ID. "%u" will be replaced by the resolved Principal -->
<property name="filter" value="(uid=%u)" />
<!-- The attribute used to define the new Principal ID -->
<property name="principalAttributeName" value="uid" />
<property name="searchBase" value="dc=apacheds,dc=local" />
<property name="contextSource" ref="contextSource" />
<property name="attributeRepository">
<ref bean="attributeRepository" />
</property>
</bean>
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u" />
<property name="searchBase" value="dc=apacheds,dc=local" />
<property name="contextSource" ref="contextSource" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="urls">
<list>
<value>ldap://192.168.1.115:10389/</value>
</list>
</property>
<property name="userDn" value="uid=admin,ou=system"/>
<property name="password" value="secret"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
<bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeAndRoleDao">
<property name="contextSource" ref="contextSource" />
<property name="baseDN" value="dc=apacheds,dc=local" />
<property name="requireAllQueryAttributes" value="true" />
<!-- Attribute mapping between principal (key) and LDAP (value) names used to perform the LDAP search.
By default, multiple search criteria are ANDed together. Set the queryType property to change to OR. -->
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uid" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<!-- Mapping beetween LDAP entry attributes (key) and Principal's (value) -->
<entry key="mail" value="mail" />
<!--try key="authorities" value="authorities" /> -->
</map>
</property>
<property name="ldapAuthoritiesPopulator" ref="ldapAuthoritiesPopulator" />
</bean>
<bean id="ldapAuthoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource"/>
<constructor-arg value="dc=apacheds,dc=local"/>
<property name="groupRoleAttribute" value="cn"/>
<property name="groupSearchFilter" value="(uniqueMember={0})" />
</bean>
<!--
<sec:user-service id="userDetailsService">
<sec:user name="admin" password="secret" authorities="ROLE_ADMIN" />
</sec:user-service>
-->
<bean id="userDetailsService"
class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService" >
<constructor-arg >
<list>
<value>authorities</value>
</list>
</constructor-arg>
</bean>
<!-- <bean id="attributeRepository"
class="org.jasig.services.persondir.support.StubPersonAttributeDao">
<property name="backingMap">
<map>
<entry key="uid" value="uid" />
<entry key="roles" value="roles" />
<entry key="mail" value="mail" />
</map>
</property>
</bean> -->
<bean
id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0" />
<property name="name" value="HTTP" />
<property name="description" value="Only Allows HTTP Urls" />
<property name="serviceId" value="http://**"; />
<property name="allowedAttributes">
<list>
<value>cn</value>
<value>name</value>
<value>givenName</value>
<value>displayName</value>
<value>userPrincipalName</value>
<value>sAMAAccountName</value>
<value>telephone</value>
<value>mail</value>
<value>memberOf</value>
</list>
</property>
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="1" />
<property name="name" value="HTTPS" />
<property name="description" value="Only Allows HTTPS Urls" />
<property name="serviceId" value="https://**"; />
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="2" />
<property name="name" value="IMAPS" />
<property name="description" value="Only Allows HTTPS Urls" />
<property name="serviceId" value="imaps://**" />
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="3" />
<property name="name" value="IMAP" />
<property name="description" value="Only Allows IMAP Urls" />
<property name="serviceId" value="imap://**" />
</bean>
</list>
</property>
</bean>
<bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
</beans>
