On 2012/02/22 2:10 PM, "Marvin Addison" <[email protected]> wrote:
>> Are there any big things I should be looking at in my configuration that >> may have changed between 3.4.8 and 3.4.9+? > >Nothing big, but there were some minor changes that might be relevant. > >> I can include my deployerConfigContext.xml if needed. > >Please post that and any relevant log entries from the CAS application >log file. > >M One of the frustrating things is that, even with everything in log4j.xml turned to DEBUG, I don't get anything saying that the LDAP authentication is even being attempted. I just get sent back to the login screen with a "fresh" form, and no errors or anything in the log. Here's the deployerConfigContext.xml file. I've just sanitized the usernames/passwords and baseDN properties. :) Apologies for the formatting -- Outlook apparently doesn't want to respect the indentations... <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:sec="http://www.springframework.org/schema/security"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd";> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <!-- <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredenti alsToPrincipalResolver" /> +--> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredenti alsToPrincipalResolver" /> <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttribu tePrincipalResolver"> <!-- The Principal resolver form the credentials --> <property name="credentialsToPrincipalResolver"> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCreden tialsToPrincipalResolver" /> </property> <!-- The query made to find the Principal ID. "%u" will be replaced by the resolved Principal --> <property name="filter" value="(samAccountName=%u)" /> <!-- The attribute used to define the new Principal ID --> <property name="principalAttributeName" value="samAccountName" /> <property name="searchBase" value="dc=thing,dc=thingy" /> <property name="contextSource" ref="adLdapContextSource" /> <property name="attributeRepository"> <ref bean="attributeRepository" /> </property> </bean> </list> </property> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredent ialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsername PasswordAuthenticationHandler" /> +--> <!--+ | This is the LDAP authentication handler, pointed at our adLdapContextSource. +--> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="contextSource" ref="adLdapContextSource" /> <property name="filter" value="(&(samAccountName=%u)(objectClass=Person))" /> <property name="searchBase" value="dc=thing,dc=thingy" /> <property name="ignorePartialResultException" value="yes" /> <property name="timeout" value="5" /> </bean> </list> </property> <property name="authenticationMetaDataPopulators"> <list> <bean class="edu.wwu.ts.cas.metadata.WWUMetaDataPopulator" /> </list> </property> </bean> <!--+ | This defines the AD contextSource for the BindLdapAuthenticationHandler defined above. +--> <bean id="adLdapContextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="pooled" value="true"/> <property name="urls"> <list> <value>ldaps://server.place.edu/</value> </list> </property> <property name="userDn" value="cn=someusername,dc=thing,dc=thingy"/> <property name="password" value="password"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> <entry> <key> <value>java.naming.security.protocol</value> </key> <value>ssl</value> </entry> </map> </property> </bean> <!-- This bean defines the security roles for the Services Management application. Simple deployments can use the in-memory version. More robust deployments will want to use another option, such as the Jdbc version. The name of this should remain "userDetailsService" in order for Spring Security to find it. --> <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />--> <sec:user-service id="userDetailsService"> <sec:user name="myusername" password="mypassword" authorities="ROLE_ADMIN" /> </sec:user-service> <!--+ | Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation | may go against a database or LDAP server. The id should remain "attributeRepository" though. <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean> +--> <!-- WWU add a couple of LDAP attributes to the principal. --> <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="contextSource" ref="adLdapContextSource" /> <property name="baseDN" value="dc=thing,dc=thingy" /> <property name="requireAllQueryAttributes" value="false" /> <!-- Attribute mapping beetween principal (key) and LDAP (value) names used to perform the LDAP search. By default, multiple search criteria are ANDed together. Set the queryType property to change to OR. --> <property name="queryAttributeMapping"> <map> <entry key="username" value="samAccountName" /> </map> </property> <property name="resultAttributeMapping"> <map> <!-- Mapping beetween LDAP entry attributes (key) and Principal's (value) --> <entry value="FullName" key="displayName" /> <entry value="WID" key="extensionAttribute2" /> </map> </property> </bean> <!-- Sample, in-memory data store for the ServiceRegistry. A real implementation would probably want to replace this with the JPA-backed ServiceRegistry DAO The name of this bean should remain "serviceRegistryDao". --> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="0" /> <property name="name" value="HTTP" /> <property name="description" value="Only Allows HTTP Urls" /> <property name="serviceId" value="http://**"; /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="HTTPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="https://**"; /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="2" /> <property name="name" value="foo testing" /> <property name="description" value="Allows foo testing" /> <property name="serviceId" value="foo" /> </bean> </list> </property> </bean> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> </beans> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
