How can we configure CAS login module for authentication and LDAP JAAS module
for role/authorization data. My environment is Jboss6.10, cas-server-3.4.12 and
cas-client-3.2.1. I got authentication part from CAS working correctly. I have
trouble in getting roles to JBoss using LDAP module. How can I configure CAS
login module for authentication and LDAP for roles/authorization?.
<application-policy name="testRealm">
<authentication>
<login-module code="org.jasig.cas.client.jaas.CasLoginModule"
flag="required">
<module-option name="ticketValidatorClass">
org.jasig.cas.client.validation.Cas20ServiceTicketValidator
</module-option>
<module-option name="casServerUrlPrefix">
https://democert:8443/cas
</module-option>
<module-option name="tolerance">20000</module-option>
<module-option name="service">https://democert:8443/application
</module-option>
<module-option name="defaultRoles">admin,superuser
</module-option>
<module-option name="roleAttributeNames">memberOf,
superuser</module-option>
<module-option name="PrincipalGroupName">
CallerPrincipal
</module-option>
<module-option name="roleGroupName">Roles</module-option>
<module-option name="cacheAssertions">true</module-option>
<module-option name="cacheTimeout">480</module-option>
</login-module>
<login-module
code="org.jboss.security.auth.spi.RoleMappingLoginModule"
flag="optional">
<module-option
name="rolesProperties">roleMappings.properties
</module- option>
<module-option name="replaceRole">false</module-option>
</login-module>
</authentication>
</application-policy>
and I have modified my deployerConfigContext.xml
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
</list>
</property>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
