Hi
I am trying to get 2 Way SSL configured using CAS. I have been at this for
over a week now. I have pulled the latest code and added print statements in
the source code and recompiled and deployed the code. However, I am not able
to see any of the print statements I have added in the X509 code or the
cas-server-core code.
I have made the proper configuration changes to the login-webflow.xml file
and the cas-servlet.xml. See below:
*cas-servlet- added this code:*
<bean id="x509Check"
p:centralAuthenticationService-ref="centralAuthenticationService"
class="org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction">
<property name="centralAuthenticationService"
ref="centralAuthenticationService"/>
</bean>
*login-webflow.xml modified and uncommented this code*
<action-state id="startAuthenticate">
<evaluate expression="x509Check" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="warn" to="warn" />
<transition on="error" to="generateLoginTicket" />
</action-state>
<decision-state id="gatewayRequestCheck">
<if test="requestParameters.gateway != '' and
requestParameters.gateway !=
null and flowScope.service != null" then="gatewayServicesManagementCheck"
else="generateLoginTicket" />
</decision-state>
<decision-state id="renewRequestCheck">
<if test="requestParameters.renew != '' and
requestParameters.renew !=
null" then="startAuthenticate" else="generateServiceTicket" />
</decision-state>
*Added authenticatonHandler:*
<bean
class="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler">
<property name="trustedIssuerDnPattern"
value="OU=PKI, OU=DoD,
O=U.S. Government, C=US.+" />
<property name="subjectDnPattern"
value=".+OU=PKI, OU=DoD, O=U.S.
Government, C=US.+" />
</bean>
*Added credentialsToPrincipalResolvers:*
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"
> <property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToDistinguishedNamePrincipalResolver"/>
</property>
<property name="filter" value="distinguishedName=%u"
/>
<property name="principalAttributeName"
value="sAMAccountName" />
<property name="searchBase"
value="${cas.ldap.authenticationHandler.searchBase}" />
<property name="contextSource" ref="contextSource"
/>
</bean>
I have also created a test jsp to pull the x509 cert. info and I am able to
get the DN of the cert as well as other attributes within the cert.
Can someone tell me how CAS is getting the cert info from tomcat? I am
trying to figure out why I am not getting into the X509 code to get the
information from the client cert being passed in and why I am not able to
see any of the print statements.
I have also set the log4j log levels to DEBUG and do not see a thing in the
cas.log file pertaining to x509 issues or errors.
Thanks for your help.
--
View this message in context:
http://jasig.275507.n4.nabble.com/CAS-2-Way-SSL-Understanding-Issue-tp4657290.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
