Hi team,
i use a CAS server(3.4.12) with 2 differents Active Directory domains.
it's working perfectly.
now i need to retrieve some attributes from the two domains.
i can do that from one, but i don't know how configure the CAS server with the
two domains.
i try to configure two "attributeRepository" beans, each one with a different
"contextSource".
but the CAS server refuse that.
is the CAS server able to do that? Or do I have to modify the server?
i've got no idea left so i need some help
i join the DeployerConfigContext.xml setup
thank you
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xmlns:sec="http://www.springframework.org/schema/security";
xmlns:util="http://www.springframework.org/schema/util";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd";>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >
<property name="attributeRepository">
<ref bean="attributeRepository" />
</property>
</bean>
<bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="UserPrincipalName=%u"
p:searchBase="dc=galaxy,dc=cosmos,dc=local"
p:contextSource-ref="contextSource_galaxy"
p:ignorePartialResultException="true" />
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="UserPrincipalName=%u"
p:searchBase="dc=cosmos,dc=local"
p:contextSource-ref="contextSource_cosmos"
p:ignorePartialResultException="true" />
</list>
</property>
</bean>
<sec:user-service id="userDetailsService">
<sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />
</sec:user-service>
<util:set id="myPersonIdSet">
<value>sAMAccountName</value>
<value>login</value>
</util:set>
<bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="contextSource" ref="contextSource_galaxy" />
<property name="baseDN" value="OU=Ecoles,DC=galaxy,DC=cosmos,DC=local" />
<property name="requireAllQueryAttributes" value="true" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="userPrincipalName" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry value="cn" key="cn" />
<entry key="sAMAccountName" value-ref="myPersonIdSet" />
<entry value="employeeID" key="employeeID" />
</map>
</property>
</bean>
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="1" />
<property name="name" value="HP" />
<property name="description" value="Allows HP" />
<property name="serviceId" value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*cosmos\.local/hp.*" />
<property name="allowedToProxy" value="true"/>
<property name="enabled" value="true"/>
<property name="ssoEnabled" value="true"/>
<property name="anonymousAccess" value="false"/>
<property name="allowedAttributes">
<list>
<value>cn</value>
<value>employeeID</value>
<value>sAMAccountName</value>
</list>
</property>
</bean>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="2" />
<property name="name" value="moodle" />
<property name="description" value="Allows moodle" />
<property name="serviceId" value="^(https?|imaps?)://.*moodle.*" />
<property name="allowedToProxy" value="true"/>
<property name="enabled" value="true"/>
<property name="ssoEnabled" value="true"/>
<property name="anonymousAccess" value="false"/>
<property name="allowedAttributes">
<list>
<value>login</value>
</list>
</property>
</bean>
</list>
</property>
</bean>
<bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
<bean id="contextSource_galaxy" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="url" value="ldap://********:389"; />
<property name="userDn" value="cosmos\service_cas"/>
<property name="password" value="********"/>
<property name="baseEnvironmentProperties">
<map>
<entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property>
</bean>
<bean id="contextSource_cosmos" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="url" value="ldap://********:389"; />
<property name="userDn" value="cosmos\service_cas"/>
<property name="password" value="********"/>
<property name="baseEnvironmentProperties">
<map>
<entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property>
</bean>
</beans>
