I try to apply the old configuration to the new but having some trouble
(the ldap part is operational, but not the auth via CAS-client). The cas
server is unchanged.
Just to confirm, the CAS server should not change when porting a CAS
client application from one container to another.
<application-policy name="OpenKM">
<authentication>
<login-module code="org.jasig.cas.client.jaas.CasLoginModule"
flag="required">
<module-option
name="ticketValidatorClass">org.jasig.cas.client.validation.Saml11TicketValidator</module-option>
<module-option
name="casServerUrlPrefix">https://URL:8443/cas/</module-option>
<module-option name="service">https://URL:8443/OpenKM/</module-option>
<module-option name="defaultRoles">UserRole</module-option>
<module-option
name="roleAttributeNames">roleAttributeNames</module-option>
<module-option name="principalGroupName">CallerPrincipal</module-option>
<module-option name="roleGroupName">Roles</module-option>
<module-option name="cacheAssertions">true</module-option>
<module-option name="tolerance">20000</module-option>
<module-option name="cacheTimeout">480</module-option>
</login-module>
</authentication>
</application-policy>
Are you actually using the role-based authorization? You've set
roleAttributeNames but the value doesn't look right to me. That should
be an LDAP attribute name or database field containing role data; e.g.
"memberOf", "eduPersonAffiliation".
I've tried lot of things but without success,
It's unclear whether you're getting deployment errors or the application
doesn't work the same way on Tomcat. I can imagine that if you want to
translate the JAAS role-based authorization to Spring Security, that
will be the most difficult task in porting. If you're running into
errors, please post those; it will help draw attention to particular
problems.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
