Can you debug and look if the attributes are coming to your application? -----Original Message----- From: Laura McCord [mailto:[email protected]] Sent: Thursday, September 26, 2013 12:16 AM To: [email protected] Subject: [cas-user] CAS Tomcat Container Authentication
Hi, I am trying to get CAS Tomcat Container Authentication (https://wiki.jasig.org/display/CASC/Tomcat+Container+Authentication) working for one of my test applications. I was able to get the example running with the Cas20CASAuthenticator/PropertiesCasRealm. However, this particular application needs a couple attributes passed and I'm trying to figure out how to use Saml11Authenticator with AssertionCasRealm. Currently, when I go to my application I get directed to my cas login and I'm able to successfully login. However, I am receiving the "HTTP Status 403 - Access to the requested resource has been denied" response. I'm thinking that I don't have the "roleAttributeName" and "role-name" values correct. I have been assuming that the "roleAttributeName" is where I would specify the ldap attribute that stores the user's role (staff, faculty, or student). The attribute we use to store a user's role on campus is "eduPersonPrimaryAffiliation". Then, I populated the "role-name" values to the groups I wanted to allow access. I have also allowed my application to release attributes in the cas service registry. I've also added the specified .jar files to my tomcat lib folder. Does anyone have any suggestions? Thanks, Laura Here's my context file: <Realm className="org.jasig.cas.client.tomcat.v6.AssertionCasRealm" roleAttributeName="eduPersonPrimaryAffiliation" /> <Valve className="org.jasig.cas.client.tomcat.v6.Saml11Authenticator" encoding="UTF-8" casServerLoginUrl="https://casserver.university.edu/cas/login"; casServerUrlPrefix="https://casserver.university.edu/cas/"; serverName="myclient.university.edu" /> <!-- Single sign-out support --> <Valve className="org.jasig.cas.client.tomcat.v6.SingleSignOutValve" artifactParameterName="SAMLart" /> Here's my web.xml file: <servlet> <servlet-name>TestServlet</servlet-name> <servlet-class>test.TestServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>TestServlet</servlet-name> <url-pattern>/test</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Wildcard means whole app requires authentication</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>staff</role-name> <role-name>faculty</role-name> <role-name>student</role-name> </auth-constraint> <user-data-constraint> <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE --> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>staff</role-name> <role-name>faculty</role-name> <role-name>student</role-name> </security-role> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
