Hi Guys I have configured CAS 4 / Spring Security / Active Directory and able to authenticate successfully.
But I have difficulty in understanding the configurations to retrieve roles
and later use that for authorisation.
I have the roles available after the authentication in CAS but I want to
pass this to the service (web app) so that it can be used to check the
authorisation (for eg. hasRole('ROLE_EDITOR') )
I have attached the server logs, and config files.
I think I am making some configuration mistake in the below beans
- bean 'casAuthenticationProvider' and the property
'authenticationUserDetailsService'
- bean 'ldapAuthenticationHandler' -- 'principalAttributeMap' property
- bean 'attributeRepository'
Please help.
Thanks
Jay
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user2014-09-25 16:59:45,516 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal
attribute: [displayName[James TAYLOR]]>
2014-09-25 16:59:45,516 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal
attribute: [memberOf[CN=USERTOKEN,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL,
CN=ROLE_APP_NOTIFICA
TION,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL,
CN=ROLE_CIR_AUTHORISER,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL,
CN=ROLE_APP_SANCTIONS_DB,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL,
CN=ROLE_APP_COLLEGES,OU=GRO
UPS,OU=EGATE,DC=EGATE-T,DC=LOCAL,
CN=ROLE_APP_CIR,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL,
CN=ROLE_CIR_EDITOR,OU=GROUPS,OU=EGATE,DC=EGATE-T,DC=LOCAL]]>
2014-09-25 16:59:45,519 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler successfully authenticated taylorj+password>
2014-09-25 16:59:45,519 DEBUG
[org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] -
<Attempting to resolve a principal...>
2014-09-25 16:59:45,521 DEBUG
[org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] -
<Creating SimplePrincipal for [taylorj]>
2014-09-25 16:59:45,522 DEBUG [org.jasig.cas.persondir.LdapPersonAttributeDao]
- <Created seed map='{username=[taylorj]}' for uid='taylorj'>
2014-09-25 16:59:45,522 DEBUG [org.jasig.cas.persondir.LdapPersonAttributeDao]
- <Adding attribute 'uid' with value '[taylorj]' to query builder 'null'>
2014-09-25 16:59:45,522 DEBUG [org.jasig.cas.persondir.LdapPersonAttributeDao]
- <Constructed LDAP search query [sAMAccountName=taylorj]>
2014-09-25 16:59:45,524 DEBUG [org.jasig.cas.persondir.LdapPersonAttributeDao]
- <Generated query builder
'[org.ldaptive.SearchFilter@-1419023406::filter=sAMAccountName={0},
parameters={0=taylorj}]' f
rom query Map {username=[taylorj]}.>
2014-09-25 16:59:45,527 DEBUG [org.ldaptive.SearchOperation] - <execute
request=[org.ldaptive.SearchRequest@1241774557::baseDn=dc=egate-t,dc=local,
searchFilter=[org.ldaptive.SearchFilter@-1419023406:
:filter=sAMAccountName={0}, parameters={0=taylorj}], returnAttributes=[],
searchScope=null, timeLimit=0, sizeLimit=10, derefAliases=null,
typesOnly=false, binaryAttributes=null, sortBehavior=UNORDERED
, searchEntryHandlers=null, searchReferenceHandlers=null, controls=null,
followReferrals=false, intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnect
ion@511019109::config=[org.ldaptive.ConnectionConfig@1652971138::ldapUrl=ldap://eb2ts-app14,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1637458774::credentialConfig
=[org.ldaptive.ssl.X509CredentialConfig@-421683437::trustCertificates=classpath:root_CA_base64.cer,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=nul
l, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false,
useStartTLS=false, connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@3
99139047::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptiv
e.provider.jndi.JndiProviderConfig@1738533348::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls
=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@33b4ac
e2]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@1ac243f3]>
2014-09-25 16:59:45,540 DEBUG [org.ldaptive.SearchOperation] - <execute
response=[org.ldaptive.Response@370759675::result=[[]], resultCode=SUCCESS,
message=null, matchedDn=null, responseControls=null,
referralURLs=[ldap://ForestDnsZones.EGATE-T.LOCAL/DC=ForestDnsZones,DC=EGATE-T,DC=LOCAL??base],
messageId=-1] for
request=[org.ldaptive.SearchRequest@1241774557::baseDn=dc=egate-t,dc=local,
searchFil
ter=[org.ldaptive.SearchFilter@-1419023406::filter=sAMAccountName={0},
parameters={0=taylorj}], returnAttributes=[], searchScope=null, timeLimit=0,
sizeLimit=10, derefAliases=null, typesOnly=false, bi
naryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with connection=[org.ldapt
ive.DefaultConnectionFactory$DefaultConnection@511019109::config=[org.ldaptive.ConnectionConfig@1652971138::ldapUrl=ldap://eb2ts-app14,
connectTimeout=3000, responseTimeout=-1, sslConfig=[org.ldaptive
.ssl.SslConfig@1637458774::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-421683437::trustCertificates=classpath:root_CA_base64.cer,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=null], providerConnectionFactory=[org.lda
ptive.provider.jndi.JndiConnectionFactory@399139047::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.l
dap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1738533348::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, enviro
nment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=or
g.ldaptive.provider.ControlProcessor@33b4ace2]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@1ac243f3]>
2014-09-25 16:59:45,546 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver@bf07ee0
resolved taylorj from t
aylorj+password>
2014-09-25 16:59:45,548 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<Authenticated taylorj with credentials [taylorj+password].>
2014-09-25 16:59:45,549 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Attribute
map for taylorj: {}>
2014-09-25 16:59:45,549 INFO [org.perf4j.TimingLogger] - <start[1411660785397]
time[151] tag[AUTHENTICATE]>
2014-09-25 16:59:45,556 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
deployerConfigContext.xml
Description: XML document
spring-security.xml
Description: XML document
