Hi,
This was resolved.
As it turns out the there was no URL formed to extract the parameters, as
the spring configuration in the applicationContext.xml for opEnpointUrl was
missing.
<bean id="serverManager" class="org.openid4java.server.ServerManager"
p:oPEndpointUrl="${cas.securityContext.casProcessingFilterEntryPoint.loginUrl}"
p:enforceRpId="false" />
On Wednesday, 26 November 2014 18:22:31 UTC+1, j shaik wrote:
>
> Hi
>
> I have jenkins configured with openID plugin for authentication. I use CAS
> configured with LDAP server to match the userIDs and also with openid. I am
> receiving an error after successful authentication when CAS is redirected
> back to the jenkins page after authentication.
>
> I have attached the complete stack trace login-webflow.xml and
> deployerConfigContext.xml for your reference. I hav higlighted the code
> where we set the openid.mode however I dont think this is the correct place
> to do it. If someone can please help me to find the right way to configure
> the openid.mode, I would really appreciate it.
>
> Regards
>
> J Shai
>
>
> javax.servlet.ServletException: org.openid4java.message.MessageException:
> 0x100: Required parameter missing: openid.mode
>> at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:796)
>> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
>> at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:211)
>> at
>> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
>> at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
>> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
>> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
>> at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>> at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
>> at
>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
>> at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
>> at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
>> at
>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
>> at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
>> at
>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
>> at
>> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
>> at
>> hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
>> at
>> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
>> at
>> jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
>> at
>> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
>> at
>> org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
>> at
>> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
>> at
>> org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
>> at
>> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
>> at
>> org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
>> at
>> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
>> at
>> jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
>> at
>> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
>> at
>> org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
>> at
>> hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
>> at
>> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
>> at
>> hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
>> at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
>> at
>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
>> at
>> org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
>> at
>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
>> at
>> hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
>> at
>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
>> at
>> org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
>> at
>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
>> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
>> at
>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
>> at
>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
>> at
>> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
>> at
>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
>> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
>> at
>> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
>> at
>> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
>> at
>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
>> at
>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
>> at org.eclipse.jetty.server.Server.handle(Server.java:370)
>> at
>> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
>> at
>> org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
>> at
>> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
>> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
>> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
>> at
>> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
>> at
>> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
>> at
>> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
>> at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>> at java.lang.Thread.run(Thread.java:745)
>> Caused by: org.openid4java.message.MessageException: 0x100: Required
>> parameter missing: openid.mode
>> at org.openid4java.message.Message.validate(Message.java:187)
>> at org.openid4java.message.AuthSuccess.validate(AuthSuccess.java:405)
>> at
>> org.openid4java.message.AuthSuccess.createAuthSuccess(AuthSuccess.java:118)
>> at org.openid4java.consumer.ConsumerManager.verify(ConsumerManager.java:1142)
>> at hudson.plugins.openid.OpenIdSession.doFinishLogin(OpenIdSession.java:111)
>> at
>> hudson.plugins.openid.OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:210)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
>> at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
>> at
>> org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
>> at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
>> at
>> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
>> at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
>> ... 63 more
>>
>>
>
> Attaching my login-webflow.xml here for reference
>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!-- Licensed to Jasig under one or more contributor license agreements. See
>> the NOTICE file distributed with this work for
>> additional information regarding copyright ownership. Jasig licenses this
>> file to you under the Apache License, Version 2.0
>> (the "License"); you may not use this file except in compliance with the
>> License. You may obtain a copy of the License at
>> the following location: http://www.apache.org/licenses/LICENSE-2.0 Unless
>> required by applicable law or agreed to in writing,
>> software distributed under the License is distributed on an "AS IS"
>> BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
>> either express or implied. See the License for the specific language
>> governing permissions and limitations under the License. -->
>> <flow xmlns="http://www.springframework.org/schema/webflow";
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xsi:schemaLocation="http://www.springframework.org/schema/webflow
>>
>> http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd";>
>> <var name="credential"
>> class="org.jasig.cas.authentication.UsernamePasswordCredential" />
>> <on-start>
>> <evaluate expression="initialFlowSetupAction" />
>> </on-start>
>> <!-- If the request contains a parameter called openid.mode and is not an
>> association request, switch to openId. Otherwise,
>> continue normal webflow. -->
>> <decision-state id="selectFirstAction">
>> <if
>> test="externalContext.requestParameterMap['openid.mode'] neq ''
>> &&
>> externalContext.requestParameterMap['openid.mode'] neq null
>> &&
>> externalContext.requestParameterMap['openid.mode'] neq 'associate'"
>> then="openIdSingleSignOnAction"
>> else="ticketGrantingTicketExistsCheck" />
>> </decision-state>
>> <decision-state id="ticketGrantingTicketExistsCheck">
>> <if test="flowScope.ticketGrantingTicketId != null"
>> then="hasServiceCheck" else="gatewayRequestCheck" />
>> </decision-state>
>> <!-- The OpenID authentication action. If authentication is successful,
>> send the ticket granting ticker. Otherwise, redirect
>> to the login form. -->
>> <action-state id="openIdSingleSignOnAction">
>> <evaluate expression="openIdSingleSignOnAction" />
>> <transition on="success" to="sendTicketGrantingTicket" />
>> <transition on="error" to="viewLoginForm" />
>> <transition on="warn" to="warn" />
>> </action-state>
>> <action-state id="ticketGrantingTicketCheck">
>> <evaluate
>> expression="ticketGrantingTicketCheckAction.checkValidity(flowRequestContext)"
>> />
>> <transition on="notExists" to="gatewayRequestCheck" />
>> <transition on="invalid" to="terminateSession" />
>> <transition on="valid" to="hasServiceCheck" />
>> </action-state>
>> <action-state id="terminateSession">
>> <evaluate
>> expression="terminateSessionAction.terminate(flowRequestContext)" />
>> <transition to="generateLoginTicket" />
>> </action-state>
>> <decision-state id="gatewayRequestCheck">
>> <if test="requestParameters.gateway != '' and
>> requestParameters.gateway != null and flowScope.service != null"
>> then="gatewayServicesManagementCheck"
>> else="serviceAuthorizationCheck" />
>> </decision-state>
>> <decision-state id="hasServiceCheck">
>> <if test="flowScope.service != null" then="renewRequestCheck"
>> else="viewGenericLoginSuccess" />
>> </decision-state>
>> <decision-state id="renewRequestCheck">
>> <if test="requestParameters.renew != '' and requestParameters.renew !=
>> null" then="serviceAuthorizationCheck"
>> else="generateServiceTicket" />
>> </decision-state>
>> <!-- Do a service authorization check early without the need to login
>> first -->
>> <action-state id="serviceAuthorizationCheck">
>> <evaluate expression="serviceAuthorizationCheck" />
>> <transition to="generateLoginTicket" />
>> </action-state>
>> <!-- The "warn" action makes the determination of whether to redirect
>> directly to the requested service or display the
>> "confirmation" page to go back to the server. -->
>> <decision-state id="warn">
>> <if test="flowScope.warnCookieValue" then="showWarningView"
>> else="redirect" />
>> </decision-state>
>> <!-- <action-state id="startAuthenticate"> <action bean="x509Check" />
>> <transition on="success" to="sendTicketGrantingTicket"
>> /> <transition on="warn" to="warn" /> <transition on="error"
>> to="generateLoginTicket" /> </action-state> -->
>> <action-state id="generateLoginTicket">
>> <evaluate
>> expression="generateLoginTicketAction.generate(flowRequestContext)" />
>> <transition on="generated" to="viewLoginForm" />
>> </action-state>
>> <view-state id="viewLoginForm" view="casLoginView" model="credential">
>> <binder>
>> <binding property="username" />
>> <binding property="password" />
>> </binder>
>> <on-entry>
>> <set name="viewScope.commandName" value="'credential'" />
>> </on-entry>
>> <transition on="submit" bind="true" validate="true" to="realSubmit">
>> <evaluate
>> expression="authenticationViaFormAction.doBind(flowRequestContext,
>> flowScope.credential)" />
>> </transition>
>> </view-state>
>> <action-state id="realSubmit">
>> <evaluate
>> expression="authenticationViaFormAction.submit(flowRequestContext,
>> flowScope.credential, messageContext)" />
>> <transition on="warn" to="warn" />
>> <transition on="success" to="sendTicketGrantingTicket" />
>> <transition on="successWithWarnings" to="showMessages" />
>> <transition on="authenticationFailure"
>> to="handleAuthenticationFailure" />
>> <transition on="error" to="generateLoginTicket" />
>> </action-state>
>> <view-state id="showMessages" view="casLoginMessageView">
>> <on-entry>
>> <evaluate expression="sendTicketGrantingTicketAction" />
>> <set name="requestScope.messages"
>> value="messageContext.allMessages" />
>> </on-entry>
>> <transition on="proceed" to="serviceCheck" />
>> </view-state>
>> <action-state id="handleAuthenticationFailure">
>> <evaluate
>> expression="authenticationExceptionHandler.handle(currentEvent.attributes.error,
>> messageContext)" />
>> <transition on="AccountDisabledException" to="casAccountDisabledView"
>> />
>> <transition on="AccountLockedException" to="casAccountLockedView" />
>> <transition on="CredentialExpiredException" to="casExpiredPassView" />
>> <transition on="InvalidLoginLocationException"
>> to="casBadWorkstationView" />
>> <transition on="InvalidLoginTimeException" to="casBadHoursView" />
>> <transition on="FailedLoginException" to="generateLoginTicket" />
>> <transition on="AccountNotFoundException" to="generateLoginTicket" />
>> <transition on="UNKNOWN" to="generateLoginTicket" />
>> </action-state>
>> <action-state id="sendTicketGrantingTicket">
>> <evaluate expression="sendTicketGrantingTicketAction" />
>> <transition to="serviceCheck" />
>> </action-state>
>> <decision-state id="serviceCheck">
>> <if test="flowScope.service != null" then="generateServiceTicket"
>> else="viewGenericLoginSuccess" />
>> </decision-state>
>> <action-state id="generateServiceTicket">
>> <evaluate expression="generateServiceTicketAction" />
>> <transition on="success" to="warn" />
>> <transition on="authenticationFailure"
>> to="handleAuthenticationFailure" />
>> <transition on="error" to="generateLoginTicket" />
>> <transition on="gateway" to="gatewayServicesManagementCheck" />
>> </action-state>
>> <action-state id="gatewayServicesManagementCheck">
>> <evaluate expression="gatewayServicesManagementCheck" />
>> <transition on="success" to="redirect" />
>> </action-state>
>> <action-state id="redirect">
>> <evaluate
>> expression="flowScope.service.getResponse(requestScope.serviceTicketId)"
>> result-type="org.jasig.cas.authentication.principal.Response"
>> result="requestScope.response" />
>> <transition to="postRedirectDecision" />
>> </action-state>
>> <decision-state id="postRedirectDecision">
>> <if test="requestScope.response.responseType.name() == 'POST'"
>> then="postView" else="redirectView" />
>> </decision-state>
>> <!-- the "viewGenericLogin" is the end state for when a user attempts to
>> login without coming directly from a service.
>> They have only initialized their single-sign on session. -->
>> <end-state id="viewGenericLoginSuccess" view="casLoginGenericSuccessView"
>> />
>> <!-- The "showWarningView" end state is the end state for when the user
>> has requested privacy settings (to be "warned")
>> to be turned on. It delegates to a view defines in
>> default_views.properties that display the "Please click here to go to
>> the service." message. -->
>> <end-state id="showWarningView" view="casLoginConfirmView" />
>> <!-- Password policy failure states -->
>> <end-state id="abstactPasswordChangeView">
>> <on-entry>
>> <set name="flowScope.passwordPolicyUrl"
>> value="passwordPolicy.passwordPolicyUrl" />
>> </on-entry>
>> </end-state>
>> <end-state id="casExpiredPassView" view="casExpiredPassView"
>> parent="#abstactPasswordChangeView" />
>> <end-state id="casMustChangePassView" view="casMustChangePassView"
>> parent="#abstactPasswordChangeView" />
>> <end-state id="casAccountDisabledView" view="casAccountDisabledView" />
>> <end-state id="casAccountLockedView" view="casAccountLockedView" />
>> <end-state id="casBadHoursView" view="casBadHoursView" />
>> <end-state id="casBadWorkstationView" view="casBadWorkstationView" />
>> <end-state id="postView" view="postResponseView">
>> <on-entry>
>> <set name="requestScope.parameters"
>> value="requestScope.response.attributes" />
>> <set name="requestScope.originalUrl" value="flowScope.service.id" />
>> </on-entry>
>> </end-state>
>> <!-- The "redirect" end state allows CAS to properly end the workflow
>> while still redirecting the user back to the service
>> required. -->
>> <end-state id="redirectView"
>> view="externalRedirect:${requestScope.response.url}" />
>> <end-state id="viewServiceErrorView" view="viewServiceErrorView" />
>> <end-state id="viewServiceSsoErrorView" view="viewServiceSsoErrorView" />
>> <global-transitions>
>> <!-- CAS-1023 This one is simple - redirects to a login page (same as
>> renew) when 'ssoEnabled' flag is unchecked instead
>> of showing an intermediate unauthorized view with a link to login
>> page -->
>> <transition to="viewLoginForm"
>> on-exception="org.jasig.cas.services.UnauthorizedSsoServiceException" />
>> <transition to="viewServiceErrorView"
>> on-exception="org.springframework.webflow.execution.repository.NoSuchFlowExecutionException"
>> />
>> <transition to="viewServiceErrorView"
>> on-exception="org.jasig.cas.services.UnauthorizedServiceException" />
>> </global-transitions>
>> </flow>
>>
>>
>
> Attaching my deployerConfigContext.xml here for reference
>
> <beans xmlns="http://www.springframework.org/schema/beans";
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xmlns:p="http://www.springframework.org/schema/p";
>> xmlns:c="http://www.springframework.org/schema/c";
>> xmlns:tx="http://www.springframework.org/schema/tx";
>> xmlns:util="http://www.springframework.org/schema/util";
>> xmlns:sec="http://www.springframework.org/schema/security";
>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
>> http://www.springframework.org/schema/tx
>> http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
>> http://www.springframework.org/schema/security
>> http://www.springframework.org/schema/security/spring-security-3.2.xsd
>> http://www.springframework.org/schema/util
>> http://www.springframework.org/schema/util/spring-util.xsd";>
>>
>> <!--
>> | The authentication manager defines security policy for
>> authentication by specifying at a minimum
>> | the authentication handlers that will be used to authenticate
>> credential. While the AuthenticationManager
>> | interface supports plugging in another implementation, the
>> default PolicyBasedAuthenticationManager should
>> | be sufficient in most cases.
>> +-->
>> <bean id="authenticationManager"
>> class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
>> <constructor-arg>
>> <map>
>> <!--
>> | IMPORTANT
>> | Every handler requires a unique name.
>> | If more than one instance of the same handler class
>> is configured, you must explicitly
>> | set its name to something other than its default
>> name (typically the simple class name).
>> -->
>> <entry key-ref="proxyAuthenticationHandler"
>> value-ref="proxyPrincipalResolver" />
>> <entry key-ref="openIDAuthenticationHandler"
>> value-ref="openIDPrincipalResolver" />
>> <entry key-ref="ldapAuthenticationHandler"><null/></entry>
>> <!-- <entry key-ref="spnegoAuthenticationHandler"
>> value-ref="ldapPrincipalResolver" />-->
>> </map>
>> </constructor-arg>
>>
>> <!-- Uncomment the metadata populator to allow clearpass to
>> capture and cache the password
>> This switch effectively will turn on clearpass.
>> <property name="authenticationMetaDataPopulators">
>> <util:list>
>> <bean
>> class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator"
>> c:credentialCache-ref="encryptedMap" />
>> </util:list>
>> </property>
>> -->
>>
>> <!--
>> | Defines the security policy around authentication. Some
>> alternative policies that ship with CAS:
>> |
>> | * NotPreventedAuthenticationPolicy - all credential must
>> either pass or fail authentication
>> | * AllAuthenticationPolicy - all presented credential must be
>> authenticated successfully
>> | * RequiredHandlerAuthenticationPolicy - specifies a handler
>> that must authenticate its credential to pass
>> -->
>> <property name="authenticationPolicy">
>> <bean
>> class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
>> </property>
>> </bean>
>>
>> <!-- Required for proxy ticket mechanism. -->
>> <bean id="proxyAuthenticationHandler"
>>
>> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
>> p:httpClient-ref="httpClient" />
>>
>> <!--
>> | TODO: Replace this component with one suitable for your
>> enviroment.
>> |
>> | This component provides authentication for the kind of
>> credential used in your environment. In most cases
>> | credential is a username/password pair that lives in a system of
>> record like an LDAP directory.
>> | The most common authentication handler beans:
>> |
>> | * org.jasig.cas.authentication.LdapAuthenticationHandler
>> | * org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler
>> | *
>> org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
>> | *
>> org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler
>> -->
>> <!--
>> <bean id="primaryAuthenticationHandler"
>>
>> class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
>> <property name="users">
>> <map>
>> <entry key="casuser" value="Mellon"/>
>> </map>
>> </property>
>> </bean>
>> -->
>>
>>
>> <!-- Required for proxy ticket mechanism -->
>> <bean id="proxyPrincipalResolver"
>>
>> class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
>>
>>
>>
>>
>>
>> <!--
>> Sample, in-memory data store for the ServiceRegistry. A real
>> implementation
>> would probably want to replace this with the JPA-backed
>> ServiceRegistry DAO
>> The name of this bean should remain "serviceRegistryDao".
>> +-->
>> <bean id="serviceRegistryDao"
>> class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
>> p:registeredServices-ref="registeredServicesList" />
>>
>> <util:list id="registeredServicesList">
>> <bean class="org.jasig.cas.services.RegexRegisteredService"
>> p:id="0" p:name="HTTP and IMAP" p:description="Allows
>> HTTP(S) and IMAP(S) protocols"
>> p:serviceId="^(https?|imaps?)://.*"
>> p:evaluationOrder="10000001" />
>> <!--
>> Use the following definition instead of the above to further
>> restrict access
>> to services within your domain (including sub domains).
>> Note that example.com must be replaced with the domain you wish
>> to permit.
>> This example also demonstrates the configuration of an attribute
>> filter
>> that only allows for attributes whose length is 3.
>> -->
>> <!--
>> <bean class="org.jasig.cas.services.RegexRegisteredService">
>> <property name="id" value="1" />
>> <property name="name" value="HTTP and IMAP on example.com" />
>> <property name="description" value="Allows HTTP(S) and
>> IMAP(S) protocols on example.com" />
>> <property name="serviceId"
>> value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*example\.com/.*" />
>> <property name="evaluationOrder" value="0" />
>> <property name="attributeFilter">
>> <bean
>> class="org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter"
>> c:regex="^\w{3}$" />
>> </property>
>> </bean>
>> -->
>> </util:list>
>>
>> <bean id="auditTrailManager"
>> class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
>>
>> <bean id="healthCheckMonitor"
>> class="org.jasig.cas.monitor.HealthCheckMonitor"
>> p:monitors-ref="monitorsList" />
>>
>> <util:list id="monitorsList">
>> <bean class="org.jasig.cas.monitor.MemoryMonitor"
>> p:freeMemoryWarnThreshold="10" />
>> <!--
>> NOTE
>> The following ticket registries support SessionMonitor:
>> * DefaultTicketRegistry
>> * JpaTicketRegistry
>> Remove this monitor if you use an unsupported registry.
>> -->
>> <bean class="org.jasig.cas.monitor.SessionMonitor"
>> p:ticketRegistry-ref="ticketRegistry"
>> p:serviceTicketCountWarnThreshold="5000"
>> p:sessionCountWarnThreshold="100000" />
>> </util:list>
>> </beans>
>>
>> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
