On 1/7/15 8:16 AM, "Jehan Procaccia" <[email protected]> wrote:
> Le 07/01/2015 16:37, Milt Epstein a écrit :
>> On Wed, 7 Jan 2015, Alberto Cabello Sánchez wrote:
>>
>>> On Tue, 06 Jan 2015 15:00:51 -0800
>>> Kristen Walker <[email protected]> wrote:
>>>
>>>> I am desperately trying to get CAS to authenticate from our LDAP server and
>>>> I tried using the example you posted, modifying the values for our
>>>> environment. I seem to be having a lot of trouble with this portion of the
>>>> example:
>>>>
>>>> <bean id="ldapAuthenticationHandler"
>>>> class="org.jasig.cas.authentication.LdapAuthenticationHandler"
>>>> p:principalIdAttribute="cn">
>>>> <constructor-arg ref="authenticator" />
>>>> <property name="principalAttributeMap">
>>>> <map>
>>>> <entry key="mail" value="mail" />
>>>> <entry key="cn" value="cn" />
>>>> </map>
>>>> </property>
>>>> </bean>
>>>>
>>>> The error message I get is:
>>>>
>>>> INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
>>>> 2015-01-06 14:57:38,344 ERROR
>>>> [org.springframework.web.context.ContextLoader] - <Context initialization
>>>> failed>
>>>> org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line
>>>> 79 in XML document from ServletContext resource
>>>> [/WEB-INF/deployerConfigContext.xml] is invalid; nested exception is
>>>> org.xml.sax.SAXParseException; lineNumber: 79; columnNumber: 19;
>>>> cvc-complex-type.2.3: Element 'map' cannot have character [children],
>>>> because the type's content type is element-only.
>>> Syntax seems OK, but in order to avoid some unseeable content between
>>> "<map>"
>>> and "<entry..." you could put it as a entire line:
>>>
>>> <map><entry key="mail" value="mail" /><entry key="cn" value="cn" /></map>
>>>
>>> If it helps, my working syntax for that bean is slightly different:
>>>
>>> <bean id="ldapAuthenticationHandler"
>>> class="org.jasig.cas.authentication.LdapAuthenticationHandler"
>>> p:principalIdAttribute="cn"
>>> c:authenticator-ref="authenticator">
>>> <property name="principalAttributeMap">
>>> <map>
>>> <entry key="mail" value="mail" />
>>> <entry key="displayName" value="displayName" />
>>> </map>
>>> </property>
>>> </bean>
>> FWIW, my sense of this exactly matches yours -- the syntax I have is
>> this latter one, with the c:authenticator-ref rather than the
>> constructor-arg, but her syntax seems OK. Which brings up the
>> question -- is the error message really for this section of the XML?
>> Since it specifies the line number and the column number, she should
>> double-check that.
>>
>> Milt Epstein
>> Applications Developer
>> Graduate School of Library and Information Science (GSLIS)
>> University of Illinois at Urbana-Champaign (UIUC)
>> [email protected]
> maybe try an "xmlwf" command on the xml file to check if it is "well
> formed" as the command suggest .
>
> FYI , I just validated an ldap auth on a fresh cas4 deployement, after
> some difficulties, it finally works fine,
> as it was difficult to me, I documented each steps, is it online at
> https://www-public.tem-tsp.eu/~procacci/dok/doku.php?id=docpublic:systemes:sso
> cas:cas4install#ldap_authentication_handler
> (in french ! but commands and files are in english ) .
> good luck .
>
> Jehan .
>
I have checked the xml with xmlwf and also checked with an online xml
validator (http://validator.w3.org/check). I modified the file until I got
rid of all offending errors. It passes as a valid xml file in the
validators, but I still get errors from Tomcat.
Here is the error:
INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
2015-01-07 11:04:42,372 ERROR
[org.springframework.web.context.ContextLoader] - <Context initialization
failed>
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line
72 in XML document from ServletContext resource
[/WEB-INF/deployerConfigContext.xml] is invalid; nested exception is
org.xml.sax.SAXParseException; lineNumber: 72; columnNumber: 9;
cvc-complex-type.2.3: Element 'beans' cannot have character [children],
because the type's content type is element-only.
Here is the current xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xmlns:c="http://www.springframework.org/schema/c";
xmlns:tx="http://www.springframework.org/schema/tx";
xmlns:util="http://www.springframework.org/schema/util";
xmlns:sec="http://www.springframework.org/schema/security";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd";>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"
p:authenticationPolicy-ref="authenticationPolicy"><constructor-arg><map><ent
ry key-ref="passwordHandler" value-ref="ldapPrincipalResolver"/><entry
key-ref="oneTimePasswordHandler" value-ref="ldapPrincipalResolver"
/></map></constructor-arg><property
name="authenticationMetaDataPopulators"><bean
class="org.jasig.cas.authentication.SuccessfulHandlerMetaDataPopulator"
/></property></bean>
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="cn" c:authenticator-ref="authenticator"><property
name="principalAttributeMap"><map><entry key="mail" value="mail" /><entry
key="displayName" value="displayName" /></map></property></bean>
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="pooledSearchDnResolver" c:handler-ref="pooledBindHandler" />
<bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
p:ldapUrl="ldap://changeme"; p:connectTimeout="3000" p:useStartTLS="false"
p:connectionInitializer-ref="bindConnectionInitializer"/>
<bean id="bindConnectionInitializer"
class="org.ldaptive.BindConnectionInitializer"
p:bindDn="cn=changeme,dc=changeme,dc=changeme"><property
name="bindCredential"><bean class="org.ldaptive.Credential"
c:password="changeme" /></property></bean>
<bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
p:minPoolSize="3" p:maxPoolSize="10" p:validateOnCheckOut="true"
p:validatePeriodically="false" p:validatePeriod="300" />
<bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
p:prunePeriod="300" p:idleTime="600" />
<bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
<bean id="connectionPool" class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize" p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="3000" p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy"
p:connectionFactory-ref="connectionFactory"/>
<bean id="pooledSearchDnResolver"
class="org.ldaptive.auth.PooledSearchDnResolver"
p:baseDn="dc=sbceoportal,dc=org" p:allowMultipleDns="false"
p:connectionFactory-ref="pooledConnectionFactory"
p:userFilter="pdsLoginId={user}" />
<bean id="pooledBindHandler"
class="org.ldaptive.auth.PooledBindAuthenticationHandler"
p:connectionFactory-ref="pooledConnectionFactory" />
<bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="connectionConfig" />
<bean id="pooledConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="connectionPool" />
<bean id="usernamePasswordCredentialsResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
<bean id="httpBasedCredentialsResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
<!-- Required for proxy ticket mechanism. -->
<bean id="proxyAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredenti
alsAuthenticationHandler" p:httpClient-ref="httpClient" />
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler"><prope
rty name="users"><map><entry key="casuser"
value="Mellon"/></map></property></bean>
<!-- Required for proxy ticket mechanism -->
<bean id="proxyPrincipalResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
<!--
| Resolves a principal from a credential using an attribute
repository that is configured to resolve
| against a deployer-specific store (e.g. LDAP).
-->
<bean id="primaryPrincipalResolver"
class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolv
er" ><property name="attributeRepository" ref="attributeRepository"
/></bean>
<!--
Bean that defines the attributes that a service may return. This
example uses the Stub/Mock version. A real implementation
may go against a database or LDAP server. The id should remain
"attributeRepository" though.
+-->
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.StubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap"><entry key="uid" value="uid" /><entry
key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry
key="groupMembership" value="groupMembership" /></util:map>
<!--
Sample, in-memory data store for the ServiceRegistry. A real
implementation
would probably want to replace this with the JPA-backed ServiceRegistry
DAO
The name of this bean should remain "serviceRegistryDao".
+-->
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
p:registeredServices-ref="registeredServicesList" />
<util:list id="registeredServicesList"><bean
class="org.jasig.cas.services.RegexRegisteredService" p:id="0" p:name="HTTP
and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001"
/></util:list>
<bean id="auditTrailManager"
class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
<bean id="healthCheckMonitor"
class="org.jasig.cas.monitor.HealthCheckMonitor"
p:monitors-ref="monitorsList" />
<util:list id="monitorsList"><bean
class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10"
/><bean class="org.jasig.cas.monitor.SessionMonitor"
p:ticketRegistry-ref="ticketRegistry"
p:serviceTicketCountWarnThreshold="5000"
p:sessionCountWarnThreshold="100000" /></util:list>
</beans>
Anyone have any ideas? This is driving me nuts.
Thanks so much!
Kristen
--
Kristen Walker
Digital Media Resources Developer
Educational Technology Services
Santa Barbara County Education Office
(805) 964-4711 x 5244
Twitter: @kwalkersb
[email protected]
http://www.sbceoportal.org
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
