RE: [cas-user] Casifying Shib (idP)

Tue, 24 Mar 2015 18:27:37 -0700 

Thanks a lot for your reply and the information, Paul.

I verified that the handler.xml file is correct, but still end up at the error 
page whenever I try to login using the cas plugin and the log shows:

21:21:34.936 - DEBUG 
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:464] - 
Selecting appropriate login handler from filtered set 
{urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified=net.unicon.idp.authn.provider.CasLoginHandler@29669b01}
21:21:34.936 - DEBUG 
[edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:497] - 
Authenticating user with login handler of type 
net.unicon.idp.authn.provider.CasLoginHandler
21:21:34.937 - TRACE 
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:349] - Looking 
up LoginContext with key 
42cc6b24fef6e25efc0c67d02515d43d5860ec6d2b3f1e4fd94bc5d5a643c684 from 
StorageService parition: loginContexts
Looking up LoginContext with key 
42cc6b24fef6e25efc0c67d02515d43d5860ec6d2b3f1e4fd94bc5d5a643c684 from 
StorageService parition: loginContexts
21:21:34.969 - TRACE 
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:355] - 
Retrieved LoginContext with key 
42cc6b24fef6e25efc0c67d02515d43d5860ec6d2b3f1e4fd94bc5d5a643c684 from 
StorageService parition: loginContexts
21:21:35.013 - TRACE 
[edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:117] - 
Attempting to retrieve IdP session cookie.

Thanks,
Niva
-----Original Message-----
From: Paul B. Henson [mailto:[email protected]] 
Sent: Thursday, March 19, 2015 1:17 PM
To: [email protected]
Subject: Re: [cas-user] Casifying Shib (idP)

On Wed, Mar 18, 2015 at 10:34:49PM +0000, Niva Agmon wrote:

> javax.security.auth.login.LoginException: No LoginModules configured for 
> ShibUserPassAuth
>         at javax.security.auth.login.LoginContext.init(LoginContext.java:287) 
> ~[na:1.6.0_32]
>         at 
> javax.security.auth.login.LoginContext.<init>(LoginContext.java:432) 
> ~[na:1.6.0_32]
> 
> Thanks again for any help or tips.

Hmm, did you update handler.xml?

Here's what mine looks like:

    <!-- Login Handlers -->
    <!-- Delegate authentication to CAS -->
        <ph:LoginHandler xsi:type="shib-cas:CasLoginHandler">
                
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
                <shib-cas:paramBuilder 
class="net.unicon.idp.authn.provider.extra.EntityIdParameterBuilder" />
        </ph:LoginHandler>

    <!--  Username/password login handler -->
<!--    <ph:LoginHandler xsi:type="ph:UsernamePassword" 
                  
jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config"
                  authenticationDuration="PT8H">
        
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
    </ph:LoginHandler> -->
    
    <!-- 
        Removal of this login handler will disable SSO support, that is it will 
require the user to authenticate 
        on every request.
    -->
<!--    <ph:LoginHandler xsi:type="ph:PreviousSession">
        
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
    </ph:LoginHandler> -->


Basically, I commented out the "UsernamePassword" login handler to disable 
shib's native auth, added the "shib-cas:CasLoginHandler" to enable CAS auth, 
and disabled the "PreviousSession" handler as session state is handled on the 
CAS side, not the shib side.

As I recall, the instructions are pretty accurate. Update web.xml, create the 
external properties file, update handler.xml... Install the idp-cas-invoker and 
cas-client-core jars, and you should be good to go.

If you double check these steps and it still doesn't work you might try asking 
on the shib list, there's some crossover between this one but they might have a 
better idea on this shib specific error.


--
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/ Operating 
Systems and Network Analyst  |  [email protected] California State Polytechnic 
University  |  Pomona CA 91768

--
You are currently subscribed to [email protected] as: [email protected] 
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to