Ok. I think we need to take a step back and figure some things out first.
Typically, you'll want to configure CAS by itself (which will default to "open mode" which lets everything authenticate against it.) Once you've verified that everything's functioning correctly (you can log into CAS, apps can authenticate against the server successfully, etc.) then you'll want to look at configuring service management. Based on what you'd typed below, it seems like you tried to do it all at once. Just to make sure - was CAS functioning properly before you tried to do the service management stuff? If not, I'd start over with the server and make sure that CAS is functioning properly before trying the service management stuff, otherwise you don't really know for sure where problems lie. If everything was working properly, and then you installed the service management config - When you try to log into the management webapp, does it tell you that you can't login, or that the webapp isn't authorized? Next - based on what you pasted in below, I'm seeing entries for both the LDAP service manager and JPA service registry, which are two entirely different things. If I'm interpreting your pasting correctly, it looks like you told the management webapp to use LDAP for services management, and CAS to use the database for it? Chris >>> Ahmed Hadzic <[email protected]> 05/07/15 8:42 AM >>> I did mention installing the service management webapp and I'm not able to access it. I know if I manage to access it I can add KOHA as one of the CAS services and that would solve my problem. I tried to configure services following this guide http://jasig.github.io/cas/4.0.x/installation/Service-Management.html Is this the wright documentation to follow ? Ahmed Date: Thu, 7 May 2015 08:08:47 -0500 From: [email protected] To: [email protected] Subject: RE: [cas-user] Application not authorized to use CAS Ok. Well, the cas log file would be the first place I'd look for errors with regard to the 404 you're getting; you can find more details on it here: http://jasig.github.io/cas/4.0.x/installation/Logging.html You may want to turn the logging level up to DEBUG for additional details. It should typically be logging details to your TOMCAT_LOG_FOLDER/cas.log To the "application not authorized" piece, the problem should be in your services configuration. You mentioned installing the service management webapp; are you able to access it? If so, if you log into it, do you see any services registered? If not, therein would lie your problem. I don't see where you mentioned configuring services to be able to access your CAS server, so if you didn't do that already, you'll definitely need to before anything will be able to talk to your server. Chris >>> Ahmed Hadzic <[email protected]> 05/06/15 6:19 PM >>> Yes, i can login to CAS when I omit that piece of code, maybe I put it in the wrong section of the file. When I add it, I get the error 404(service is unavailable). In KOHA (CAS settings) I set CAS Server Url to be: https://localhost:8443/cas and when I'm trying to access that over KOHA user login(if you have CAS account click here) I get the error: Application is not authorized to use CAS. I hope I explained my problem well enough. Ahmed Date: Wed, 6 May 2015 12:58:26 -0500 From: [email protected] To: [email protected]; [email protected] Subject: Re: [cas-user] Application not authorized to use CAS Just for clarification - things work correctly when you omit this piece of code: <sec:ldap-server id="ldapServer" url="ldap://myserver:13060/"; manager-dn="cn=adminusername,cn=Users,dc=london-scottish,dc=com" manager-password="mypassword" /> <sec:ldap-user-service id="userDetailsService" server-ref="ldapServer" group-search-base="cn=Groups,dc=mycompany,dc=com" group-role-attribute="cn" group-search-filter="(uniquemember={0})" user-search-base="cn=Users,dc=mycompany,dc=com" user-search-filter="(uid={0})"/> but fail once you add it? And to be sure, the error message that you're receiving is the "application not authorized to use CAS" message? The reason I'm curious is because that chunk of code there has absolutely nothing to do with an application talking to CAS; it's strictly for user-side things. Chris >>> Ahmed Hadzic <[email protected]> 05/06/15 10:03 AM >>> Hello all, I am about to graduate and for my senior design project I have to integrate CAS with KOHA (Open ILS). I am using Ubuntu server 14.04, so far I made secure connection for CAS, and now i need to login to CAS as KOHA user. This is where I encountered problems. I found out that I need to get the CAS server's Manager to add the OPAC Url to the Service management system in CAS itself. When I try to access over browser(https://localhost:8443/cas/services) I get redirected to CAS login page. I followed this documentation: http://jasig.github.io/cas/4.0.x/installation/Service-Management.html. Since I am pretty much newbie for CAS I would be thankful if you could help me. Here are the details of what I did from the guide above: LdapServiceRegistryDao <bean id="serviceRegistryDao" class="org.jasig.cas.adaptors.ldap.services.LdapServiceRegistryDao" p:connectionFactory-ref="pooledLdapConnectionFactory" p:searchRequest-ref="searchRequest" p:ldapServiceMapper-ref="ldapMapper" /> <bean id="ldapMapper" class="org.jasig.cas.adaptors.ldap.services.DefaultLdapServiceMapper"/> I added this in /home/ahmed/cas-server-4.0.0/cas-management-webapp/src/main/webapp/WEB-INF/managementConfigContext.xml JpaServiceRegistryDaoImpl <tx:annotation-driven transaction-manager-ref="transactionManager" /> <bean id="factoryBean" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" p:dataSource-ref="dataSource" p:jpaVendorAdapter-ref="jpaVendorAdapter" p:packagesToScan-ref="packagesToScan"> <property name="jpaProperties"> <props> <prop key="hibernate.dialect">${database.dialect}</prop> <prop key="hibernate.hbm2ddl.auto">update</prop> <prop key="hibernate.jdbc.batch_size">${database.batchSize}</prop> </props> </property> </bean> <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter" p:generateDdl="true" p:showSql="true" /> <bean id="serviceRegistryDao" class="org.jasig.cas.services.JpaServiceRegistryDaoImpl" /> <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager" p:entityManagerFactory-ref="factoryBean" /> <!-- | Injects EntityManager/Factory instances into beans with | @PersistenceUnit and @PersistenceContext --> <bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" /> <!-- Configuration via JNDI --> <bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean" p:jndiName="java:comp/env/jdbc/cas-source" /> I added this in /home/ahmed/cas-server-4.0.0/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml Installing the Services Management Webapp <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-management-webapp</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> Added this in /home/ahmed/cas-server-4.0.0/cas-management-webapp/pom.xml Spring-security-ldap <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-ldap</artifactId> <version>${spring.security.ldap.version}</version> <exclusions> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> </exclusion> </exclusions> </dependency> Added this in /home/ahmed/cas-server-4.0.0/cas-management-webapp/pom.xml My CAS fails when I add this part to /var/lib/tomcat7/webapps/cas/WEB-INF/deployerConfigContext.xml <sec:ldap-server id="ldapServer" url="ldap://myserver:13060/"; manager-dn="cn=adminusername,cn=Users,dc=london-scottish,dc=com" manager-password="mypassword" /> <sec:ldap-user-service id="userDetailsService" server-ref="ldapServer" group-search-base="cn=Groups,dc=mycompany,dc=com" group-role-attribute="cn" group-search-filter="(uniquemember={0})" user-search-base="cn=Users,dc=mycompany,dc=com" user-search-filter="(uid={0})"/> I don't quite understand this and I don't know if I am doing things right, so any help is very much appreciated. Kind regards, Ahmed -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
