Thank you very much for explaining these things. My mentor advised me that I don't need to use services management webapp, I can use XML configuration for service registry data. I am using InMemoryServiceRegistryDaoImpl and my configuration looks like this : <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" p:registeredServices-ref="registeredServicesList" /> <util:list id="registeredServicesList"> <bean class="org.jasig.cas.services.RegisteredServiceImpl" p:id="1" p:name="HTTPS and IMAPS services on library.ibu.edu.ba" p:serviceId="http://*.ibu.edu.ba/**"; p:ssoEnabled="true" p:evaluationOrder="0" /></util:list>
When I'm trying to authenticate KOHA I get that error: Application not authorized to use CAS. Did I miss something ? Kind regards, Ahmed Date: Thu, 7 May 2015 10:11:34 -0500 From: [email protected] To: [email protected] Subject: RE: [cas-user] Application not authorized to use CAS Ok cool, that's good to know that CAS was working properly initially. Were your services able to connect to CAS successfully at that point as well? That would be the next thing to check, because that way you know that everything is configured properly. Once you've verified that you can log into CAS, and an application can use it for authentication, then you can safely move onto the next step - changing your user directory to something like LDAP (if needed.) Once that's been tested, then you can go about the service management configuration, because at that point, you know that everything's working, so you have a config that you can revert to if something doesn't go right. (Once I'm at this point, I usually create a copy of the folder so that if I totally hose a config, I don't have to undo it, I just copy it back from the working point.) For your services management, you'll want to keep it all in the same place - whether LDAP, database, etc. Otherwise it would be like taking putting your shopping list in your car, and then riding your bike to the store. Essentially - the management webapp is just a nice GUI front-end for the CAS services management functionality. You can configure services manually as well. So if you're telling the webapp to use LDAP and CAS to use the database, it won't work. Chris >>> Ahmed Hadzic <[email protected]> 05/07/15 9:47 AM >>> Yes, CAS was functioning properly before I tried to do the service management stuff (I could login as default: casuser-Mellon) and I would get message (Login Successful). I haven't actually installed the service management config (I thought I need to do some configuration in CAS conf files and I would be able to access the service management). I was probably wrong.When I try to login to the management webapp (https://localhost:8443/cas-management) i get the error (http://pokit.org/get/?06a0b06e4b0c3f643ad66b6279a43fc5.jpg) I get the error "application is not authorized to use CAS" when I type: https://localhost:8443/cas/login?service=%2Fcgi-bin%2Fkoha%2Fopac-user.pl ( http://pokit.org/get/?55c4ebfd9cd76fd353e36a015b94f4d0.jpg, http://pokit.org/get/?4653a617ec77f3ecf60a6d1f094e2620.jpg) As for the LDAP service manager and JPA service registry I thought I need to use LDAP. They are two different things, but can I use them both or just one of them, and is it OK for management webapp to use LDAP for services management, and CAS to use the database for it? Maybe it's a stupid question but I really don't know these things quite enough to understand them. Ahmed Date: Thu, 7 May 2015 09:13:08 -0500 From: [email protected] To: [email protected] Subject: RE: [cas-user] Application not authorized to use CAS Ok. I think we need to take a step back and figure some things out first. Typically, you'll want to configure CAS by itself (which will default to "open mode" which lets everything authenticate against it.) Once you've verified that everything's functioning correctly (you can log into CAS, apps can authenticate against the server successfully, etc.) then you'll want to look at configuring service management. Based on what you'd typed below, it seems like you tried to do it all at once. Just to make sure - was CAS functioning properly before you tried to do the service management stuff? If not, I'd start over with the server and make sure that CAS is functioning properly before trying the service management stuff, otherwise you don't really know for sure where problems lie. If everything was working properly, and then you installed the service management config - When you try to log into the management webapp, does it tell you that you can't login, or that the webapp isn't authorized? Next - based on what you pasted in below, I'm seeing entries for both the LDAP service manager and JPA service registry, which are two entirely different things. If I'm interpreting your pasting correctly, it looks like you told the management webapp to use LDAP for services management, and CAS to use the database for it? Chris >>> Ahmed Hadzic <[email protected]> 05/07/15 8:42 AM >>> I did mention installing the service management webapp and I'm not able to access it. I know if I manage to access it I can add KOHA as one of the CAS services and that would solve my problem. I tried to configure services following this guide http://jasig.github.io/cas/4.0.x/installation/Service-Management.htmlIs this the wright documentation to follow ? Ahmed Date: Thu, 7 May 2015 08:08:47 -0500 From: [email protected] To: [email protected] Subject: RE: [cas-user] Application not authorized to use CAS Ok. Well, the cas log file would be the first place I'd look for errors with regard to the 404 you're getting; you can find more details on it here: http://jasig.github.io/cas/4.0.x/installation/Logging.html You may want to turn the logging level up to DEBUG for additional details. It should typically be logging details to your TOMCAT_LOG_FOLDER/cas.log To the "application not authorized" piece, the problem should be in your services configuration. You mentioned installing the service management webapp; are you able to access it? If so, if you log into it, do you see any services registered? If not, therein would lie your problem. I don't see where you mentioned configuring services to be able to access your CAS server, so if you didn't do that already, you'll definitely need to before anything will be able to talk to your server. Chris >>> Ahmed Hadzic <[email protected]> 05/06/15 6:19 PM >>> Yes, i can login to CAS when I omit that piece of code, maybe I put it in the wrong section of the file. When I add it, I get the error 404(service is unavailable). In KOHA (CAS settings) I set CAS Server Url to be: https://localhost:8443/cas and when I'm trying to access that over KOHA user login(if you have CAS account click here) I get the error: Application is not authorized to use CAS. I hope I explained my problem well enough. Ahmed Date: Wed, 6 May 2015 12:58:26 -0500 From: [email protected] To: [email protected]; [email protected] Subject: Re: [cas-user] Application not authorized to use CAS Just for clarification - things work correctly when you omit this piece of code: <sec:ldap-server id="ldapServer" url="ldap://myserver:13060/"; manager-dn="cn=adminusername,cn=Users,dc=london-scottish,dc=com" manager-password="mypassword" /> <sec:ldap-user-service id="userDetailsService" server-ref="ldapServer" group-search-base="cn=Groups,dc=mycompany,dc=com" group-role-attribute="cn" group-search-filter="(uniquemember={0})" user-search-base="cn=Users,dc=mycompany,dc=com" user-search-filter="(uid={0})"/> but fail once you add it? And to be sure, the error message that you're receiving is the "application not authorized to use CAS" message? The reason I'm curious is because that chunk of code there has absolutely nothing to do with an application talking to CAS; it's strictly for user-side things. Chris >>> Ahmed Hadzic <[email protected]> 05/06/15 10:03 AM >>> Hello all, I am about to graduate and for my senior design project I have to integrate CAS with KOHA (Open ILS). I am using Ubuntu server 14.04, so far I made secure connection for CAS, and now i need to login to CAS as KOHA user. This is where I encountered problems. I found out that I need to get the CAS server's Manager to add the OPAC Url to the Service management system in CAS itself. When I try to access over browser(https://localhost:8443/cas/services) I get redirected to CAS login page. I followed this documentation: http://jasig.github.io/cas/4.0.x/installation/Service-Management.html. Since I am pretty much newbie for CAS I would be thankful if you could help me. Here are the details of what I did from the guide above: LdapServiceRegistryDao <bean id="serviceRegistryDao" class="org.jasig.cas.adaptors.ldap.services.LdapServiceRegistryDao" p:connectionFactory-ref="pooledLdapConnectionFactory" p:searchRequest-ref="searchRequest" p:ldapServiceMapper-ref="ldapMapper" /> <bean id="ldapMapper" class="org.jasig.cas.adaptors.ldap.services.DefaultLdapServiceMapper"/> I added this in /home/ahmed/cas-server-4.0.0/cas-management-webapp/src/main/webapp/WEB-INF/managementConfigContext.xml JpaServiceRegistryDaoImpl <tx:annotation-driven transaction-manager-ref="transactionManager" /> <bean id="factoryBean" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" p:dataSource-ref="dataSource" p:jpaVendorAdapter-ref="jpaVendorAdapter" p:packagesToScan-ref="packagesToScan"> <property name="jpaProperties"> <props> <prop key="hibernate.dialect">${database.dialect}</prop> <prop key="hibernate.hbm2ddl.auto">update</prop> <prop key="hibernate.jdbc.batch_size">${database.batchSize}</prop> </props> </property> </bean> <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter" p:generateDdl="true" p:showSql="true" /> <bean id="serviceRegistryDao" class="org.jasig.cas.services.JpaServiceRegistryDaoImpl" /> <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager" p:entityManagerFactory-ref="factoryBean" /> <!-- | Injects EntityManager/Factory instances into beans with | @PersistenceUnit and @PersistenceContext --> <bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" /> <!-- Configuration via JNDI --> <bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean" p:jndiName="java:comp/env/jdbc/cas-source" /> I added this in /home/ahmed/cas-server-4.0.0/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml Installing the Services Management Webapp <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-management-webapp</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> Added this in /home/ahmed/cas-server-4.0.0/cas-management-webapp/pom.xml Spring-security-ldap <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-ldap</artifactId> <version>${spring.security.ldap.version}</version> <exclusions> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> </exclusion> </exclusions> </dependency> Added this in /home/ahmed/cas-server-4.0.0/cas-management-webapp/pom.xml My CAS fails when I add this part to /var/lib/tomcat7/webapps/cas/WEB-INF/deployerConfigContext.xml <sec:ldap-server id="ldapServer" url="ldap://myserver:13060/"; manager-dn="cn=adminusername,cn=Users,dc=london-scottish,dc=com" manager-password="mypassword" /> <sec:ldap-user-service id="userDetailsService" server-ref="ldapServer" group-search-base="cn=Groups,dc=mycompany,dc=com" group-role-attribute="cn" group-search-filter="(uniquemember={0})" user-search-base="cn=Users,dc=mycompany,dc=com" user-search-filter="(uid={0})"/> I don't quite understand this and I don't know if I am doing things right, so any help is very much appreciated. Kind regards, Ahmed -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
