Velpi,

In the HttpClientFactoryBean you can disable strict host name checking 
(not sure if that will help your situation, and we don't obviously 
recommend not checking the hostname ;-))
-Scott

Velpi wrote:
> Hi Lukas
>
> you're right, that page still contains some old information that corresponds 
> to 
> CAS 3.0.4. We'll try to update it as soon as possible.
>
> If you're used to the ESUP package then you might want to try these:
> http://shib.kuleuven.be/download/idp/1.3/beta/
> (docs aren't entirely up to date today, but they should be tomorrow evening: 
> http://shib.kuleuven.be/docs/idp/install-idp-1.3-beta200608.shtml)
> The code in that package is based on CAS 3.0.5 with some additions that will 
> appear in CAS 3.0.6. 3.0.6 is scheduled to support eg X.509 with LDAP lookup, 
> but the package will provide you that now already. It also contains Shib, as 
> you 
> might like I think...
> I was supposed to take our 3.0.5 system live today -installed by that 
> package-, 
> but the new HttpClient in 3.0.5 doesn't like *. certificates which broke part 
> of 
> our setup so I had to postpone the upgrade until I find good solution for 
> that.
>
> use "./install cas3" to get a running CAS3 package easily (you can keep using 
> the genericHandler.xml if you want, but it's not my plan to keep supporting 
> that). Examples are included, but they may be a little hidden still (docs of 
> tomorrow will help you out in that area), have a look in 
> ./install_files/casserverext/.../deployerConfigContext.xml
>
> It's a little getting used to Spring when you're coming from CAS2, but once 
> you 
> get used to it I'm sure you'll love CAS even better than before.
> If you find any problems or possible improvements while testing CAS then 
> please 
> file the a JIRA issue at http://www.ja-sig.org/issues/browse/CAS. [comments 
> about the package are welcome at my personal address]
>
>
> ps: Tell Patrik the LDAP-AD problem has been fixed entirely from CAS 3.0.5, 
> so 
> there's no need to patch it again in this version ;).
> http://developer.ja-sig.org/source/browse/jasig/cas3/adaptors/ldap/src/main/java/org/jasig/cas/adaptors/ldap/AbstractLdapUsernamePasswordAuthenticationHandler.java?r=1.5
> (look for setIgnorePartialResultException)
>
>
> -- Velpi (remember the Belgian visitors 1.5 years ago?)
>
>
>
> Lukas Haemmerle wrote:
>   
>> I just tried to configure CAS 3.0.5 for client AuthN, but always got an
>> exception when deploying the war file.
>>
>> Can it be that there is an inconsistency on
>> http://www.ja-sig.org/products/cas/server/certs/index.html ?
>>
>> Instead of
>>
>>
>>       <bean
>> class="org.jasig.cas.authentication.handler.support.X509CredentialsAuthenticationHandler">
>>             <property
>>                   name="trustedIssuer"
>>                   value="trustedIssuer" />
>>        </bean>
>>
>>
>> It probably should be
>>
>>
>>        <bean
>> class="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler">
>>                                         <property
>>                                                 name="trustedIssuer"
>>                                                 value="trustedIssuer" />
>>                                 </bean>
>>
>> in the authenticationHandler section.
>> Moreover, it would help people if it was described in greater detail how
>> to configure the credentialsToPrincipalResolvers (or have I just looked
>> at the wrong places?). E.g. the complete code snippets could be provided
>>
>> <bean
>> class="org.jasig.cas.authentication.principal.X509CertificateCredentialsToDistinguishedNamePrincipalResolver"
>> />
>> <bean
>> class="org.jasig.cas.authentication.principal.X509CertificateCredentialsToIdentifierPrincipalResolver"
>>
>> [probably some params....]
>> />
>>
>> <bean
>> class="org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToSerialNumberPrincipalResolver"
>> />
>>
>>
>> This would have helped a CAS 3.0 newbie who was used to have a
>> dead-simple configuration like ESUP CAS :)
>>
>> Cheers
>> Lukas
>>
>> PS: Client AuthN still is not yet working as an alternate authentication
>> method to LDAP, but I'm getting closer :)
>>
>>     
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>   
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to