i have 2 problems with deploying cas:
the first:
i dont know if do i must to use ssl same in testing?
the second:
i want to use active directory to authenticate users, my domain controller has
the name of:Directoey.maec.gov.ma
i configured the deployerConfigContext.xml like below, when i try to
authenticate with correct user and passsowrd i have the following message :
The credentials you provided cannot be determined to be authentic:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
| deployerConfigContext.xml centralizes into one file some of the
declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make up a
CAS deployment.
| The beans declared in this file are instantiated at context
initialization time by the Spring
| ContextLoaderListener declared in web.xml. It finds this file because
this
| file is among those declared in the context parameter
"contextConfigLocation".
|
| By far the most common change you will need to make in this file is to
change the last bean
| declaration to replace the default
SimpleTestUsernamePasswordAuthenticationHandler with
| one implementing your approach for authenticating usernames and passwords.
+-->
<beans>
<!--
| This bean declares our AuthenticationManager. The
CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this
AuthenticationManager by reference to its id,
| "authenticationManager". Most deployers will be able to use the
default AuthenticationManager
| implementation and so do not need to change the class of this bean.
We include the whole
| AuthenticationManager here in the userConfigContext.xml so that you
can see the things you will
| need to change in context.
+-->
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<!--
| This is the List of CredentialToPrincipalResolvers that identify
what Principal is trying to authenticate.
| The AuthenticationManagerImpl considers them in order, finding a
CredentialToPrincipalResolver which
| supports the presented credentials.
|
| AuthenticationManagerImpl uses these resolvers for two purposes.
First, it uses them to identify the Principal
| attempting to authenticate to CAS /login . In the default
configuration, it is the DefaultCredentialsToPrincipalResolver
| that fills this role. If you are using some other kind of
credentials than UsernamePasswordCredentials, you will need to replace
| DefaultCredentialsToPrincipalResolver with a
CredentialsToPrincipalResolver that supports the credentials you are
| using.
|
| Second, AuthenticationManagerImpl uses these resolvers to
identify a service requesting a proxy granting ticket.
| In the default configuration, it is the
HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
| You will need to change this list if you are identifying services
by something more or other than their callback URL.
+-->
<property name="credentialsToPrincipalResolvers">
<list>
<!--
| UsernamePasswordCredentialsToPrincipalResolver supports
the UsernamePasswordCredentials that we use for /login
| by default and produces SimplePrincipal instances
conveying the username from the credentials.
|
| If you've changed your LoginFormAction to use credentials
other than UsernamePasswordCredentials then you will also
| need to change this bean declaration (or add additional
declarations) to declare a CredentialsToPrincipalResolver that supports the
| Credentials you are using.
+-->
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<!--
| HttpBasedServiceCredentialsToPrincipalResolver supports
HttpBasedCredentials. It supports the CAS 2.0 approach of
| authenticating services by SSL callback, extracting the
callback URL from the Credentials and representing it as a
| SimpleService identified by that callback URL.
|
| If you are representing services by something more or
other than an HTTPS URL whereat they are able to
| receive a proxy callback, you will need to change this
bean declaration (or add additional declarations).
+-->
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</list>
</property>
<!--
| Whereas CredentialsToPrincipalResolvers identify who it is some
Credentials might authenticate,
| AuthenticationHandlers actually authenticate credentials. Here
we declare the AuthenticationHandlers that
| authenticate the Principals that the
CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn
| until it finds one that both supports the Credentials presented
and succeeds in authenticating.
+-->
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services by
means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
/>
<!--
| This is the authentication handler declaration that every CAS
deployer will need to change before deploying CAS
| into production.
| With this configuration youll be using LDAP FastBind
authentication.
+-->
<bean
class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"
>
<property name="filter"
value="uid=%u,ou=division_info,dc=Directoey,dc=maec,dc=gov,dc=ma" />
<property name="contextSource" ref="contextSource" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldap://Directoey.maec.gov.ma</value>
</list>
</property>
</bean>
</beans>
i think, i has a problem in the blue lines , can you help me to write
correctly the ldap string.
Regards
---------------------------------
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur
Yahoo! Questions/Réponses._______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
