Rob,
You should be able to reach the login page without the JAAS
configuration page.
I just want to note that we also picked to do Kerberos authentication to
Active Directory as the machine we are using was already setup for
Kerberos authentication to AD for signing onto the box, so it just made
sense to reuse the mechanism. =X
As far as what you will need to do to setup JAAS:
1. Create your JAAS configuration file
CAS {
com.sun.security.auth.module.Krb5LoginModule required
client=TRUE debug=FALSE useTicketCache=FALSE;
};
2. Set up Kerberos on the machine
3. Set the auth login configuration file
(java.security.auth.login.config) in either Tomcat or JRE.
4. Set the kerberos configuration file (java.security.krb5.conf) in
either Tomcat or JRE
5. Add the JaasAuthenticationHandler to the authenticationHandlers
property in deployerConfigContext.xml
That *should* be everything you need. =X
HTH,
Andrew R Feller, Analyst
Subversion Administrator
University Information Systems
Louisiana State University
[EMAIL PROTECTED]
(office) 225.578.3737
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Rob Wiltbank
Sent: Wednesday, July 25, 2007 8:12 AM
To: Yale CAS mailing list
Subject: Re: Recommended Environment
Just as an addendum, I know that I haven't specified the jaas.conf login
configuration yet, but because of the issues I've had, I'm attempting to
baby step this process so I can nail down a solid, repeatable procedure
that I can duplicate for a production machine.
I've made a leap in my last email assuming that I'd still be able to, at
the very least, get to the login page, or does it require the
configuration file be in place before hand?
Rob Wiltbank wrote:
> Scott,
>
> Trying something along the lines that Andrew suggested, I took a fresh
> copy of the RC and replaced the test authentication handler in
> deployerConfig with this line:
>
> <bean
>
class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHa
ndler"
> />
>
> Rebuilt the package, copied over the cas.war file and watched the log
as
> it began to deploy -- I've attached the logfile...
>
>
>
>
> Scott Battaglia wrote:
>> Rob,
>>
>> Can you check the catalina.out or the cas.log file to see if there
are
>> any exceptions thrown?
>>
>> -Scott
>>
>> On 7/24/07, *Andrew R Feller* < [EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]>> wrote:
>>
>> Howdy Rob,
>>
>> As far as our approach to dealing with Active Directory, I just
used
>> the
>> JAAS handler to send authentication requests using Kerberos
rather
>> than
>> LDAP. This was mainly due to our Active Directory being
organized by
>> budget codes. =P
>>
>> HTH,
>>
>> Andrew R Feller, Analyst
>> Subversion Administrator
>> University Information Systems
>> Louisiana State University
>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>> (office) 225.578.3737
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]>
>> [mailto:[EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]>]
>> On Behalf Of Rob Wiltbank
>> Sent: Tuesday, July 24, 2007 1:00 PM
>> To: Yale CAS mailing list
>> Subject: Re: Recommended Environment
>>
>> I'd finally gotten maven properly on the go and the demo cas.war
>> compiled and worked fine -- I'll list the changes I've made and
see
>> about getting guidance on moving forward with AD LDAP
authentication:
>>
>> 1) I installed Sun java and used 'alternatives' to begin using
it.
>> 2) I built the cas-server-support-ldap with maven.
>> 3) I changed the pom.xml in -webapp and added:
>> <dependency>
>> <groupId>${project.groupId}</groupId>
>>
>> <artifactId>cas-server-support-ldap</artifactId>
>> <version>${project.version}</version>
>> </dependency>
>> 4) I changed my deployerConfigContext.xml to the following:
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <beans xmlns=" http://www.springframework.org/schema/beans";
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xmlns:p=" http://www.springframework.org/schema/p";
>>
>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>>
>>
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
>>
>> <bean id="authenticationManager"
>> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>> <property
name="credentialsToPrincipalResolvers">
>> <list>
>> <bean
>>
>>
class="org.jasig.cas.authentication.principal.UsernamePasswordCredential
>>
>> sToPrincipalResolver"
>> />
>> <bean
>>
>>
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredential
>> sToPrincipalResolver"
>> />
>> </list>
>> </property>
>>
>> <bean
>>
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
>> <property name="filter"
>> value="sAMAccountName=%u" />
>> <property name="searchBase"
value="ou=Domain
>> Users,ou=Employees,ou=County,ou=Campus,dc=domain,dc=edu" />
>> <property name="contextSource"
>> ref="contextSource" />
>> <property
name="ignorePartialResultException"
>> value="yes" />
>> </bean>
>> </bean>
>>
>> <bean id="contextSource"
>>
>>
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>> <property name="urls">
>> <list>
>>
>> <value>ldaps://ldap.domain.edu/</value>
>> </list>
>> </property>
>> <property name="userName"
>> value="cn=myUserName,ou=Domain
>> Users,ou=Employees,ou=County,ou=Campus,dc=domain,dc=edu"/>
>> <property name="password" value="myPassword"/>
>> <property name="baseEnvironmentProperties">
>> <map>
>> <entry>
>> <key>
>>
>> <value>java.naming.security.authentication</value>
>> </key>
>> <value>simple</value>
>> </entry>
>> </map>
>> </property>
>> </bean>
>> </beans>
>>
>>
>> In short, I tried to hardset the AD path to my user account and
hard
>> coded my password, just to see if I could get an authentication.
>> Though
>>
>> the cas.war file compiled fine, when I replaced it within Tomcat
and
>> restarted the application, I then got a 404: The requested
resource
>> (/cas/) is not available, even though the cas/ directory was
created.
>>
>> Any thoughts?
>>
>>
>>
>>
>>
>> Rob Wiltbank wrote:
>> >> Have you been able to successfully run the test WAR file on
your
>> Red
>> Hat
>> >> Enterprise system?
>> >
>> > Scott,
>> >
>> > I was able to run the test WAR; however, the getting the
>> deployerConfig
>> > to be recognized as valid XML (which it was, confirmed by the
>> list),
>> > failed and only threw java exceptions.
>> >
>> > I found a misconfiguration with maven that was preventing the
RC
>> package
>> > from building properly which I'm doing now, so I'll see if I
still
>> > encounter the same issues when I setup this deployerConfig.
If
>> I'm
>> able
>> > to get things working, perhaps I'd be permitted to write a
>> step-by-step
>> > process for other RHE5 users who are looking for detailed
>> instructions.
>> >
>> > Rob
>> >
>> >
>> >> -Scott
>> >>
>> >> On 7/24/07, *Rob Wiltbank* <[EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]> <mailto: [EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]>>>
>> wrote:
>> >>
>> >> Well, I've been trying for several weeks to get CAS
>> running on
>> RedHat
>> >> Enterprise 5 without success, mainly due to
incompatibilities
>> with java
>> >> -- even the latest RC can't be built with Maven because
of
>> IBM/GNU Java
>> >> issues.
>> >>
>> >> At this point, I'm getting a bit desperate -- before I
>> recommend
>> a
>> >> different solution to the college, I'd like to make one
>> last-ditch
>> >> effort by taking the RedHat distribution out of the
>> equation. If
>> any
>> >> one could kindly answer a few questions for me, I'd
greatly
>> appreciate
>> >> the time:
>> >>
>> >> - What distribution has the greatest chance of
successfully
>> compiling
>> >> and deploying Maven/CAS?
>> >>
>> >> - Are there any recommendations on pre-built
packages/RPMs
>> for
>> these
>> >> distributions that would facilitate this? Ideally,
they'd be
>> available
>> >> with the distribution itself.
>> >>
>> >> - Have any pre-configured distributions been compiled
into
>> an ISO
>> or
>> >> even something along the lines of a VMWare appliance been
>> released from
>> >> which we can use as a base starting or reference point?
>> >>
>> >> Thank you,
>> >> RHW
>> >>
>> >> _______________________________________________
>> >> Yale CAS mailing list
>> >> [email protected] <mailto:[email protected]> <mailto:
>> [email protected] <mailto:[email protected]>>
>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> -Scott Battaglia
>> >>
>> >> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>> >>
>> >>
>> >>
>> >>
>>
>>
------------------------------------------------------------------------
>>
>> >>
>> >> _______________________________________________
>> >> Yale CAS mailing list
>> >> [email protected] <mailto:[email protected]>
>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >>
>> >>
>> >>
>> >
>> >
>> > _______________________________________________
>> > Yale CAS mailing list
>> > [email protected] <mailto:[email protected]>
>> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >
>> > >
>> >
>> >
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> [email protected] <mailto:[email protected]>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>> _______________________________________________
>> Yale CAS mailing list
>> [email protected] <mailto:[email protected]>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>>
>>
>> --
>> -Scott Battaglia
>>
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>> <http://www.linkedin.com/in/scottbattaglia>
>> !DSPAM:46a6a5b1109879761423899!
>>
>>
>>
------------------------------------------------------------------------
>>
>> _______________________________________________
>> Yale CAS mailing list
>> [email protected]
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>> !DSPAM:46a6a5b1109879761423899!
>
>
>
> !DSPAM:46a74b75301373891914609!
>
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> !DSPAM:46a74b75301373891914609!
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
