Thank you. I'm having another difficulty; I'm working from the instructions at http://www.ja-sig.org/wiki/display/CAS/Examples+to+Configure+CAS and http://www.ja-sig.org/wiki/display/CASUM/LDAP :
17:26:02,589 INFO [STDOUT] 2007-12-03 17:26:02,589 ERROR [ org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/cas-web]] - <SafeDispatcherServlet: The Spring DispatcherServlet we wrap threw on init. But for our having caught this error, the servlet would not have initialized.> org.springframework.beans.factory.BeanDefinitionStoreException: Error registering bean with name 'contextSource' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Bean class [ org.jasig.cas.adaptors.ldap.util.Authe nticatedLdapContextSource] not found; nested exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource Caused by: java.lang.ClassNotFoundException: org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource [snip] My current draft of deployerConfigContext.xml reads as below. Do any errors jump out? <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" " http://www.springframework.org/dtd/spring-beans.dtd";> <!-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared in this file are instantiated at context initialization time by the Spring | ContextLoaderListener declared in web.xml. It finds this file because this | file is among those declared in the context parameter "contextConfigLocation". | | By far the most common change you will need to make in this file is to change the last bean | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing your approach for authenticating usernames and passwords. +--> <beans> <!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, | "authenticationManager". Most deployers will be able to use the default AuthenticationManager | implementation and so do not need to change the class of this bean. We include the whole | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will | need to change in context. +--> <bean id="authenticationManager" class=" org.jasig.cas.authentication.AuthenticationManagerImpl"> <!-- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which | supports the presented credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are | using. | | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. | You will need to change this list if you are identifying services by something more or other than their callback URL. +--> <property name="credentialsToPrincipalResolvers"> <list> <!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login | by default and produces SimplePrincipal instances conveying the username from the credentials. | | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the | Credentials you are using. +--> <bean class=" org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a | SimpleService identified by that callback URL. | | If you are representing services by something more or other than an HTTPS URL whereat they are able to | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). +--> <bean class=" org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn | until it finds one that both supports the Credentials presented and succeeds in authenticating. +--> <property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class=" org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" /> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <bean class=" org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"> <property name="filter" value="sAMAccountName=%u" /> <property name="searchBase" value="[DELETED]" /> <property name="contextSource" ref="contextSource" /> <property name="ignorePartialResultException" value="yes" /> <!-- fix because of how AD returns results --> </bean> </list> </property> </bean> <bean id="contextSource" class=" org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="anonymousReadOnly" value="false" /> <property name="pooled" value="true" /> <property name="urls"> <list> <value>ldap://[DELETED]</value> </list> </property> <property name="userName" value="[DELETED]" /> <property name="password" value="[DELETED]" /> <property name="baseEnvironmentProperties"> <map> <entry> <key><value> java.naming.security.protocol</value></key> <value>ssl</value> </entry> <entry> <key><value> java.naming.security.authentication</value></key> <value>simple</value> </entry> </map> </property> </bean> </beans> On Dec 3, 2007 10:06 AM, Smith, Matt <[EMAIL PROTECTED]> wrote: > I'd recommend either using CAS' LDAP support and doing an LDAP Bind > against AD, or using CAS' JAASAuthenticationHandler and a JAAS config > for Kerberos similar to the one in the IBM article you referenced. > Check out the CAS wiki for more info on both of these. > > HTH, > -Matt > > On Mon, 2007-12-03 at 09:46 -0600, Jonathan Hayward > http://JonathansCorner.com wrote: > > I want to get CAS to authenticate against Active Directory > > username/password pairs. > > > > I was looking at Build and Implement a single sign-on solution at > > http://www.ibm.com/developerworks/web/library/wa-singlesign/ ; it > > seems to describe what I want, but it is from 2003 and I want to work > > with current software versions. The author provides a ZIP at > > > http://download.boulder.ibm.com/ibmdl/pub/software/dw/library/wa-singlesign/KerberosAuthSrc.zip, > and > KerberosAuthHandler.java didn't compile. (It implements interface > PasswordHandler, possibly from package edu.yale.its.tp.cas.auth , and I > have been having trouble finding the interface.) > > > > How should I be going about this? Should I be taking another approach, > > or can some details be changed while I use the basic approach at > > http://www.ibm.com/developerworks/web/library/wa-singlesign/ ? > > > > RTFM links would be appreciated; I've been having trouble finding > > them. > > > > -- > > ++ Jonathan Hayward, [EMAIL PROTECTED] > > ** To see an award-winning website with stories, essays, artwork, > > ** games, and a four-dimensional maze, why not visit my home page? > > ** All of this is waiting for you at http://JonathansCorner.com > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > -- > Matt Smith > [EMAIL PROTECTED] > University Information Technology Services (UITS) > University of Connecticut > PGP Key ID: 0xE9C5244E > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- ++ Jonathan Hayward, [EMAIL PROTECTED] ** To see an award-winning website with stories, essays, artwork, ** games, and a four-dimensional maze, why not visit my home page? ** All of this is waiting for you at http://JonathansCorner.com
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
