Did you include the required dependency in the pom file, as detailed at the top of the LDAP page?
-Scott On Dec 3, 2007 12:36 PM, Jonathan Hayward http://JonathansCorner.com < [EMAIL PROTECTED]> wrote: > Thank you. I'm having another difficulty; I'm working from the > instructions at > http://www.ja-sig.org/wiki/display/CAS/Examples+to+Configure+CAS > and http://www.ja-sig.org/wiki/display/CASUM/LDAP : > > 17:26:02,589 INFO [STDOUT] 2007-12-03 17:26:02,589 ERROR [ > org.apache.catalina.core.ContainerBase .[jboss.web].[localhost].[/cas-web]] > - <SafeDispatcherServlet: > The Spring DispatcherServlet we wrap threw on init. > But for our having caught this error, the servlet would not have > initialized.> > org.springframework.beans.factory.BeanDefinitionStoreException : Error > registering bean with name 'contextSource' defined in ServletContext > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [ > org.jasig.cas.adaptors.ldap.util.Authe > nticatedLdapContextSource] not found; nested exception is > java.lang.ClassNotFoundException: > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource > Caused by: > java.lang.ClassNotFoundException: > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource > [snip] > > My current draft of deployerConfigContext.xml reads as below. Do any > errors jump out? > > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" " > http://www.springframework.org/dtd/spring-beans.dtd";> > <!-- > | deployerConfigContext.xml centralizes into one file some of the > declarative configuration that > | all CAS deployers will need to modify. > | > | This file declares some of the Spring-managed JavaBeans that > make up a CAS deployment. > | The beans declared in this file are instantiated at context > initialization time by the Spring > | ContextLoaderListener declared in web.xml. It finds this file > because this > | file is among those declared in the context parameter > "contextConfigLocation". > | > | By far the most common change you will need to make in this file > is to change the last bean > | declaration to replace the default > SimpleTestUsernamePasswordAuthenticationHandler with > | one implementing your approach for authenticating usernames and > passwords. > +--> > <beans> > <!-- > | This bean declares our AuthenticationManager. The > CentralAuthenticationService service bean > | declared in applicationContext.xml picks up this > AuthenticationManager by reference to its id, > | "authenticationManager". Most deployers will be able to > use the default AuthenticationManager > | implementation and so do not need to change the class of > this bean. We include the whole > | AuthenticationManager here in the userConfigContext.xmlso > that you can see the things you will > | need to change in context. > +--> > <bean id="authenticationManager" > class=" > org.jasig.cas.authentication.AuthenticationManagerImpl"> > <!-- > | This is the List of > CredentialToPrincipalResolvers that identify what Principal is trying to > authenticate. > | The AuthenticationManagerImpl considers them in > order, finding a CredentialToPrincipalResolver which > | supports the presented credentials. > | > | AuthenticationManagerImpl uses these resolvers > for two purposes. First, it uses them to identify the Principal > | attempting to authenticate to CAS /login . In > the default configuration, it is the DefaultCredentialsToPrincipalResolver > | that fills this role. If you are using some > other kind of credentials than UsernamePasswordCredentials, you will need to > replace > | DefaultCredentialsToPrincipalResolver with a > CredentialsToPrincipalResolver that supports the credentials you are > | using. > | > | Second, AuthenticationManagerImpl uses these > resolvers to identify a service requesting a proxy granting ticket. > | In the default configuration, it is the > HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. > | You will need to change this list if you are > identifying services by something more or other than their callback URL. > +--> > <property name="credentialsToPrincipalResolvers"> > <list> > <!-- > | > UsernamePasswordCredentialsToPrincipalResolver supports the > UsernamePasswordCredentials that we use for /login > | by default and produces > SimplePrincipal instances conveying the username from the credentials. > | > | If you've changed your > LoginFormAction to use credentials other than UsernamePasswordCredentials > then you will also > | need to change this bean > declaration (or add additional declarations) to declare a > CredentialsToPrincipalResolver that supports the > | Credentials you are using. > +--> > <bean > class=" > org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > /> > <!-- > | > HttpBasedServiceCredentialsToPrincipalResolver supports > HttpBasedCredentials. It supports the CAS 2.0 approach of > | authenticating services by SSL > callback, extracting the callback URL from the Credentials and representing > it as a > | SimpleService identified by that > callback URL. > | > | If you are representing services > by something more or other than an HTTPS URL whereat they are able to > | receive a proxy callback, you > will need to change this bean declaration (or add additional declarations). > +--> > <bean > class=" > org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" > /> > </list> > </property> > > <!-- > | Whereas CredentialsToPrincipalResolvers identify > who it is some Credentials might authenticate, > | AuthenticationHandlers actually authenticate > credentials. Here we declare the AuthenticationHandlers that > | authenticate the Principals that the > CredentialsToPrincipalResolvers identified. CAS will try these handlers in > turn > | until it finds one that both supports the > Credentials presented and succeeds in authenticating. > +--> > <property name="authenticationHandlers"> > <list> > <!-- > | This is the authentication > handler that authenticates services by means of callback via SSL, thereby > validating > | a server side SSL certificate. > +--> > <bean > class=" > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > /> > > <!-- > | This is the authentication > handler declaration that every CAS deployer will need to change before > deploying CAS > | into production. The default > SimpleTestUsernamePasswordAuthenticationHandler authenticates > UsernamePasswordCredentials > | where the username equals the > password. You will need to replace this with an AuthenticationHandler that > implements your > | local authentication strategy. > You might accomplish this by coding a new such handler and declaring > | > edu.someschool.its.cas.MySpecialHandler here, or you might use one of the > handlers provided in the adaptors modules. > +--> > <bean class=" > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler "> > <property name="filter" > value="sAMAccountName=%u" /> > <property name="searchBase" > value="[DELETED]" /> > <property name="contextSource" > ref="contextSource" /> > <property > name="ignorePartialResultException" value="yes" /> <!-- fix because of how > AD returns results --> > </bean> > > > </list> > </property> > </bean> > > <bean id="contextSource" class=" > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > <property name="anonymousReadOnly" value="false" /> > <property name="pooled" value="true" /> > <property name="urls"> > <list> > <value>ldap://[DELETED]</value> > </list> > </property> > <property name="userName" value="[DELETED]" /> > <property name="password" value="[DELETED]" /> > <property name="baseEnvironmentProperties"> > <map> > <entry> > <key><value> > java.naming.security.protocol</value></key> > <value>ssl</value> > </entry> > <entry> > <key><value> > java.naming.security.authentication</value></key> > <value>simple</value> > </entry> > </map> > </property> > </bean> > > </beans> > > On Dec 3, 2007 10:06 AM, Smith, Matt < [EMAIL PROTECTED]> wrote: > > > I'd recommend either using CAS' LDAP support and doing an LDAP Bind > > against AD, or using CAS' JAASAuthenticationHandler and a JAAS config > > for Kerberos similar to the one in the IBM article you referenced. > > Check out the CAS wiki for more info on both of these. > > > > HTH, > > -Matt > > > > On Mon, 2007-12-03 at 09:46 -0600, Jonathan Hayward > > http://JonathansCorner.com wrote: > > > I want to get CAS to authenticate against Active Directory > > > username/password pairs. > > > > > > I was looking at Build and Implement a single sign-on solution at > > > http://www.ibm.com/developerworks/web/library/wa-singlesign/ ; it > > > seems to describe what I want, but it is from 2003 and I want to work > > > with current software versions. The author provides a ZIP at > > > > > http://download.boulder.ibm.com/ibmdl/pub/software/dw/library/wa-singlesign/KerberosAuthSrc.zip, > > and > > KerberosAuthHandler.java didn't compile. (It implements interface > > PasswordHandler, possibly from package edu.yale.its.tp.cas.auth , and I > > have been having trouble finding the interface.) > > > > > > How should I be going about this? Should I be taking another approach, > > > or can some details be changed while I use the basic approach at > > > http://www.ibm.com/developerworks/web/library/wa-singlesign/ ? > > > > > > RTFM links would be appreciated; I've been having trouble finding > > > them. > > > > > > -- > > > ++ Jonathan Hayward, [EMAIL PROTECTED] > > > ** To see an award-winning website with stories, essays, artwork, > > > ** games, and a four-dimensional maze, why not visit my home page? > > > ** All of this is waiting for you at http://JonathansCorner.com > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > -- > > Matt Smith > > [EMAIL PROTECTED] > > University Information Technology Services (UITS) > > University of Connecticut > > PGP Key ID: 0xE9C5244E > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > -- > > ++ Jonathan Hayward, [EMAIL PROTECTED] > ** To see an award-winning website with stories, essays, artwork, > ** games, and a four-dimensional maze, why not visit my home page? > ** All of this is waiting for you at http://JonathansCorner.com > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
