On Dec 3, 2007 12:01 PM, Scott Battaglia <[EMAIL PROTECTED]> wrote:
> Did you include the required dependency in the pom file, as detailed at
> the top of the LDAP page?
>
"In the pom.xml file for your CAS webapp (the default is
${project.home}/cas-server-webapp/pom.xml)
add the following dependency:"
I looked and the only cas-server-webapp/pom.xml on my machine is from my SVN
checkout as CAS; I haven't found a "pom.xml file for my CAS webapp" anywhere
associated with my installation.
Should I be copying the modified pom.xml (presently at the location above)
to someplace that does not yet have any pom.xml file? The only
cas-server-webapp directory I have is with the SVN source checkout.
>
> -Scott
>
>
> On Dec 3, 2007 12:36 PM, Jonathan Hayward http://JonathansCorner.com <
> [EMAIL PROTECTED]> wrote:
>
> > Thank you. I'm having another difficulty; I'm working from the
> > instructions at
> > http://www.ja-sig.org/wiki/display/CAS/Examples+to+Configure+CAS
> > and http://www.ja-sig.org/wiki/display/CASUM/LDAP :
> >
> > 17:26:02,589 INFO [STDOUT] 2007-12-03 17:26:02,589 ERROR [
> > org.apache.catalina.core.ContainerBase .[jboss.web].[localhost].[/cas-web]]
> > - <SafeDispatcherServlet:
> > The Spring DispatcherServlet we wrap threw on init.
> > But for our having caught this error, the servlet would not have
> > initialized.>
> > org.springframework.beans.factory.BeanDefinitionStoreException : Error
> > registering bean with name 'contextSource' defined in ServletContext
> > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
> > org.jasig.cas.adaptors.ldap.util.Authe
> > nticatedLdapContextSource] not found; nested exception is
> > java.lang.ClassNotFoundException:
> > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > Caused by:
> > java.lang.ClassNotFoundException:
> > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > [snip]
> >
> > My current draft of deployerConfigContext.xml reads as below. Do any
> > errors jump out?
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "
> > http://www.springframework.org/dtd/spring-beans.dtd";>
> > <!--
> > | deployerConfigContext.xml centralizes into one file some of
> > the declarative configuration that
> > | all CAS deployers will need to modify.
> > |
> > | This file declares some of the Spring-managed JavaBeans that
> > make up a CAS deployment.
> > | The beans declared in this file are instantiated at context
> > initialization time by the Spring
> > | ContextLoaderListener declared in web.xml. It finds this file
> > because this
> > | file is among those declared in the context parameter
> > "contextConfigLocation".
> > |
> > | By far the most common change you will need to make in this
> > file is to change the last bean
> > | declaration to replace the default
> > SimpleTestUsernamePasswordAuthenticationHandler with
> > | one implementing your approach for authenticating usernames
> > and passwords.
> > +-->
> > <beans>
> > <!--
> > | This bean declares our AuthenticationManager. The
> > CentralAuthenticationService service bean
> > | declared in applicationContext.xml picks up this
> > AuthenticationManager by reference to its id,
> > | "authenticationManager". Most deployers will be able
> > to use the default AuthenticationManager
> > | implementation and so do not need to change the class
> > of this bean. We include the whole
> > | AuthenticationManager here in the
> > userConfigContext.xml so that you can see the things you will
> > | need to change in context.
> > +-->
> > <bean id="authenticationManager"
> > class="
> > org.jasig.cas.authentication.AuthenticationManagerImpl">
> > <!--
> > | This is the List of
> > CredentialToPrincipalResolvers that identify what Principal is trying to
> > authenticate.
> > | The AuthenticationManagerImpl considers them
> > in order, finding a CredentialToPrincipalResolver which
> > | supports the presented credentials.
> > |
> > | AuthenticationManagerImpl uses these resolvers
> > for two purposes. First, it uses them to identify the Principal
> > | attempting to authenticate to CAS /login . In
> > the default configuration, it is the DefaultCredentialsToPrincipalResolver
> > | that fills this role. If you are using some
> > other kind of credentials than UsernamePasswordCredentials, you will need to
> > replace
> > | DefaultCredentialsToPrincipalResolver with a
> > CredentialsToPrincipalResolver that supports the credentials you are
> > | using.
> > |
> > | Second, AuthenticationManagerImpl uses these
> > resolvers to identify a service requesting a proxy granting ticket.
> > | In the default configuration, it is the
> > HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
> > | You will need to change this list if you are
> > identifying services by something more or other than their callback URL.
> > +-->
> > <property name="credentialsToPrincipalResolvers">
> > <list>
> > <!--
> > |
> > UsernamePasswordCredentialsToPrincipalResolver supports the
> > UsernamePasswordCredentials that we use for /login
> > | by default and produces
> > SimplePrincipal instances conveying the username from the credentials.
> > |
> > | If you've changed your
> > LoginFormAction to use credentials other than UsernamePasswordCredentials
> > then you will also
> > | need to change this bean
> > declaration (or add additional declarations) to declare a
> > CredentialsToPrincipalResolver that supports the
> > | Credentials you are using.
> > +-->
> > <bean
> > class="
> > org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> > />
> > <!--
> > |
> > HttpBasedServiceCredentialsToPrincipalResolver supports
> > HttpBasedCredentials. It supports the CAS 2.0 approach of
> > | authenticating services by SSL
> > callback, extracting the callback URL from the Credentials and representing
> > it as a
> > | SimpleService identified by
> > that callback URL.
> > |
> > | If you are representing
> > services by something more or other than an HTTPS URL whereat they are able
> > to
> > | receive a proxy callback, you
> > will need to change this bean declaration (or add additional declarations).
> > +-->
> > <bean
> > class="
> > org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> > />
> > </list>
> > </property>
> >
> > <!--
> > | Whereas CredentialsToPrincipalResolvers
> > identify who it is some Credentials might authenticate,
> > | AuthenticationHandlers actually authenticate
> > credentials. Here we declare the AuthenticationHandlers that
> > | authenticate the Principals that the
> > CredentialsToPrincipalResolvers identified. CAS will try these handlers in
> > turn
> > | until it finds one that both supports the
> > Credentials presented and succeeds in authenticating.
> > +-->
> > <property name="authenticationHandlers">
> > <list>
> > <!--
> > | This is the authentication
> > handler that authenticates services by means of callback via SSL, thereby
> > validating
> > | a server side SSL certificate.
> > +-->
> > <bean
> > class="
> > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> > />
> >
> > <!--
> > | This is the authentication
> > handler declaration that every CAS deployer will need to change before
> > deploying CAS
> > | into production. The default
> > SimpleTestUsernamePasswordAuthenticationHandler authenticates
> > UsernamePasswordCredentials
> > | where the username equals the
> > password. You will need to replace this with an AuthenticationHandler that
> > implements your
> > | local authentication
> > strategy. You might accomplish this by coding a new such handler and
> > declaring
> > |
> > edu.someschool.its.cas.MySpecialHandler here, or you might use one of
> > the handlers provided in the adaptors modules.
> > +-->
> > <bean class="
> > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler ">
> > <property name="filter"
> > value="sAMAccountName=%u" />
> > <property name="searchBase"
> > value="[DELETED]" />
> > <property name="contextSource"
> > ref="contextSource" />
> > <property
> > name="ignorePartialResultException" value="yes" /> <!-- fix because of how
> > AD returns results -->
> > </bean>
> >
> >
> > </list>
> > </property>
> > </bean>
> >
> > <bean id="contextSource" class="
> > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> > <property name="anonymousReadOnly" value="false" />
> > <property name="pooled" value="true" />
> > <property name="urls">
> > <list>
> > <value>ldap://[DELETED]</value>
> > </list>
> > </property>
> > <property name="userName" value="[DELETED]" />
> > <property name="password" value="[DELETED]" />
> > <property name="baseEnvironmentProperties">
> > <map>
> > <entry>
> > <key><value>
> > java.naming.security.protocol</value></key>
> > <value>ssl</value>
> > </entry>
> > <entry>
> > <key><value>
> > java.naming.security.authentication</value></key>
> > <value>simple</value>
> > </entry>
> > </map>
> > </property>
> > </bean>
> >
> > </beans>
> >
> > On Dec 3, 2007 10:06 AM, Smith, Matt < [EMAIL PROTECTED]> wrote:
> >
> > > I'd recommend either using CAS' LDAP support and doing an LDAP Bind
> > > against AD, or using CAS' JAASAuthenticationHandler and a JAAS config
> > > for Kerberos similar to the one in the IBM article you referenced.
> > > Check out the CAS wiki for more info on both of these.
> > >
> > > HTH,
> > > -Matt
> > >
> > > On Mon, 2007-12-03 at 09:46 -0600, Jonathan Hayward
> > > http://JonathansCorner.com wrote:
> > > > I want to get CAS to authenticate against Active Directory
> > > > username/password pairs.
> > > >
> > > > I was looking at Build and Implement a single sign-on solution at
> > > > http://www.ibm.com/developerworks/web/library/wa-singlesign/ ; it
> > > > seems to describe what I want, but it is from 2003 and I want to
> > > work
> > > > with current software versions. The author provides a ZIP at
> > > >
> > > http://download.boulder.ibm.com/ibmdl/pub/software/dw/library/wa-singlesign/KerberosAuthSrc.zip,
> > > and
> > > KerberosAuthHandler.java didn't compile. (It implements interface
> > > PasswordHandler, possibly from package edu.yale.its.tp.cas.auth , and
> > > I have been having trouble finding the interface.)
> > > >
> > > > How should I be going about this? Should I be taking another
> > > approach,
> > > > or can some details be changed while I use the basic approach at
> > > > http://www.ibm.com/developerworks/web/library/wa-singlesign/ ?
> > > >
> > > > RTFM links would be appreciated; I've been having trouble finding
> > > > them.
> > > >
> > > > --
> > > > ++ Jonathan Hayward, [EMAIL PROTECTED]
> > > > ** To see an award-winning website with stories, essays, artwork,
> > > > ** games, and a four-dimensional maze, why not visit my home page?
> > > > ** All of this is waiting for you at http://JonathansCorner.com
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > [email protected]
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > --
> > > Matt Smith
> > > [EMAIL PROTECTED]
> > > University Information Technology Services (UITS)
> > > University of Connecticut
> > > PGP Key ID: 0xE9C5244E
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > [email protected]
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> >
> >
> > --
> >
> > ++ Jonathan Hayward, [EMAIL PROTECTED]
> > ** To see an award-winning website with stories, essays, artwork,
> > ** games, and a four-dimensional maze, why not visit my home page?
> > ** All of this is waiting for you at http://JonathansCorner.com
> >
> > _______________________________________________
> > Yale CAS mailing list
> > [email protected]
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
++ Jonathan Hayward, [EMAIL PROTECTED]
** To see an award-winning website with stories, essays, artwork,
** games, and a four-dimensional maze, why not visit my home page?
** All of this is waiting for you at http://JonathansCorner.com
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
