One other question: If I'm supposed to be building CAS, how should I be building it? The only build.xml I found was cas-server-webapp/src/test/webtest/build.xml . Have I checked out something other than what I should have been working off of?
On Dec 3, 2007 1:34 PM, Jonathan Hayward http://JonathansCorner.com < [EMAIL PROTECTED]> wrote: > > On Dec 3, 2007 12:01 PM, Scott Battaglia <[EMAIL PROTECTED]> > wrote: > > > Did you include the required dependency in the pom file, as detailed at > > the top of the LDAP page? > > > > "In the pom.xml file for your CAS webapp (the default is > ${project.home}/cas-server-webapp/pom.xml) > add the following dependency:" > > I looked and the only cas-server-webapp/pom.xml on my machine is from my > SVN checkout as CAS; I haven't found a "pom.xml file for my CAS webapp" > anywhere associated with my installation. > > Should I be copying the modified pom.xml (presently at the location above) > to someplace that does not yet have any pom.xml file? The only > cas-server-webapp directory I have is with the SVN source checkout. > > > > > > -Scott > > > > > > On Dec 3, 2007 12:36 PM, Jonathan Hayward http://JonathansCorner.com < > > [EMAIL PROTECTED]> wrote: > > > > > Thank you. I'm having another difficulty; I'm working from the > > > instructions at > > > http://www.ja-sig.org/wiki/display/CAS/Examples+to+Configure+CAS > > > and http://www.ja-sig.org/wiki/display/CASUM/LDAP : > > > > > > 17:26:02,589 INFO [STDOUT] 2007-12-03 17:26:02,589 ERROR [ > > > org.apache.catalina.core.ContainerBase > > > .[jboss.web].[localhost].[/cas-web]] > > > - <SafeDispatcherServlet: > > > The Spring DispatcherServlet we wrap threw on init. > > > But for our having caught this error, the servlet would not have > > > initialized.> > > > org.springframework.beans.factory.BeanDefinitionStoreException : Error > > > registering bean with name 'contextSource' defined in ServletContext > > > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [ > > > org.jasig.cas.adaptors.ldap.util.Authe > > > nticatedLdapContextSource] not found; nested exception is > > > java.lang.ClassNotFoundException: > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource > > > Caused by: > > > java.lang.ClassNotFoundException: > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource > > > [snip] > > > > > > My current draft of deployerConfigContext.xml reads as below. Do any > > > errors jump out? > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" " > > > http://www.springframework.org/dtd/spring-beans.dtd";> > > > <!-- > > > | deployerConfigContext.xml centralizes into one file some of > > > the declarative configuration that > > > | all CAS deployers will need to modify. > > > | > > > | This file declares some of the Spring-managed JavaBeans that > > > make up a CAS deployment. > > > | The beans declared in this file are instantiated at context > > > initialization time by the Spring > > > | ContextLoaderListener declared in web.xml. It finds this > > > file because this > > > | file is among those declared in the context parameter > > > "contextConfigLocation". > > > | > > > | By far the most common change you will need to make in this > > > file is to change the last bean > > > | declaration to replace the default > > > SimpleTestUsernamePasswordAuthenticationHandler with > > > | one implementing your approach for authenticating usernames > > > and passwords. > > > +--> > > > <beans> > > > <!-- > > > | This bean declares our AuthenticationManager. The > > > CentralAuthenticationService service bean > > > | declared in applicationContext.xml picks up this > > > AuthenticationManager by reference to its id, > > > | "authenticationManager". Most deployers will be > > > able to use the default AuthenticationManager > > > | implementation and so do not need to change the > > > class of this bean. We include the whole > > > | AuthenticationManager here in the > > > userConfigContext.xml so that you can see the things you will > > > | need to change in context. > > > +--> > > > <bean id="authenticationManager" > > > class=" > > > org.jasig.cas.authentication.AuthenticationManagerImpl"> > > > <!-- > > > | This is the List of > > > CredentialToPrincipalResolvers that identify what Principal is trying to > > > authenticate. > > > | The AuthenticationManagerImpl considers them > > > in order, finding a CredentialToPrincipalResolver which > > > | supports the presented credentials. > > > | > > > | AuthenticationManagerImpl uses these > > > resolvers for two purposes. First, it uses them to identify the Principal > > > | attempting to authenticate to CAS /login . > > > In the default configuration, it is the > > > DefaultCredentialsToPrincipalResolver > > > | that fills this role. If you are using some > > > other kind of credentials than UsernamePasswordCredentials, you will need > > > to > > > replace > > > | DefaultCredentialsToPrincipalResolver with a > > > CredentialsToPrincipalResolver that supports the credentials you are > > > | using. > > > | > > > | Second, AuthenticationManagerImpl uses these > > > resolvers to identify a service requesting a proxy granting ticket. > > > | In the default configuration, it is the > > > HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. > > > | You will need to change this list if you are > > > identifying services by something more or other than their callback URL. > > > +--> > > > <property name="credentialsToPrincipalResolvers"> > > > <list> > > > <!-- > > > | > > > UsernamePasswordCredentialsToPrincipalResolver supports the > > > UsernamePasswordCredentials that we use for /login > > > | by default and produces > > > SimplePrincipal instances conveying the username from the credentials. > > > | > > > | If you've changed your > > > LoginFormAction to use credentials other than UsernamePasswordCredentials > > > then you will also > > > | need to change this bean > > > declaration (or add additional declarations) to declare a > > > CredentialsToPrincipalResolver that supports the > > > | Credentials you are using. > > > +--> > > > <bean > > > class=" > > > org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > > > /> > > > <!-- > > > | > > > HttpBasedServiceCredentialsToPrincipalResolver supports > > > HttpBasedCredentials. It supports the CAS 2.0 approach of > > > | authenticating services by > > > SSL callback, extracting the callback URL from the Credentials and > > > representing it as a > > > | SimpleService identified by > > > that callback URL. > > > | > > > | If you are representing > > > services by something more or other than an HTTPS URL whereat they are > > > able > > > to > > > | receive a proxy callback, > > > you will need to change this bean declaration (or add additional > > > declarations). > > > +--> > > > <bean > > > class=" > > > org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" > > > /> > > > </list> > > > </property> > > > > > > <!-- > > > | Whereas CredentialsToPrincipalResolvers > > > identify who it is some Credentials might authenticate, > > > | AuthenticationHandlers actually authenticate > > > credentials. Here we declare the AuthenticationHandlers that > > > | authenticate the Principals that the > > > CredentialsToPrincipalResolvers identified. CAS will try these handlers > > > in > > > turn > > > | until it finds one that both supports the > > > Credentials presented and succeeds in authenticating. > > > +--> > > > <property name="authenticationHandlers"> > > > <list> > > > <!-- > > > | This is the authentication > > > handler that authenticates services by means of callback via SSL, thereby > > > validating > > > | a server side SSL > > > certificate. > > > +--> > > > <bean > > > class=" > > > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > > > /> > > > > > > <!-- > > > | This is the authentication > > > handler declaration that every CAS deployer will need to change before > > > deploying CAS > > > | into production. The > > > default SimpleTestUsernamePasswordAuthenticationHandler authenticates > > > UsernamePasswordCredentials > > > | where the username equals > > > the password. You will need to replace this with an AuthenticationHandler > > > that implements your > > > | local authentication > > > strategy. You might accomplish this by coding a new such handler and > > > declaring > > > | > > > edu.someschool.its.cas.MySpecialHandler here, or you might use one of > > > the handlers provided in the adaptors modules. > > > +--> > > > <bean class=" > > > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler "> > > > <property name="filter" > > > value="sAMAccountName=%u" /> > > > <property name="searchBase" > > > value="[DELETED]" /> > > > <property name="contextSource" > > > ref="contextSource" /> > > > <property > > > name="ignorePartialResultException" value="yes" /> <!-- fix because of how > > > AD returns results --> > > > </bean> > > > > > > > > > </list> > > > </property> > > > </bean> > > > > > > <bean id="contextSource" class=" > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> > > > <property name="anonymousReadOnly" value="false" /> > > > <property name="pooled" value="true" /> > > > <property name="urls"> > > > <list> > > > <value>ldap://[DELETED]</value> > > > </list> > > > </property> > > > <property name="userName" value="[DELETED]" /> > > > <property name="password" value="[DELETED]" /> > > > <property name="baseEnvironmentProperties"> > > > <map> > > > <entry> > > > <key><value> > > > java.naming.security.protocol</value></key> > > > <value>ssl</value> > > > </entry> > > > <entry> > > > <key><value> > > > java.naming.security.authentication</value></key> > > > <value>simple</value> > > > </entry> > > > </map> > > > </property> > > > </bean> > > > > > > </beans> > > > > > > On Dec 3, 2007 10:06 AM, Smith, Matt < [EMAIL PROTECTED]> wrote: > > > > > > > I'd recommend either using CAS' LDAP support and doing an LDAP Bind > > > > against AD, or using CAS' JAASAuthenticationHandler and a JAAS > > > > config > > > > for Kerberos similar to the one in the IBM article you referenced. > > > > Check out the CAS wiki for more info on both of these. > > > > > > > > HTH, > > > > -Matt > > > > > > > > On Mon, 2007-12-03 at 09:46 -0600, Jonathan Hayward > > > > http://JonathansCorner.com wrote: > > > > > I want to get CAS to authenticate against Active Directory > > > > > username/password pairs. > > > > > > > > > > I was looking at Build and Implement a single sign-on solution at > > > > > http://www.ibm.com/developerworks/web/library/wa-singlesign/ ; it > > > > > seems to describe what I want, but it is from 2003 and I want to > > > > work > > > > > with current software versions. The author provides a ZIP at > > > > > > > > > http://download.boulder.ibm.com/ibmdl/pub/software/dw/library/wa-singlesign/KerberosAuthSrc.zip, > > > > and > > > > KerberosAuthHandler.java didn't compile. (It implements interface > > > > PasswordHandler, possibly from package edu.yale.its.tp.cas.auth , > > > > and I have been having trouble finding the interface.) > > > > > > > > > > How should I be going about this? Should I be taking another > > > > approach, > > > > > or can some details be changed while I use the basic approach at > > > > > http://www.ibm.com/developerworks/web/library/wa-singlesign/ ? > > > > > > > > > > RTFM links would be appreciated; I've been having trouble finding > > > > > them. > > > > > > > > > > -- > > > > > ++ Jonathan Hayward, [EMAIL PROTECTED] > > > > > ** To see an award-winning website with stories, essays, artwork, > > > > > ** games, and a four-dimensional maze, why not visit my home page? > > > > > > > > > ** All of this is waiting for you at http://JonathansCorner.com > > > > > _______________________________________________ > > > > > Yale CAS mailing list > > > > > [email protected] > > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > -- > > > > Matt Smith > > > > [EMAIL PROTECTED] > > > > University Information Technology Services (UITS) > > > > University of Connecticut > > > > PGP Key ID: 0xE9C5244E > > > > > > > > _______________________________________________ > > > > Yale CAS mailing list > > > > [email protected] > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > > > > -- > > > > > > ++ Jonathan Hayward, [EMAIL PROTECTED] > > > ** To see an award-winning website with stories, essays, artwork, > > > ** games, and a four-dimensional maze, why not visit my home page? > > > ** All of this is waiting for you at http://JonathansCorner.com > > > > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > -- > > -Scott Battaglia > > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > -- > ++ Jonathan Hayward, [EMAIL PROTECTED] > ** To see an award-winning website with stories, essays, artwork, > ** games, and a four-dimensional maze, why not visit my home page? > ** All of this is waiting for you at http://JonathansCorner.com > -- ++ Jonathan Hayward, [EMAIL PROTECTED] ** To see an award-winning website with stories, essays, artwork, ** games, and a four-dimensional maze, why not visit my home page? ** All of this is waiting for you at http://JonathansCorner.com
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
