Hi, me again... :)
Got CAS working with Spring Security, providing I use an in-memory
user-service. All good.
When I use an ldap-user-service to get my roles, I authenticate OK, but I just
get dumped to a Tomcat 403 page.
To determine if my app was making the rejection, I removed all filters except
the CAS one, but added a new one to the start of the chain with some debug.
It's not getting called at all.
All looks good at the CAS side (see output below) - it's granting me a ticket
for my app. But something is blocking me at the last hurdle. Anyone know what
it could be?
**************
2008-05-08 12:37:01,360 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<Granted service ticket [ST-1-XNUBA3eFkRCjIe6nTrBs-cas] for service
[http://mycomputer:8080/MQS4/j_spring_cas_security_check] for user
[richard.gundersen]>
May 8, 2008 12:37:02 PM org.apache.tomcat.util.http.Parameters processParameters
WARNING: Parameters: Invalid chunk ignored.
**************
Here's my LDAP config in case it's useful:
**************
<bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<sec:custom-authentication-provider />
<property name="userDetailsService" ref="userService"/>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://mycomputer/cas"; />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>
<bean id="serviceProperties"
class="org.springframework.security.ui.cas.ServiceProperties">
<property name="service"
value="http://mycomputer:8080/MQS4/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>
<sec:ldap-server id="ldapServer" url="ldap://mycompany.com:13060/";
manager-dn="cn=adminusername,cn=Users,dc=mycompany,dc=com"
manager-password="somepassword" />
<sec:ldap-user-service id="userService" server-ref="ldapServer"
group-search-base="cn=Groups,dc=mycompany,dc=com" group-role-attribute="cn"
group-search-filter="(uniquemember={0})"
user-search-base="cn=Users,dc=mycompany,dc=com" user-search-filter="(uid={0})"
/>
**************
Thanks (again)
Richard
_________________________________________________________________
All new Live Search at Live.com
http://clk.atdmt.com/UKM/go/msnnkmgl0010000006ukm/direct/01/_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
