Richard, If you turn on DEBUG in your log4j properties for Spring Security, you'll get a huge amount of information, which should lead you to where it is failing. I will warn you that it is A LOT of information and can be difficult to walk through, but it generally does eventually lead to the result (I've done it a bunch of times).
-Scott On Thu, May 8, 2008 at 7:43 AM, Richard Gundersen < [EMAIL PROTECTED]> wrote: > Hi, me again... :) > > Got CAS working with Spring Security, providing I use an in-memory > user-service. All good. > > When I use an ldap-user-service to get my roles, I authenticate OK, but I > just get dumped to a Tomcat 403 page. > > To determine if my app was making the rejection, I removed all filters > except the CAS one, but added a new one to the start of the chain with some > debug. It's not getting called at all. > > All looks good at the CAS side (see output below) - it's granting me a > ticket for my app. But something is blocking me at the last hurdle. Anyone > know what it could be? > > ************** > 2008-05-08 12:37:01,360 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket > [ST-1-XNUBA3eFkRCjIe6nTrBs-cas] for service [ > http://mycomputer:8080/MQS4/j_spring_cas_security_check] for user > [richard.gundersen]> > May 8, 2008 12:37:02 PM org.apache.tomcat.util.http.Parameters > processParameters > WARNING: Parameters: Invalid chunk ignored. > ************** > > Here's my LDAP config in case it's useful: > > ************** > <bean id="casAuthenticationProvider" > class="org.springframework.security.providers.cas.CasAuthenticationProvider"> > <sec:custom-authentication-provider /> > <property name="userDetailsService" ref="userService"/> > <property name="serviceProperties" ref="serviceProperties" /> > <property name="ticketValidator"> > <bean > class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> > <constructor-arg index="0" value="https://mycomputer/cas"; > /> > </bean> > </property> > <property name="key" value="an_id_for_this_auth_provider_only"/> > </bean> > > <bean id="serviceProperties" > class="org.springframework.security.ui.cas.ServiceProperties"> > <property name="service" value=" > http://mycomputer:8080/MQS4/j_spring_cas_security_check"/> > <property name="sendRenew" value="false"/> > </bean> > > <sec:ldap-server id="ldapServer" url="ldap://mycompany.com:13060/"; > manager-dn="cn=adminusername,cn=Users,dc=mycompany,dc=com" > manager-password="somepassword" /> > > <sec:ldap-user-service id="userService" server-ref="ldapServer" > group-search-base="cn=Groups,dc=mycompany,dc=com" group-role-attribute="cn" > group-search-filter="(uniquemember={0})" > user-search-base="cn=Users,dc=mycompany,dc=com" > user-search-filter="(uid={0})" /> > ************** > > Thanks (again) > > Richard > > > > ------------------------------ > Miss your Messenger buddies when on-the-go? Get Messenger on your > Mobile!<http://clk.atdmt.com/UKM/go/msnnkmgl0010000001ukm/direct/01/> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
