Thanks Andrew
Yes, all my applications are role based autorization using JAAS framework
inside strust, tiles and taglibs.
So my need is that I want to have a CAS server running let say in W1 server
site that authenticate against an ldap
Using a CAS client, my others applications that are running in W2, W3 and so
one will authenticate against a CAS Server in W1 and I need a JAAS subject to
keep my application's security (autorization and authentication) working.
thanks again
Inas.
Date: Thu, 15 Jan 2009 15:01:37 -0600Subject: Re: CAS and LDAP and JAASFrom:
[email protected]: [email protected],Is there any reason you are going
through JAAS for LDAP authentication instead of using the LDAP authentication
handler?LDAP wiki entry: http://www.ja-sig.org/wiki/display/CASUM/LDAPJAAS wiki
entry: http://www.ja-sig.org/wiki/display/CASUM/JAASHTH,A-On 1/15/09 2:51 PM,
"inas inassen" <[email protected]> wrote:
Hi all, I'm trying to configure CAS to authenticate against an LDAP and my
applications are using JAAS as an Authentication and Autorization framework.
Everything work fine using Tomcat JNDIRealm My Tomcat JNDIRealm <Realm
className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net";
userPattern="uid={0},ou=people,ou=ait,o=b2b,dc=net"
roleBase="ou=roles,ou=ait,o=b2b,dc=net" roleName="cn"
roleSearch="(uniqueMember={0})" /> this is my jaas.conf file (configured in
-Djava.security.auth.login.config=jaas.conf) CAS
{edu.uconn.netid.jaas.LDAPLoginModule
sufficientjava.naming.provider.url="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"java.naming.security.principal="cn=Manager,ou=ait,o=b2b,dc=net"java.naming.security.credentials="secret"Attribute="uid"startTLS="true";};
and this is my delpoyConfigContext file<?xml version="1.0"
encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";> <bean
id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property
name="credentialsToPrincipalResolvers"> <list> <bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/> <bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/> </list> </property> <property name="authenticationHandlers"> <list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" /> <bean
class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler"
/> <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u" /> <property name="searchBase"
value="ou=people,ou=ait,o=b2b,dc=net" /> <property name="contextSource"
ref="contextSource" /> </bean> </list> </property> </bean> <bean
id="userDetailsService"
class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
<property name="userMap"> <value></value> </property> </bean> <bean
id="attributeRepository"
class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property
name="backingMap"> <map> <entry key="uid" value="uid" /> <entry
key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry
key="groupMembership" value="groupMembership" /> </map> </property> </bean>
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" /> <!-- LDAP
context --> <bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="pooled" value="true"/> <property name="urls"> <list>
<value>ldap://ladpsrv:389/ou=ait,o=b2b,dc=net</value> </list> </property>
<property name="userName" value="cn=Manager,ou=ait,o=b2b,dc=net"/> <property
name="password" value="secret"/> <property name="baseEnvironmentProperties">
<map> <entry> <key>
<value>java.naming.security.authentication</value> </key>
<value>simple</value> </entry> <entry> <key>
<value>ldap.initial.context.factory</value> </key>
<value>com.sun.jndi.ldap.LdapCtxFactory</value> </entry> </map>
</property> </bean> </beans> my ldap schema isou=ait,o=b2b,dc=net ou=people
uid=user1 uid=user2 ou=roles cn=role1
uniqueMember: uid=user1,ou=people,ou=ait,o=b2b,dc=net cn=role2
uniqueMember: uid=user2,ou=people,ou=ait,o=b2b,dc=net when I try to login I
get a bad credentialany help please? thanks a lot.Mezghena.
Découvrez toutes les possibilités de communication avec vos proches
<http://www.microsoft.com/windows/windowslive/default.aspx>
Découvrez tout ce que Windows Live a à vous apporter !
<http://www.microsoft.com/windows/windowslive/>
_______________________________________________Yale CAS mailing
[email protected]http://tp.its.yale.edu/mailman/listinfo/cas-- Andrew
Feller, AnalystLSU University Information Services200 Frey Computing Services
CenterBaton Rouge, LA 70803Office: 225.578.3737Fax: 225.578.6400
_________________________________________________________________
Découvrez toutes les possibilités de communication avec vos proches
http://www.microsoft.com/windows/windowslive/default.aspx_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
