Re:

Mon, 19 Jan 2009 15:40:17 -0800

While I don't know for sure why your authentication is failing, your configuration appears to do both "direct" LDAP authentication, using BindLdapAuthenticationHandler and via JAAS.  Only one should be necessary.

Now, when I used JAAS in the past, my bean definition looked like this:
<bean class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler">
  <property name="realm" value="CAS"/>
</bean>

This property is what tells JAAS which part of jaas.conf to use.

Adam

inas inassen wrote:
Hi all,
 
I'm trying to configure CAS to authenticate against an LDAP using JAAS
 
this is my jaas.conf file (configured in -Djava.security.auth.login.config=jaas.conf)
 
 
CAS {
edu.uconn.netid.jaas.LDAPLoginModule sufficient
java.naming.provider.url=""true" href="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net">ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"
java.naming.security.principal="cn=Manager,ou=ait,o=b2b,dc=net"
java.naming.security.credentials="secret"
Attribute="uid"
startTLS="true";
};
 

and this is my delpoyConfigContext file
 
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
 <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
  <property name="credentialsToPrincipalResolvers">
   <list>
    <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
    <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
   </list>
  </property>
  <property name="authenticationHandlers">
   <list>
    <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" />
    <bean class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler" />
    <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
     <property name="filter" value="uid=%u" />
     <property name="searchBase" value="ou=people,ou=ait,o=b2b,dc=net" />
     <property name="contextSource" ref="contextSource" />
    </bean>
   </list>
  </property>
 </bean>

 <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
  <property name="userMap">
   <value></value>
  </property>
 </bean>
 
 <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao">
  <property name="backingMap">
   <map>
    <entry key="uid" value="uid" />
    <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
    <entry key="groupMembership" value="groupMembership" />
   </map>
  </property>
 </bean>
 
 <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
 
 <!-- LDAP context -->
 <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
  <property name="pooled" value="true"/>
  <property name="urls">
   <list>
    <value>ldap://ladpsrv:389/ou=ait,o=b2b,dc=net</value>
   </list>
  </property>
  <property name="userName" value="cn=Manager,ou=ait,o=b2b,dc=net"/>
  <property name="password" value="secret"/>
  <property name="baseEnvironmentProperties">
   <map>
    <entry>
     <key>
      <value>java.naming.security.authentication</value>
     </key>
     <value>simple</value>
    </entry>
    
    <entry>
     <key>
      <value>ldap.initial.context.factory</value>
     </key>
     <value>com.sun.jndi.ldap.LdapCtxFactory</value>
    </entry>
   </map>
  </property>
 </bean>
 
</beans>

 
when I try to login I get a bad credential
 
my ldap schema is
 
ou=ait,o=b2b,dc=net
    ou=people
         uid=user1
         uid=user2
    ou=roles
        cn=role1
             uniqueMember: uid=user1,ou=people,ou=ait,o=b2b,dc=net
        cn=role2
             uniqueMember: uid=user2,ou=people,ou=ait,o=b2b,dc=net
 
 
When I use the tomcat JNDIRealm, it works fine
 
 
<Realm className="org.apache.catalina.realm.JNDIRealm"
           connectionURL="ldap://ladpsrv:389/ou=ait,o=b2b,dc=net"
           userPattern="uid={0},ou=people,ou=ait,o=b2b,dc=net"
           roleBase="ou=roles,ou=ait,o=b2b,dc=net"
           roleName="cn"
           roleSearch="(uniqueMember={0})" />
 
 
any help please?
 
thanks a lot.


Découvrez toutes les possibilités de communication avec vos proches 

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
  



begin:vcard
fn:Adam Rybicki
n:Rybicki;Adam
org:Unicon, Inc.;Professional Services
adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States
email;internet:[email protected]
tel;work:+1-480-558-2400
tel;home:+1-310-265-8286
tel;cell:+1-310-980-2758
x-mozilla-html:FALSE
url:http://www.unicon.net/
version:2.1
end:vcard

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to