[cas-user] ldapAuthenticationHandler
Ok. I tried to follow the link to setup LDAP authentication and it's not working. https://apereo.github.io/cas/development/installation/Configuration-Properties.html#ldap-authentication I configured the following in cas.properties but I'm not sure if I'm on the right path: ## # CAS Authentication Policy # cas.authn.policy.any.tryall=false cas.authn.policy.req.tryall=true cas.authn.policy.req.handlername=ldapAuthenticationHandler #cas.authn.policy.req.handlername=org.apereo.cas.authentication.LdapAuthenticationHandler cas.authn.policy.req.enabled=true ## # Ldap Authentication # cas.authn.accept.users= cas.authn.ldap[0].ldapUrl=ldap://localhost:389 cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=5000 I don't know how to configure the deployerConfigContext.xml if that's even needed at all. I found an overlay someone uploaded and it had something along these lines but it's not correct. Any help would be most appreciated. -Jeff -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/19c7df38-79f9-4330-be63-6134ba7f21f8%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] How to combine LDAP and static users from a file
sorry, I've missed "file:" p:fileName="/etc/cas/local-users.properties" /> p:fileName="file:/etc/cas/local-users.properties" /> Thanks a lot, now it works. On 08/09/16 16:47, William G. Thompson, Jr. wrote: 2016-09-08 16:25:21,599 ERROR [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Read permissions on /etc/cas/local-users.properties? On Thu, Sep 8, 2016 at 10:32 AM, Josep Manel Andréswrote: Hi Willian, Great! It kind of worked :) I have put this in the authenticationManager Bean: And this before ldapAuthenticationHandler: But now I am getting this error: 2016-09-08 16:25:21,599 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 2016-09-08 16:25:21,599 ERROR [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Any hint? Cheers. On 08/09/16 13:58, William G. Thompson, Jr. wrote: Yes, with CAS all things are possible. :) AuthN handlers can be changed so you can have both. Something like this would work. You'll need to make sure your usernames don't overlap. Also see https://apereo.github.io/cas/4.1.x/installation/Whitelist-Authentication.html Best, Bill On Thu, Sep 8, 2016 at 4:45 AM, Josep Manel Andrés wrote: Hi all, We've got a CAS server for our systems with an LDAP backend, which works great, but we have an special case in which an app needs to be able to login with root account, but this is not on the LDAP. So my question is how it's possible to combine both systems, LDAP login and a username and password for root account only. I would like to keep it simple. Best regards. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D1250D.1040903%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received.
Re: [cas-user] How to combine LDAP and static users from a file
> 2016-09-08 16:25:21,599 ERROR > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > not open ServletContext resource [/etc/cas/local-users.properties])> Read permissions on /etc/cas/local-users.properties? On Thu, Sep 8, 2016 at 10:32 AM, Josep Manel Andréswrote: > Hi Willian, > Great! It kind of worked :) > I have put this in the authenticationManager Bean: > > class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> > > > value-ref="proxyPrincipalResolver" /> > /> > > > > > > And this before ldapAuthenticationHandler: > > > class="org.jasig.cas.adaptors.generic.FileAuthenticationHandler" > p:fileName="/etc/cas/local-users.properties" /> > > > > > But now I am getting this error: > > 2016-09-08 16:25:21,599 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > > 2016-09-08 16:25:21,599 ERROR > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > not open ServletContext resource [/etc/cas/local-users.properties])> > > > Any hint? > > Cheers. > > > > On 08/09/16 13:58, William G. Thompson, Jr. wrote: >> >> Yes, with CAS all things are possible. :) >> >> AuthN handlers can be changed so you can have both. Something like >> this would work. You'll need to make sure your usernames don't >> overlap. >> >> > >> class="org.jasig.cas.adaptors.generic.FileAuthenticationHandler" >> p:fileName="/path/to/local-users.properties" /> >> >> > >> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >> p:contextSource-ref="ldapAuthContext" >> /> >> >> Also see >> https://apereo.github.io/cas/4.1.x/installation/Whitelist-Authentication.html >> >> Best, >> Bill >> >> >> >> On Thu, Sep 8, 2016 at 4:45 AM, Josep Manel Andrés >> wrote: >>> >>> Hi all, >>> We've got a CAS server for our systems with an LDAP backend, which works >>> great, but we have an special case in which an app needs to be able to >>> login >>> with root account, but this is not on the LDAP. >>> >>> So my question is how it's possible to combine both systems, LDAP login >>> and >>> a username and password for root account only. I would like to keep it >>> simple. >>> >>> Best regards. >>> >>> -- >>> Josep Manel Andrés (josep.and...@bsc.es) >>> Operations - Barcelona Supercomputing Center >>> C/ Jordi Girona, 31 http://www.bsc.es >>> 08034 Barcelona, Spain Tel: +34-93-405 42 14 >>> e-mail: syst...@bsc.es Fax: +34-93-413 77 21 >>> --- >>> >>> WARNING / LEGAL TEXT: This message is intended only for the use of the >>> individual or entity to which it is addressed and may contain >>> information which is privileged, confidential, proprietary, or exempt >>> from disclosure under applicable law. If you are not the intended >>> recipient or the person responsible for delivering the message to the >>> intended recipient, you are strictly prohibited from disclosing, >>> distributing, copying, or in any way using this message. If you have >>> received this communication in error, please notify the sender and >>> destroy and delete any copies you may have received. >>> >>> http://www.bsc.es/disclaimer >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to cas-user+unsubscr...@apereo.org. >>> To post to this group, send email to cas-user@apereo.org. >>> Visit this group at >>> https://groups.google.com/a/apereo.org/group/cas-user/. >>> To view this discussion on the web visit >>> >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D1250D.1040903%40bsc.es. >>> For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > > -- > Josep Manel Andrés (josep.and...@bsc.es) > Operations - Barcelona Supercomputing Center > C/ Jordi Girona, 31 http://www.bsc.es > 08034 Barcelona, Spain Tel: +34-93-405 42 14 > e-mail: syst...@bsc.es Fax: +34-93-413 77 21 > --- > > WARNING / LEGAL TEXT: This message is intended only for the use of the > individual or entity to which it is addressed and may contain > information which is privileged, confidential, proprietary, or exempt > from disclosure under applicable law. If you are not the intended > recipient or the person responsible for delivering the message to the > intended recipient, you are strictly prohibited from disclosing, > distributing, copying, or in any way using this message. If you have > received this communication in error, please notify the sender and > destroy and delete any copies you may have received. > > http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To
Re: [cas-user] How to combine LDAP and static users from a file
Hi Willian, Great! It kind of worked :) I have put this in the authenticationManager Bean: class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> value-ref="proxyPrincipalResolver" /> value="#{null}" /> And this before ldapAuthenticationHandler: But now I am getting this error: 2016-09-08 16:25:21,599 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 2016-09-08 16:25:21,599 ERROR [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Could not open ServletContext resource [/etc/cas/local-users.properties])> Any hint? Cheers. On 08/09/16 13:58, William G. Thompson, Jr. wrote: Yes, with CAS all things are possible. :) AuthN handlers can be changed so you can have both. Something like this would work. You'll need to make sure your usernames don't overlap. Also see https://apereo.github.io/cas/4.1.x/installation/Whitelist-Authentication.html Best, Bill On Thu, Sep 8, 2016 at 4:45 AM, Josep Manel Andréswrote: Hi all, We've got a CAS server for our systems with an LDAP backend, which works great, but we have an special case in which an app needs to be able to login with root account, but this is not on the LDAP. So my question is how it's possible to combine both systems, LDAP login and a username and password for root account only. I would like to keep it simple. Best regards. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D1250D.1040903%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D17675.3040701%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] How to combine LDAP and static users from a file
Yes, with CAS all things are possible. :) AuthN handlers can be changed so you can have both. Something like this would work. You'll need to make sure your usernames don't overlap. Also see https://apereo.github.io/cas/4.1.x/installation/Whitelist-Authentication.html Best, Bill On Thu, Sep 8, 2016 at 4:45 AM, Josep Manel Andréswrote: > Hi all, > We've got a CAS server for our systems with an LDAP backend, which works > great, but we have an special case in which an app needs to be able to login > with root account, but this is not on the LDAP. > > So my question is how it's possible to combine both systems, LDAP login and > a username and password for root account only. I would like to keep it > simple. > > Best regards. > > -- > Josep Manel Andrés (josep.and...@bsc.es) > Operations - Barcelona Supercomputing Center > C/ Jordi Girona, 31 http://www.bsc.es > 08034 Barcelona, Spain Tel: +34-93-405 42 14 > e-mail: syst...@bsc.es Fax: +34-93-413 77 21 > --- > > WARNING / LEGAL TEXT: This message is intended only for the use of the > individual or entity to which it is addressed and may contain > information which is privileged, confidential, proprietary, or exempt > from disclosure under applicable law. If you are not the intended > recipient or the person responsible for delivering the message to the > intended recipient, you are strictly prohibited from disclosing, > distributing, copying, or in any way using this message. If you have > received this communication in error, please notify the sender and > destroy and delete any copies you may have received. > > http://www.bsc.es/disclaimer > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To post to this group, send email to cas-user@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D1250D.1040903%40bsc.es. > For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPpkTuGBEs3ZsatFWgw5%2BrfbqV3F0AvQsT9xwDkW1DPZkTjrXg%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] Custom Authentication Handler in version 5.0.0
Example: https://github.com/apereo/cas/blob/master/cas-server-support-digest-authentication/src/main/java/org/apereo/cas/digest/config/DigestAuthenticationConfiguration.java#L128 -- Misagh From: Gokhan MansurogluReply: Gokhan Mansuroglu Date: September 8, 2016 at 1:17:32 PM To: CAS Community Subject: [cas-user] Custom Authentication Handler in version 5.0.0 Hi, Let's say I have a custom AbcAuthencticationHandler and AbcCredentials. How can i configure this custom auhtentication handler ? In previous versions this can be handled in deployerConfigContext.xml, but how it is done in version 5.0.0 ? Thanks. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0a0ba25b-2dff-4cae-aa1b-a639cd629bc9%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57d12c80.60656735.13888%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] How to combine LDAP and static users from a file
Hi all, We've got a CAS server for our systems with an LDAP backend, which works great, but we have an special case in which an app needs to be able to login with root account, but this is not on the LDAP. So my question is how it's possible to combine both systems, LDAP login and a username and password for root account only. I would like to keep it simple. Best regards. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D1250D.1040903%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.