Hi,
Is it possible to create authentication via kerberos and if not authenticated
then username/password authentication?
Kerberos works fine separately and also username/password authentication works
fine along.
I did try the next:
<?xml version="1.0" encoding="UTF-8"?>
<!--
| deployerConfigContext.xml centralizes into one file some of the
declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make up
a CAS deployment.
| The beans declared in this file are instantiated at context
initialization time by the Spring
| ContextLoaderListener declared in web.xml. It finds this file
because this
| file is among those declared in the context parameter
"contextConfigLocation".
|
| By far the most common change you will need to make in this file is
to change the last bean
| declaration to replace the default
SimpleTestUsernamePasswordAuthenticationHandler with
| one implementing your approach for authenticating usernames and
passwords.
+-->
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
<!--
| This bean declares our AuthenticationManager. The
CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this
AuthenticationManager by reference to its id,
| "authenticationManager". Most deployers will be able to use
the default AuthenticationManager
| implementation and so do not need to change the class of this
bean. We include the whole
| AuthenticationManager here in the userConfigContext.xml so
that you can see the things you will
| need to change in context.
+-->
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<!-- ... the others
credentialsToPrincipalResolvers ... -->
<bean
class="org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver"
/>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler">
<property name="authentication">
<bean
class="jcifs.spnego.Authentication" />
</property>
<property name="principalWithDomainName"
value="false" />
<property name="NTLMallowed"
value="true" />
</bean>
<!-- ... the others authenticationHandlers...
-->
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u"
/>
<property name="searchBase"
value="CN=Roles,CN=xxx,DC=foo,DC=bar,DC=fi" />
<property name="contextSource"
ref="contextSource" />
</bean>
</list>
</property>
</bean>
<bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
<property name="jcifsServicePrincipal"
value="HTTP/[EMAIL PROTECTED]" />
<property name="jcifsServicePassword" value="adfgsfg" />
<property name="kerberosDebug" value="true" />
<property name="kerberosRealm" value="FOO.BAR.FI" />
<property name="kerberosKdc" value="15.15.15.15" />
<property name="loginConf" value="/WEB-INF/login.conf" />
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="pooled" value="true" />
<property name="urls">
<list>
<value>ldap://foo.bar.fi/</value>
</list>
</property>
<property name="userName"
value="CN=antoni,CN=xxx,DC=foo,DC=bar,DC=fi" />
<property name="password" value="xxx" />
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>
java.naming.security.authentication
</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
</beans>
This configuration doesn't work for username/password authentication. What I
did wrong?
Thanks
Antoni Alatalo
Ohjelmistoasiantuntija
Kuntatoimiala, sosiaalitoimi
_________________________________________
Logica - Releasing your potential
Karvaamokuja 2
PL 38
00381 Helsinki
Vaihde: 010 302 010
Suora: 040 583 1097
[EMAIL PROTECTED]
www.logica.fi<http://www.logicacmg.fi>
WM-datan nimi on nyt Logica.
