tag:old.nabble.com,2006:forum-15449Nabble - CAS Users2009-10-20T23:18:34Ztag:old.nabble.com,2006:post-25987076Re: mod_auth_cas: CAS behind proxy2009-10-20T23:18:34Z2009-10-20T23:18:34ZRajaRHi,
<br><br>I have my CAS setup in a dedicated Tomcat Server instance.
<br><br>Can you pls. let me know what are the advantages of using mod_auth_cas.so from Apache to connect to my CAS above?
<br><br>Thanks,
<br>Raja
<br><br><br>What
<br><blockquote class="quote light-black dark-border-color"><div class="quote light-border-color">
<div class="quote-author" style="font-weight: bold;">Matt Smith-21 wrote:</div>
<div class="quote-message shrinkable-quote">Currently, mod_auth_cas performs the service validation via direct
<br>socket calls, not an HTTP library. So, the HTTP capabilities are
<br>limited to a very basic HTTP/1.0 GET . There is no support for
<br>proxies or anything fancy.
<br><br>We have discussed the possibility of using libcurl, which would offer
<br>much functionality at the expense of a new dependency, but have not
<br>had the time to do anything beyond bugfixes in a while.
<br><br>-Matt
<br><br>On Mon, Oct 6, 2008 at 9:28 AM, Volker Krebs <volker.krebs@abas.de> wrote:
<br>> Hello,
<br>> I've set up my Apache using mod_auth_cas, everything works fine, great
<br>> module. Thank you for that!
<br>> But when my CAS moves behind a web-proxy I get an error
<br>> [error] [client 192.168.4.158] MOD_AUTH_CAS: connect() failed to
<br>> <a href="https://cas.example.com/sso/login?service=http%3a%2f%2fgeier%2fvk" target="_top" rel="nofollow">https://cas.example.com/sso/login?service=http%3a%2f%2fgeier%2fvk</a><br>>
<br>> The Problem is, that I need a https_proxy varaible to connect to
<br>> <a href="https://cas.example.com/" target="_top" rel="nofollow">https://cas.example.com/</a>. But I have no clue where to configure it in
<br>> apache or mod_auth_cas. I've tried setting the environment variable
<br>> https_proxy and http_proxy but apache or mod_auth_cas seem not to be
<br>> interested.
<br>> Any Ideas ?
<br>>
<br>> Thanks
<br>> _______________________________________________
<br>> Yale CAS mailing list
<br>> cas@tp.its.yale.edu
<br>> <a href="http://tp.its.yale.edu/mailman/listinfo/cas" target="_top" rel="nofollow">http://tp.its.yale.edu/mailman/listinfo/cas</a><br>>
<br><br><br><br>--
<br>matt@forsetti.com
<br>Key ID:D6EEC5B5
<br>_______________________________________________
<br>Yale CAS mailing list
<br>cas@tp.its.yale.edu
<br><a href="http://tp.its.yale.edu/mailman/listinfo/cas" target="_top" rel="nofollow">http://tp.its.yale.edu/mailman/listinfo/cas</a></div>
</div></blockquote>
tag:old.nabble.com,2006:post-25968230Ensure the same credentials could be used only by one user at the same time2009-10-19T18:03:20Z2009-10-19T18:03:20ZYuriy Zubarev-2Hi,
<br><br>We have a business rule that forbids two different users to be logged
<br>in the system under the same set of credentials at the same time. Does
<br>CAS have a support for this?
<br><br>Does this feature have a common name? "Non sharable credentials", or
<br>something similar?
<br><br>I tried to search archives to see if the question was already asked
<br>but WiscList is hardly usable.
<br><br>Thank you,
<br>Yuriy Zubarev
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25968230&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25968230&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25967798unable to get SSO working2009-10-19T16:50:53Z2009-10-19T16:50:53ZDavid JeffersonHi, I'm trying to CAS and a couple of apps (appA and appB) configured for SSO. Both appA and appB are configured to authenticate against CAS and in both cases authentication is working correctly. If I start with appA and login,I get authenticated and the CASTGC cookie gets set, same thing happens if I start with appB.
<br><br>In my case an authenticated user in appA is able to click on a link and be redirected to appB. But when the user is redirected to appB they are challenged again for login creds. If enter the creds I can then get to appB.
<br><br>I assume it is just that I've not correctly configured something but in reading through the CAS docs I've found where I'm going wrong.
<br><br>My web.xml configs are...
<br><br>appA
<br>>>>>
<br><filter>
<br> <filter-name>CAS Authentication Filter</filter-name>
<br> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<br> <init-param>
<br> <param-name>casServerLoginUrl</param-name>
<br> <param-value><a href="http://localhost:8080/login" target="_top" rel="nofollow">http://localhost:8080/login</a></param-value>
<br> </init-param>
<br> <init-param>
<br> <param-name>serverName</param-name>
<br> <param-value><a href="http://localhost:8084" target="_top" rel="nofollow">http://localhost:8084</a></param-value>
<br> </init-param>
<br> </filter>
<br><br>
<br> <filter>
<br> <filter-name>CAS Validation Filter</filter-name>
<br> <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<br> <init-param>
<br> <param-name>casServerUrlPrefix</param-name>
<br> <param-value><a href="http://localhost:8080" target="_top" rel="nofollow">http://localhost:8080</a></param-value>
<br> </init-param>
<br><br> <init-param>
<br> <param-name>serverName</param-name>
<br> <param-value><a href="http://localhost:8084" target="_top" rel="nofollow">http://localhost:8084</a></param-value>
<br> </init-param>
<br> </filter>
<br><br> <filter>
<br> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<br> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
<br> </filter>
<br><br> <filter>
<br> <filter-name>CAS Assertion Thread Local Filter</filter-name>
<br> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
<br> </filter>
<br><<<
<br><br><br>appB
<br>>>>
<br><br><filter>
<br> <filter-name>CAS Authentication Filter</filter-name>
<br> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<br> <init-param>
<br> <param-name>casServerLoginUrl</param-name>
<br> <param-value><a href="http://localhost:8080/login" target="_top" rel="nofollow">http://localhost:8080/login</a></param-value>
<br> </init-param>
<br> <init-param>
<br> <param-name>serverName</param-name>
<br> <param-value><a href="http://localhost:8081" target="_top" rel="nofollow">http://localhost:8081</a></param-value>
<br> </init-param>
<br> </filter>
<br>
<br>
<br>
<br> <filter>
<br> <filter-name>CAS Validation Filter</filter-name>
<br> <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<br> <init-param>
<br> <param-name>casServerUrlPrefix</param-name>
<br> <param-value><a href="http://localhost:8080" target="_top" rel="nofollow">http://localhost:8080</a></param-value>
<br> </init-param>
<br>
<br> <init-param>
<br> <param-name>serverName</param-name>
<br> <param-value><a href="http://localhost:8081" target="_top" rel="nofollow">http://localhost:8081</a></param-value>
<br> </init-param>
<br> </filter>
<br>
<br> <filter>
<br> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<br> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
<br> </filter>
<br>
<br> <filter>
<br> <filter-name>CAS Assertion Thread Local Filter</filter-name>
<br> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
<br> </filter>
<br><<<
<br><br><br>with some CAS server debug output thrown in for good measure
<br>>>>
<br><br>[java] DEBUG [2009-10-19 18:42:06,556] [http--8080-4$28137909] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:42:06,556] [http--8080-4$28137909] AuthenticationViaFormAction - Executing bind
<br> [java] DEBUG [2009-10-19 18:42:06,556] [http--8080-4$28137909] AuthenticationViaFormAction - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow
<br> [java] DEBUG [2009-10-19 18:42:06,556] [http--8080-4$28137909] AuthenticationViaFormAction - No property editor registrar set, no custom editors to register
<br> [java] DEBUG [2009-10-19 18:42:06,587] [http--8080-4$28137909] AuthenticationViaFormAction - Binding allowed request parameters in map['lt' -> '_c59B7F3F2-A126-45EB-19A3-E0B62629BA68_k20309474-3BCC-AC08-4A05-DA5AFEFD06E8', 'service' -> '<a href="http://localho" target="_top" rel="nofollow">http://localho</a><br>t:8084/reviews/demo', 'username' -> '<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25967798&i=0" target="_top" rel="nofollow">m.purple@...</a>', '_eventId' -> 'submit', 'submit' -> 'Submit', 'password' -> '1Follow'] to form object with name 'credentials', pre-bind formObject toString = [username: null]
<br> [java] DEBUG [2009-10-19 18:42:06,587] [http--8080-4$28137909] AuthenticationViaFormAction - (Any field is allowed)
<br> [java] DEBUG [2009-10-19 18:42:06,603] [http--8080-4$28137909] AuthenticationViaFormAction - Binding completed for form object with name 'credentials', post-bind formObject toString = [username: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25967798&i=1" target="_top" rel="nofollow">m.purple@...</a>]
<br> [java] DEBUG [2009-10-19 18:42:06,603] [http--8080-4$28137909] AuthenticationViaFormAction - There are [0] errors, details: []
<br> [java] DEBUG [2009-10-19 18:42:06,603] [http--8080-4$28137909] AuthenticationViaFormAction - Executing validation
<br> [java] DEBUG [2009-10-19 18:42:06,603] [http--8080-4$28137909] AuthenticationViaFormAction - Invoking validator org.jasig.cas.validation.UsernamePasswordCredentialsValidator@186330
<br> [java] DEBUG [2009-10-19 18:42:06,603] [http--8080-4$28137909] AuthenticationViaFormAction - Validation completed for form object
<br> [java] DEBUG [2009-10-19 18:42:06,603] [http--8080-4$28137909] AuthenticationViaFormAction - There are [0] errors, details: []
<br> [java] DEBUG [2009-10-19 18:42:06,603] [http--8080-4$28137909] AuthenticationViaFormAction - Putting form errors instance in scope Flash
<br> [java] DEBUG [2009-10-19 18:42:06,603] [http--8080-4$28137909] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:42:06,603] [http--8080-4$28137909] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:42:06,603] [http--8080-4$28137909] AuthenticationViaFormAction - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow
<br> [java] DEBUG [2009-10-19 18:42:06,680] [http--8080-4$28137909] CentralAuthenticationServiceImpl - Attempting to create TicketGrantingTicket for [username: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25967798&i=2" target="_top" rel="nofollow">m.purple@...</a>]
<br> [java] INFO [2009-10-19 18:42:06,960] [http--8080-4$28137909] AuthenticationManagerImpl - AuthenticationHandler: com.homeaway.bluesun.cas.authentication.BluesunAuthenticationHandler successfully authenticated the user which provided the following cre
<br>entials: [username: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25967798&i=3" target="_top" rel="nofollow">m.purple@...</a>]
<br> [java] DEBUG [2009-10-19 18:42:06,960] [http--8080-4$28137909] UsernamePasswordCredentialsToPrincipalResolver - Attempting to resolve a principal...
<br> [java] DEBUG [2009-10-19 18:42:06,976] [http--8080-4$28137909] UsernamePasswordCredentialsToPrincipalResolver - Creating SimplePrincipal for [<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25967798&i=4" target="_top" rel="nofollow">m.purple@...</a>]
<br> [java] DEBUG [2009-10-19 18:42:07,380] [http--8080-4$28137909] CookieRetrievingCookieGenerator - Removed cookie with name [CASPRIVACY]
<br> [java] DEBUG [2009-10-19 18:42:07,380] [http--8080-4$28137909] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:42:07,380] [http--8080-4$28137909] SendTicketGrantingTicketAction - Action 'SendTicketGrantingTicketAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:42:07,380] [http--8080-4$28137909] CookieRetrievingCookieGenerator - Added cookie with name [CASTGC] and value [TGT-1-qY4l1fDjtUvYI6RLfPuvcpLVcG0EmfAe60nKduydDNhXeIhd6y-localhost:8080]
<br> [java] DEBUG [2009-10-19 18:42:07,380] [http--8080-4$28137909] SendTicketGrantingTicketAction - Action 'SendTicketGrantingTicketAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:42:07,395] [http--8080-4$28137909] GenerateServiceTicketAction - Action 'GenerateServiceTicketAction' beginning execution
<br> [java] INFO [2009-10-19 18:42:07,473] [http--8080-4$28137909] CentralAuthenticationServiceImpl - Granted service ticket [ST-1-SIy6TrgD7FbTdxKoANnU-localhost:8080] for service [<a href="http://localhost:8084/reviews/demo" target="_top" rel="nofollow">http://localhost:8084/reviews/demo</a>] for user [<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25967798&i=5" target="_top" rel="nofollow">m.purple@...</a>]
<br> [java] DEBUG [2009-10-19 18:42:07,519] [http--8080-4$28137909] GenerateServiceTicketAction - Action 'GenerateServiceTicketAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:42:07,675] [http--8080-11$30385692] SamlArgumentExtractor - Extractor generated service for: <a href="http://localhost:8084/reviews/demo" target="_top" rel="nofollow">http://localhost:8084/reviews/demo</a><br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] InitialFlowSetupAction - Action 'InitialFlowSetupAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] CasArgumentExtractor - Extractor generated service for: <a href="http://localhost:8081/secured/account/editAccount.htm" target="_top" rel="nofollow">http://localhost:8081/secured/account/editAccount.htm</a><br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] InitialFlowSetupAction - Placing service in FlowScope: <a href="http://localhost:8081/secured/account/editAccount.htm" target="_top" rel="nofollow">http://localhost:8081/secured/account/editAccount.htm</a><br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] InitialFlowSetupAction - Action 'InitialFlowSetupAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] AuthenticationViaFormAction - Executing setupForm
<br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] AuthenticationViaFormAction - Creating new form object with name 'credentials'
<br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] AuthenticationViaFormAction - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]
<br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] AuthenticationViaFormAction - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'
<br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] AuthenticationViaFormAction - Creating new form errors for object with name 'credentials'
<br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] AuthenticationViaFormAction - No property editor registrar set, no custom editors to register
<br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] AuthenticationViaFormAction - Putting form errors instance in scope Flash
<br> [java] DEBUG [2009-10-19 18:43:20,449] [http--8080-10$24447827] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:43:20,480] [http--8080-10$24447827] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:43:20,480] [http--8080-10$24447827] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:45:18,943] [http--8080-12$2548297] InitialFlowSetupAction - Action 'InitialFlowSetupAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:45:18,943] [http--8080-12$2548297] CasArgumentExtractor - Extractor generated service for: <a href="http://localhost:8081/secured/account/editAccount.htm" target="_top" rel="nofollow">http://localhost:8081/secured/account/editAccount.htm</a><br> [java] DEBUG [2009-10-19 18:45:18,943] [http--8080-12$2548297] InitialFlowSetupAction - Placing service in FlowScope: <a href="http://localhost:8081/secured/account/editAccount.htm" target="_top" rel="nofollow">http://localhost:8081/secured/account/editAccount.htm</a><br> [java] DEBUG [2009-10-19 18:45:18,943] [http--8080-12$2548297] InitialFlowSetupAction - Action 'InitialFlowSetupAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:45:18,943] [http--8080-12$2548297] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:45:18,943] [http--8080-12$2548297] AuthenticationViaFormAction - Executing setupForm
<br> [java] DEBUG [2009-10-19 18:45:18,943] [http--8080-12$2548297] AuthenticationViaFormAction - Creating new form object with name 'credentials'
<br> [java] DEBUG [2009-10-19 18:45:18,943] [http--8080-12$2548297] AuthenticationViaFormAction - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]
<br> [java] DEBUG [2009-10-19 18:45:18,943] [http--8080-12$2548297] AuthenticationViaFormAction - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'
<br> [java] DEBUG [2009-10-19 18:45:18,943] [http--8080-12$2548297] AuthenticationViaFormAction - Creating new form errors for object with name 'credentials'
<br> [java] DEBUG [2009-10-19 18:45:18,974] [http--8080-12$2548297] AuthenticationViaFormAction - No property editor registrar set, no custom editors to register
<br> [java] DEBUG [2009-10-19 18:45:18,974] [http--8080-12$2548297] AuthenticationViaFormAction - Putting form errors instance in scope Flash
<br> [java] DEBUG [2009-10-19 18:45:18,974] [http--8080-12$2548297] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:45:18,974] [http--8080-12$2548297] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:45:18,974] [http--8080-12$2548297] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] InitialFlowSetupAction - Action 'InitialFlowSetupAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] CasArgumentExtractor - Extractor generated service for: <a href="http://localhost:8081/secured/account/editAccount.htm" target="_top" rel="nofollow">http://localhost:8081/secured/account/editAccount.htm</a><br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] InitialFlowSetupAction - Placing service in FlowScope: <a href="http://localhost:8081/secured/account/editAccount.htm" target="_top" rel="nofollow">http://localhost:8081/secured/account/editAccount.htm</a><br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] InitialFlowSetupAction - Action 'InitialFlowSetupAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] AuthenticationViaFormAction - Executing setupForm
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] AuthenticationViaFormAction - Creating new form object with name 'credentials'
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] AuthenticationViaFormAction - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] AuthenticationViaFormAction - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] AuthenticationViaFormAction - Creating new form errors for object with name 'credentials'
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] AuthenticationViaFormAction - No property editor registrar set, no custom editors to register
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] AuthenticationViaFormAction - Putting form errors instance in scope Flash
<br> [java] DEBUG [2009-10-19 18:45:21,283] [http--8080-12$31690392] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
<br> [java] DEBUG [2009-10-19 18:45:21,314] [http--8080-12$31690392] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution
<br> [java] DEBUG [2009-10-19 18:45:21,314] [http--8080-12$31690392] AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
<br><<<
<br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25967798&i=6" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25967798&i=7" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25966059What is your custom 500 error page like?2009-10-19T14:30:50Z2009-10-19T14:30:50ZKim CaryAll,<br><br>Wondering what you are using for your custom error pages on tomcat with your CAS server. Ideally, I'd like the page to email me the error. If you have something like that or even something simpler you use and like, I'd be interested.<br>
<br>Right now I'm looking at this in web.xml<br><font face="courier new,monospace">...<br> <error-page><br> <error-code>500</error-code><br> <location>/server_error.html</location><br>
</error-page><br> <error-page><br> <error-code>404</error-code><br> <location>/file_not_found.html</location><br> </error-page> <br></web-app><br>
<font face="arial,helvetica,sans-serif">but those could easily be jsp pages, I guess.<br>
<br>What are you folks doing for this? I assume most of you are trapping the ugly 500 errors, etc.<br></font></font><br clear="all">Kim<br>
<pre>-- <br />You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25966059&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25966059&i=1" target="_top" rel="nofollow">lists@...</a><br />To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user</pre>tag:old.nabble.com,2006:post-25959434Re: help with - Step 5: CASify HelloWorld Servlet2009-10-19T07:35:32Z2009-10-19T07:35:32ZMarvin AddisonThe error in your attached log
<br><br>javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path
<br>building failed: java.security.cert.CertPathBuilderException: unable
<br>to find valid certification path to requested target
<br> com.ibm.jsse2.n.a(n.java:3)
<br><br>is almost always caused SSL trust problems in the CAS client where the
<br>client does not trust the certificate/chain presented by the CAS
<br>server. I am totally unfamiliar with the IBM JRE, but hopefully you
<br>can translate the instructions for the Sun JRE into your environment.
<br>Import the CAS server cert (or issuer cert if you have a PKI) into the
<br>truststore used by JRE of the CAS client; the default system
<br>truststore is $JAVA_HOME/jre/lib/security/cacerts. We use keytool,
<br><a href="http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html" target="_top" rel="nofollow">http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html</a>, for
<br>keystore management, but there are GUI tools avalilable (e.g.
<br><a href="http://portecle.sourceforge.net/" target="_top" rel="nofollow">http://portecle.sourceforge.net/</a>) if you would prefer a graphical
<br>tool.
<br><br>M
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25959434&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25959434&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25959278Re: Redirection (?) loop of "Granting service ticket"2009-10-19T07:26:11Z2009-10-19T07:26:11ZMarvin Addison> Or is it maybe a configuration issue? Do I have to activate the certificate
<br>> check somewhere?
<br><br>Yes. Hopefully someone with Moodle experience can chime in here -- I
<br>didn't even realize Moodle used phpCAS. Once you find the right place
<br>in Moodle to configure the phpCAS client,
<br><a href="http://www.ja-sig.org/wiki/display/CASC/phpCAS+examples" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/CASC/phpCAS+examples</a> give examples
<br>of both disabling the cert check (not recommended) and enabling an
<br>explicity trust check.
<br><br>M
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25959278&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25959278&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25958005Re: Redirection (?) loop of "Granting service ticket"2009-10-19T06:00:39Z2009-10-19T06:00:39ZGiuseppe Sollazzo-2Ryan Fox wrote:
<br>>
<br>> The user's interaction with the cas server was successful. The problem is between the phpCAS client and CAS, when phpCAS is trying to verify the service ticket the user presented.
<br>>
<br>> Specifically, phpCAS wants you to either call phpCAS::setCasServerCert() to give it a certificate which it should validate against the cert presented by the CAS server; or, call phpCAS::setNoCasServerValidation() to not do that check. It's a much better idea to have the cas client check the cert properly.
<br>>
<br>> Ryan
<br>>
<br>>
<br>Uhm... this is something obscure to me so sorry if I ask more details.
<br>What do you mean when you say "phpCAS wants you to call ..."? I guess
<br>it's moodle that should call one of these functions, or does the
<br>implementation of CAS into moodle pass through writing code? "What must
<br>be called by who, and where?" :-)
<br>Or is it maybe a configuration issue? Do I have to activate the
<br>certificate check somewhere?
<br><br>No tutorial mentioned this, so I guess there's something wrong about
<br>this function call but can't tell what...
<br><br>Thanks,
<br>Giuseppe
<br><br>--
<br>Giuseppe Sollazzo
<br>Systems Developer / Administrator
<br><br>Computing Services
<br>St. George's, University of London
<br><br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25958005&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25958005&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25956815Re: Redirection (?) loop of "Granting service ticket"2009-10-19T04:34:56Z2009-10-19T04:34:56ZRyan Fox<br>----- "Giuseppe Sollazzo" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956815&i=0" target="_top" rel="nofollow">gsollazz@...</a>> wrote:
<br><br>> Ok - as you said I verified I was running phpCAS 1.0.1. Changed it to
<br>>
<br>> phpCAS 1.0.0 and what I got is a new error:
<br>>
<br>>
<br>> phpCAS error: phpCAS::checkAuthentication(): one of the methods
<br>> phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or
<br>> phpCAS::setNoCasServerValidation() must be called. in
<br>> /www/moodle/auth/cas/auth.php on line 111
<br><br><br>The user's interaction with the cas server was successful. The problem is between the phpCAS client and CAS, when phpCAS is trying to verify the service ticket the user presented.
<br><br>Specifically, phpCAS wants you to either call phpCAS::setCasServerCert() to give it a certificate which it should validate against the cert presented by the CAS server; or, call phpCAS::setNoCasServerValidation() to not do that check. It's a much better idea to have the cas client check the cert properly.
<br><br>Ryan
<br><br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956815&i=1" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956815&i=2" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25956467Re: Redirection (?) loop of "Granting service ticket"2009-10-19T04:07:03Z2009-10-19T04:07:03ZGiuseppe Sollazzo-2Ok - as you said I verified I was running phpCAS 1.0.1. Changed it to
<br>phpCAS 1.0.0 and what I got is a new error:
<br><br><br>phpCAS error: phpCAS::checkAuthentication(): one of the methods
<br>phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or
<br>phpCAS::setNoCasServerValidation() must be called. in
<br>/www/moodle/auth/cas/auth.php on line 111
<br><br><br>The output of the CAS server looks "normal", in a way:
<br><br>2009-10-19 12:03:38,323 INFO
<br>[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<br><AuthenticationHandler:
<br>org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
<br>authenticated the user which provided the following credentials:
<br>[username: user]>
<br>2009-10-19 12:03:38,328 INFO
<br>[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
<br>ticket [ST-1-s0gQhWMEptjvmuXN0Igy-cas] for service
<br>[<a href="https://myserver/devmoodle/login/index.php" target="_top" rel="nofollow">https://myserver/devmoodle/login/index.php</a>] for user [user]>
<br><br>Line 111 of auth.php is simply the check on authentication method:
<br> if (phpCAS::checkAuthentication()) {
<br> $frm->username=phpCAS::getUser();
<br>// if (phpCAS::getUser()=='esup9992')
<br>// $frm->username='erhar0062';
<br> $frm->password="passwdCas";
<br> return;
<br> }
<br><br><br>I wonder here if there's some issue with my certificate. Any idea?
<br><br>Thanks a lot for any help!
<br><br>Giuseppe
<br><br><br>Diego Benedicto wrote:
<div class='shrinkable-quote'><br>> phpCAS downloads are in <a href="http://www.ja-sig.org/downloads/cas-clients/php/" target="_top" rel="nofollow">http://www.ja-sig.org/downloads/cas-clients/php/</a><br>>
<br>> You have a phpCAS configured in Moodle to CASifiy it, right?
<br>> So, you can try it with phpCAS 1.0.0 to check if your problem remains...
<br>>
<br>>
<br>>
<br>> Giuseppe Sollazzo-2 wrote:
<br>>
<br>>> Hi Diego,
<br>>> interesting question - I'm actually not sure as I think it came with
<br>>> CAS? How can I check it?
<br>>>
<br>>> My setup was:
<br>>> 1) install moodle
<br>>> 2) install tomcat
<br>>> 3) deploy the CAS webapp
<br>>>
<br>>>
<br>>> Thanks,
<br>>> Giuseppe
<br>>>
<br>>> Diego Benedicto wrote:
<br>>>
<br>>>> Hi,
<br>>>>
<br>>>> I had the same problem CASifying Wordpress and Dokuwiki with phpCAS
<br>>>> 1.0.1,
<br>>>> but using phpCAS 1.0.0 it works perfectly
<br>>>>
<br>>>> Which phpCAS version are you using?
<br>>>>
<br>>>>
<br>>>>
<br>>>>
<br>>>>
<br>>>>
<br>>>> Giuseppe Sollazzo-2 wrote:
<br>>>>
<br>>>>
<br>>>>> Hi all,
<br>>>>> I'm still trying to deal with this issue: when I try to authenticate
<br>>>>> over CAS via moodle, I get a sequence of (incrementally numbered)
<br>>>>> "Granting service tickets" that lead to nowhere (infinite loop on
<br>>>>> Explorer) or to a "Redirect loop" error on Firefox.
<br>>>>>
<br>>>>> Has anyone any idea of where this originates? I've read somewhere that
<br>>>>> it could depend of the self-signed certificate I'm currently using for
<br>>>>> testing, but found no hint about this on the wiki.
<br>>>>>
<br>>>>> Any help would be highly appreciated!
<br>>>>>
<br>>>>> Thanks,
<br>>>>> Giuseppe
<br>>>>>
<br>>>>> --
<br>>>>> Giuseppe Sollazzo
<br>>>>> Systems Developer / Administrator
<br>>>>>
<br>>>>> Computing Services
<br>>>>> St. George's, University of London
<br>>>>>
<br>>>>>
<br>>>>> --
<br>>>>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956467&i=0" target="_top" rel="nofollow">cas-user@...</a> as:
<br>>>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956467&i=1" target="_top" rel="nofollow">lists@...</a>
<br>>>>> To unsubscribe, change settings or access archives, see
<br>>>>> <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>>>>>
<br>>>>>
<br>>>>>
<br>>>>>
<br>>>>
<br>>>>
<br>>> --
<br>>> Giuseppe Sollazzo
<br>>> Systems Developer / Administrator
<br>>>
<br>>> Computing Services
<br>>> St. George's, University of London
<br>>>
<br>>>
<br>>> --
<br>>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956467&i=2" target="_top" rel="nofollow">cas-user@...</a> as:
<br>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956467&i=3" target="_top" rel="nofollow">lists@...</a>
<br>>> To unsubscribe, change settings or access archives, see
<br>>> <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>>>
<br>>>
<br>>>
<br>>
<br>>
</div><br><br>--
<br>Giuseppe Sollazzo
<br>Systems Developer / Administrator
<br><br>Computing Services
<br>St. George's, University of London
<br><br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956467&i=4" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956467&i=5" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25956220Re: Redirection (?) loop of "Granting service ticket"2009-10-19T03:46:40Z2009-10-19T03:46:40ZDiego BenedictophpCAS downloads are in <a href="http://www.ja-sig.org/downloads/cas-clients/php/" target="_top" rel="nofollow">http://www.ja-sig.org/downloads/cas-clients/php/</a><br><br>You have a phpCAS configured in Moodle to CASifiy it, right?
<br>So, you can try it with phpCAS 1.0.0 to check if your problem remains...
<br><br><br><blockquote class="quote light-black dark-border-color"><div class="quote light-border-color">
<div class="quote-author" style="font-weight: bold;">Giuseppe Sollazzo-2 wrote:</div>
<div class="quote-message shrinkable-quote">Hi Diego,
<br>interesting question - I'm actually not sure as I think it came with
<br>CAS? How can I check it?
<br><br>My setup was:
<br>1) install moodle
<br>2) install tomcat
<br>3) deploy the CAS webapp
<br><br><br>Thanks,
<br>Giuseppe
<br><br>Diego Benedicto wrote:
<br>> Hi,
<br>>
<br>> I had the same problem CASifying Wordpress and Dokuwiki with phpCAS 1.0.1,
<br>> but using phpCAS 1.0.0 it works perfectly
<br>>
<br>> Which phpCAS version are you using?
<br>>
<br>>
<br>>
<br>>
<br>>
<br>>
<br>> Giuseppe Sollazzo-2 wrote:
<br>>
<br>>> Hi all,
<br>>> I'm still trying to deal with this issue: when I try to authenticate
<br>>> over CAS via moodle, I get a sequence of (incrementally numbered)
<br>>> "Granting service tickets" that lead to nowhere (infinite loop on
<br>>> Explorer) or to a "Redirect loop" error on Firefox.
<br>>>
<br>>> Has anyone any idea of where this originates? I've read somewhere that
<br>>> it could depend of the self-signed certificate I'm currently using for
<br>>> testing, but found no hint about this on the wiki.
<br>>>
<br>>> Any help would be highly appreciated!
<br>>>
<br>>> Thanks,
<br>>> Giuseppe
<br>>>
<br>>> --
<br>>> Giuseppe Sollazzo
<br>>> Systems Developer / Administrator
<br>>>
<br>>> Computing Services
<br>>> St. George's, University of London
<br>>>
<br>>>
<br>>> --
<br>>> You are currently subscribed to cas-user@lists.jasig.org as:
<br>>> lists@nabble.com
<br>>> To unsubscribe, change settings or access archives, see
<br>>> <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>>>
<br>>>
<br>>>
<br>>
<br>>
<br><br><br>--
<br>Giuseppe Sollazzo
<br>Systems Developer / Administrator
<br><br>Computing Services
<br>St. George's, University of London
<br><br><br>--
<br>You are currently subscribed to cas-user@lists.jasig.org as: lists@nabble.com
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a></div>
</div></blockquote>
tag:old.nabble.com,2006:post-25956091Re: Redirection (?) loop of "Granting service ticket"2009-10-19T03:31:11Z2009-10-19T03:31:11ZGiuseppe Sollazzo-2Hi Diego,
<br>interesting question - I'm actually not sure as I think it came with
<br>CAS? How can I check it?
<br><br>My setup was:
<br>1) install moodle
<br>2) install tomcat
<br>3) deploy the CAS webapp
<br><br><br>Thanks,
<br>Giuseppe
<br><br>Diego Benedicto wrote:
<div class='shrinkable-quote'><br>> Hi,
<br>>
<br>> I had the same problem CASifying Wordpress and Dokuwiki with phpCAS 1.0.1,
<br>> but using phpCAS 1.0.0 it works perfectly
<br>>
<br>> Which phpCAS version are you using?
<br>>
<br>>
<br>>
<br>>
<br>>
<br>>
<br>> Giuseppe Sollazzo-2 wrote:
<br>>
<br>>> Hi all,
<br>>> I'm still trying to deal with this issue: when I try to authenticate
<br>>> over CAS via moodle, I get a sequence of (incrementally numbered)
<br>>> "Granting service tickets" that lead to nowhere (infinite loop on
<br>>> Explorer) or to a "Redirect loop" error on Firefox.
<br>>>
<br>>> Has anyone any idea of where this originates? I've read somewhere that
<br>>> it could depend of the self-signed certificate I'm currently using for
<br>>> testing, but found no hint about this on the wiki.
<br>>>
<br>>> Any help would be highly appreciated!
<br>>>
<br>>> Thanks,
<br>>> Giuseppe
<br>>>
<br>>> --
<br>>> Giuseppe Sollazzo
<br>>> Systems Developer / Administrator
<br>>>
<br>>> Computing Services
<br>>> St. George's, University of London
<br>>>
<br>>>
<br>>> --
<br>>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956091&i=0" target="_top" rel="nofollow">cas-user@...</a> as:
<br>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956091&i=1" target="_top" rel="nofollow">lists@...</a>
<br>>> To unsubscribe, change settings or access archives, see
<br>>> <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>>>
<br>>>
<br>>>
<br>>
<br>>
</div><br><br>--
<br>Giuseppe Sollazzo
<br>Systems Developer / Administrator
<br><br>Computing Services
<br>St. George's, University of London
<br><br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956091&i=2" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25956091&i=3" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25955996Re: Redirection (?) loop of "Granting service ticket"2009-10-19T03:22:22Z2009-10-19T03:22:22ZDiego BenedictoHi,
<br><br>I had the same problem CASifying Wordpress and Dokuwiki with phpCAS 1.0.1, but using phpCAS 1.0.0 it works perfectly
<br><br>Which phpCAS version are you using?
<br><br><br><br><br><br><blockquote class="quote light-black dark-border-color"><div class="quote light-border-color">
<div class="quote-author" style="font-weight: bold;">Giuseppe Sollazzo-2 wrote:</div>
<div class="quote-message shrinkable-quote">Hi all,
<br>I'm still trying to deal with this issue: when I try to authenticate
<br>over CAS via moodle, I get a sequence of (incrementally numbered)
<br>"Granting service tickets" that lead to nowhere (infinite loop on
<br>Explorer) or to a "Redirect loop" error on Firefox.
<br><br>Has anyone any idea of where this originates? I've read somewhere that
<br>it could depend of the self-signed certificate I'm currently using for
<br>testing, but found no hint about this on the wiki.
<br><br>Any help would be highly appreciated!
<br><br>Thanks,
<br>Giuseppe
<br><br>--
<br>Giuseppe Sollazzo
<br>Systems Developer / Administrator
<br><br>Computing Services
<br>St. George's, University of London
<br><br><br>--
<br>You are currently subscribed to cas-user@lists.jasig.org as: lists@nabble.com
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a></div>
</div></blockquote>
tag:old.nabble.com,2006:post-25955255Redirection (?) loop of "Granting service ticket"2009-10-19T02:08:19Z2009-10-19T02:08:19ZGiuseppe Sollazzo-2Hi all,
<br>I'm still trying to deal with this issue: when I try to authenticate
<br>over CAS via moodle, I get a sequence of (incrementally numbered)
<br>"Granting service tickets" that lead to nowhere (infinite loop on
<br>Explorer) or to a "Redirect loop" error on Firefox.
<br><br>Has anyone any idea of where this originates? I've read somewhere that
<br>it could depend of the self-signed certificate I'm currently using for
<br>testing, but found no hint about this on the wiki.
<br><br>Any help would be highly appreciated!
<br><br>Thanks,
<br>Giuseppe
<br><br>--
<br>Giuseppe Sollazzo
<br>Systems Developer / Administrator
<br><br>Computing Services
<br>St. George's, University of London
<br><br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25955255&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25955255&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25950962Help using CAS web service using API from Java client2009-10-18T15:04:59Z2009-10-18T15:04:59Zrn000Hi,<div><br></div><div>I have CAS server set up successfully and SSO login works without any issues. Now, I want to using a Java client to do single sign-on using the RESTful API and I am running into issues. Can you please help?</div>
<div><br></div><div>The documentation seems straight-forward but I can't seem to get it to work. This is my configuration in CAS server - </div><div><span class="Apple-style-span" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; line-height: 17px; -webkit-border-horizontal-spacing: 2px; -webkit-border-vertical-spacing: 2px; "><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><servlet></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><servlet-name></span>restlet<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></servlet-name></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><servlet-class></span>com.noelios.restlet.ext.spring.RestletFrameworkServlet<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></servlet-class></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><load-on-startup></span>1<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></load-on-startup></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></servlet></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><servlet-mapping></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><servlet-name></span>restlet<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></servlet-name></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><url-pattern></span>/v1/*<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></url-pattern></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></servlet-mapping></span></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"><br></font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091">In pom.xml, I have this </font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-family: Helvetica, Arial, sans-serif; line-height: 17px; white-space: normal; "><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><dependency></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><groupId></span>org.jasig.cas<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></groupId></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><artifactId></span>cas-server-integration-restlet<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></artifactId></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><version></span>3.3.3<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></version></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "><type></span>jar<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></type></span>
<span class="code-tag" style="color: rgb(0, 0, 145); background-color: inherit; "></dependency></span></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"><br></font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091">I have cas server version 3.3.3. I use Apache Http client to do the posting like this - </font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091">String data = "username="+URLEncoder.encode(username) + "&password=" + URLEncoder.encode(password);</font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091">HttpClient client = new HttpClient();
PostMethod post = new PostMethod(casServerUrl);
post.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
post.setRequestBody(data);
int tgtStatus = client.executeMethod(post);
String response = post.getResponseBodyAsString();
<br></font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091">I am getting a http 302 status and an empty response back. I also tried constructing a http post using java URLConnection and I get the login page back as part of the response.</font></pre>
<pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"><br></font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091">In CAS client, I am posting to url - </font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"><a href="https://casserver:8443/cas/" target="_top" rel="nofollow">https://casserver:8443/cas/</a><span class="Apple-style-span" style="color: rgb(0, 0, 0); ">v1/tickets</span></font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"><br></font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"><span class="Apple-style-span" style="color: rgb(0, 0, 0); "><span class="Apple-style-span" style="color: rgb(0, 0, 145); ">am I doing something wrong?</span></span></font></pre>
<pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"><br></font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"><span class="Apple-style-span" style="color: rgb(0, 0, 0); "><span class="Apple-style-span" style="color: rgb(0, 0, 145); ">thanks,</span></span></font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"><span class="Apple-style-span" style="color: rgb(0, 0, 0); "><span class="Apple-style-span" style="color: rgb(0, 0, 145); ">Ramya </span></span></font></pre><pre class="code-xml" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 10px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; text-align: left; overflow-x: auto; overflow-y: auto; font-family: 'Courier New', Courier, monospace; line-height: 1.3; ">
<font class="Apple-style-span" color="#000091"> </font></pre></span></font></pre></span></div>
<pre>-- <br />You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25950962&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25950962&i=1" target="_top" rel="nofollow">lists@...</a><br />To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user</pre>tag:old.nabble.com,2006:post-25950941spenego setup, kinit error2009-10-18T15:01:53Z2009-10-18T15:01:53ZDave RadtkeI'm trying to configure spenego, and am having a problem when verifying the keytab file
<br><br>When I test via kinit I get the krb_error 41 . I have tried jdk 1.5.20 and 1.6.20 but I get the same error in both. I have been googleing this error, and havent found any soltions. I have verified the server and my PC's time are in sync. If I tried in an invalid passowrd, or bogus user account I get diffents erros (ie, pre authenitcation failed)
<br><br>I'm a bit confussed about the difference between a domain and a Realm. in LDAP our domain is creata.com (I have this working in CAS) But when I log into windows the domain is Creata, in siturations when I have to login and specify the domain I use creata\dradtk. When looking at my account in AD, in the dropdown next to login name its @creata.com, but in the "login username (pre windows 2000)" its CREATA\ We tried creating a keypass with "/princ HTTP/cpaus-dradtk.creata.com@CREATA.COM" but I got the same error when testing
<br><br>Does anyone have any ideas?
<br><br>Thanks
<br>Dave
<br><br><b>Our Admin created the keytab</b><br>ktpass.exe /out cpaus-dradtk-tomcat.keytab /princ HTTP/cpaus-dradtk.creata.com@CREATA /pass ******** /mapuser cpaus-dradtk-tomcat /ptype krb5_nt_principal /crypto rc4-hmac-nt
<br><br><br><b>My Testing:</b><br>C:\Program Files\Java\jdk1.6.0_16\bin>klist -k
<br><br>Key tab: D:\tmp\CAS\tomcat1\webapps\cas\WEB-INF\cpaus-dradtk-tomcat.keytab, 1 entry found.
<br><br>[1] Service principal: HTTP/cpaus-dradtk.creata.com@CREATA
<br> KVNO: 1
<br>
<br>
<br>C:\Program Files\Java\jdk1.6.0_16\bin>kinit
<br>Password for dradtk@CREATA:
<br>Exception: krb_error 41 Message stream modified (41) Message stream modified
<br>KrbException: Message stream modified (41)
<br> at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:53)
<br> at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:96)
<br> at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
<br> at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:407)
<br> at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:316)
<br> at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:257)
<br> at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:107)
<br><br><br><br><b>C:\Windows\krb.ini (JDK 6)
<br>C:\winnt\krb.ini (JDK 5)</b><br>[logging]
<br> default = FILE:C:\windows\krb5libs.log
<br> kdc = FILE:C:\windows\krb5kdc.log
<br> admin_server = FILE:C:\windows\kadmind.log
<br><br>[libdefaults]
<br> ticket_lifetime = 24000
<br> default_realm = CREATA
<br> default_keytab_name = D:\tmp\CAS\tomcat1\webapps\cas\WEB-INF\cpaus-dradtk-tomcat.keytab
<br> dns_lookup_realm = false
<br> dns_lookup_kdc = false
<br> default_tkt_enctypes = rc4-hmac
<br> default_tgs_enctypes = rc4-hmac
<br><br>[realms]
<br> CREATA = {
<br> kdc = creataauad1.creata.com:88
<br> }
<br><br>[domain_realm]
<br> .creata= CREATA
<br> creata= CREATA
<br> .creata.com= CREATA
<br> creata.com= CREATA
<br><br><b>When Testing in CAS</b><br>2009-10-19 08:48:20,597 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler failed to authenticate the user which provided the following credentials: Principal is null>
<br>tag:old.nabble.com,2006:post-25935054Re: CAS 3.3.4 & attributeRepository2009-10-16T20:13:14Z2009-10-16T20:13:14Zscott_battagliaThis JavaDoc should help:<br><a href="http://developer.jasig.org/projects/person-directory/1.5.0-RC6/apidocs/org/jasig/services/persondir/support/ldap/LdapPersonAttributeDao.html" target="_top" rel="nofollow">http://developer.jasig.org/projects/person-directory/1.5.0-RC6/apidocs/org/jasig/services/persondir/support/ldap/LdapPersonAttributeDao.html</a><br>
<br>Cheers,<br>Scott<br><br><div class="gmail_quote">On Thu, Oct 15, 2009 at 10:23 AM, Pavlos Drandakis <span dir="ltr"><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25935054&i=0" target="_top" rel="nofollow">pdrados@...</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi all,<br>
<br>
I am trying to deploy CAS server 3.3.4 using my old (CAS 3.3.3) deployerConfigContext.xml but I am getting these exceptions:<br>
<br>
Error creating bean with name 'attributeRepository' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'query' of bean class [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao]: Bean property 'query' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?<br>
<br>
Error creating bean with name 'attributeRepository' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'ldapAttributesToPortalAttributes' of bean class [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao]: Bean property 'ldapAttributesToPortalAttributes' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?<br>
<br>
This is what I have in my deployerConfigContext.xml about attributeRepository:<br>
<br>
<bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"><br>
<property name="baseDN" value="dc=X,dc=Y" /><br>
<property name="query" value="(uid={0})" /><br>
<property name="contextSource" ref="contextSource"/><br>
<property name="ldapAttributesToPortalAttributes"><br>
<map><br>
<entry key="attribute1" value="attribute1" /><br>
</map><br>
</property><br>
</bean><br>
<br>
<br>
As far as I can tell, this happens because of the new Person Directory API, that is used in this release... If true, what should be the appropriate configuration for attributeRepository bean?<br>
<br>
Thanks,<br>
Pavlos<br><font color="#888888">
<br>
-- <br>
You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25935054&i=1" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25935054&i=2" target="_top" rel="nofollow">scott.battaglia@...</a><br>
To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_blank" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>
</font></blockquote></div><br>
<pre>-- <br />You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25935054&i=3" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25935054&i=4" target="_top" rel="nofollow">lists@...</a><br />To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user</pre>tag:old.nabble.com,2006:post-25933580help with - Step 5: CASify HelloWorld Servlet2009-10-16T15:42:30Z2009-10-16T15:42:30Zmichael thorne-5I'm working through the Demo at
<br><br><a href="http://www.ja-sig.org/wiki/display/CASUM/Demo" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/CASUM/Demo</a><br><br>and Tomcat is throwing a 500 error. :-(
<br><br>The server is running RHEL 5.3 with the IBM Java.
<br><br>[~] $ java -version
<br><br> java version "1.5.0"
<br> Java(TM) 2 Runtime Environment, Standard Edition
<br> (build pxa64dev-20090707 (SR10))
<br> IBM J9 VM build 2.3, J2RE 1.5.0 IBM J9 2.3
<br> Linux amd64-64 j9vmxa6423-20090707 (JIT enabled)
<br> J9VM - 20090706_38445_LHdSMr
<br> JIT - 20090623_1334_r8
<br> GC - 200906_09
<br> JCL - 20090705
<br><br>CAS is running I can use the default login/out URLs and
<br>see the green "successful" messages.
<br><br> I've attached the web.xml file with the CAS filter
<br>declarations and the 500 error message with the stack
<br>trace.
<br><br> Something to do with the "PKIX path building failed" ...
<br>"unable to find valid certification path to requested target"
<br><br>???
<br><br>Suggestions please.
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25933580&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25933580&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br /><?xml version="1.0" encoding="ISO-8859-1"?>
<br><!--
<br> Licensed to the Apache Software Foundation (ASF) under one or more
<br> contributor license agreements. See the NOTICE file distributed with
<br> this work for additional information regarding copyright ownership.
<br> The ASF licenses this file to You under the Apache License, Version 2.0
<br> (the "License"); you may not use this file except in compliance with
<br> the License. You may obtain a copy of the License at
<br><br> <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br><br> Unless required by applicable law or agreed to in writing, software
<br> distributed under the License is distributed on an "AS IS" BASIS,
<br> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br> See the License for the specific language governing permissions and
<br> limitations under the License.
<br>-->
<br><br><web-app xmlns="<a href="http://java.sun.com/xml/ns/j2ee" target="_top" rel="nofollow">http://java.sun.com/xml/ns/j2ee</a>"
<br> xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_top" rel="nofollow">http://www.w3.org/2001/XMLSchema-instance</a>"
<br> xsi:schemaLocation="<a href="http://java.sun.com/xml/ns/j2ee" target="_top" rel="nofollow">http://java.sun.com/xml/ns/j2ee</a> <a href="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" target="_top" rel="nofollow">http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd</a>"
<br> version="2.4">
<br><br> <display-name>Servlet 2.4 Examples</display-name>
<br> <description>
<br> Servlet 2.4 Examples.
<br> </description>
<br><br> <!-- Define servlet-mapped and path-mapped example filters -->
<br> <filter>
<br> <filter-name>Servlet Mapped Filter</filter-name>
<br> <filter-class>filters.ExampleFilter</filter-class>
<br> <init-param>
<br> <param-name>attribute</param-name>
<br> <param-value>filters.ExampleFilter.SERVLET_MAPPED</param-value>
<br> </init-param>
<br> </filter>
<br> <filter>
<br> <filter-name>Path Mapped Filter</filter-name>
<br> <filter-class>filters.ExampleFilter</filter-class>
<br> <init-param>
<br> <param-name>attribute</param-name>
<br> <param-value>filters.ExampleFilter.PATH_MAPPED</param-value>
<br> </init-param>
<br> </filter>
<br> <filter>
<br> <filter-name>Request Dumper Filter</filter-name>
<br> <filter-class>filters.RequestDumperFilter</filter-class>
<br> </filter>
<br><br> <!-- Example filter to set character encoding on each request -->
<br> <filter>
<br> <filter-name>Set Character Encoding</filter-name>
<br> <filter-class>filters.SetCharacterEncodingFilter</filter-class>
<br> <init-param>
<br> <param-name>encoding</param-name>
<br> <param-value>EUC_JP</param-value>
<br> </init-param>
<br> </filter>
<br><br> <filter>
<br> <filter-name>Compression Filter</filter-name>
<br> <filter-class>compressionFilters.CompressionFilter</filter-class>
<br><br> <init-param>
<br> <param-name>compressionThreshold</param-name>
<br> <param-value>10</param-value>
<br> </init-param>
<br> <init-param>
<br> <param-name>debug</param-name>
<br> <param-value>0</param-value>
<br> </init-param>
<br> </filter>
<br><br><filter>
<br><filter-name>CAS Filter</filter-name>
<br><filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<br><init-param>
<br><param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<br><param-value><a href="https://jordan.bccampus.ca/cas/login" target="_top" rel="nofollow">https://jordan.bccampus.ca/cas/login</a></param-value> <!-- :8443 -->
<br></init-param>
<br><init-param>
<br><param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<br><param-value><a href="https://jordan.bccampus.ca/cas/serviceValidate" target="_top" rel="nofollow">https://jordan.bccampus.ca/cas/serviceValidate</a></param-value> <!-- :8443 -->
<br></init-param>
<br><init-param>
<br><param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<br><param-value>jordan.bccampus.ca</param-value> <!-- :8080 -->
<br></init-param>
<br></filter>
<br><br> <!-- Define filter mappings for the defined filters -->
<br> <filter-mapping>
<br> <filter-name>Servlet Mapped Filter</filter-name>
<br> <servlet-name>invoker</servlet-name>
<br> </filter-mapping>
<br> <filter-mapping>
<br> <filter-name>Path Mapped Filter</filter-name>
<br> <url-pattern>/servlet/*</url-pattern>
<br> </filter-mapping>
<br><br><filter-mapping>
<br> <filter-name>CAS Filter</filter-name>
<br> <url-pattern>/servlet/HelloWorldExample</url-pattern>
<br></filter-mapping>
<br><br><br><!-- Example filter mapping to apply the "Set Character Encoding" filter
<br> to *all* requests processed by this web application -->
<br><!--
<br> <filter-mapping>
<br> <filter-name>Set Character Encoding</filter-name>
<br> <url-pattern>/*</url-pattern>
<br> </filter-mapping>
<br>-->
<br><br><!--
<br> <filter-mapping>
<br> <filter-name>Compression Filter</filter-name>
<br> <url-pattern>/CompressionTest</url-pattern>
<br> </filter-mapping>
<br>-->
<br><br><!--
<br> <filter-mapping>
<br> <filter-name>Request Dumper Filter</filter-name>
<br> <url-pattern>/*</url-pattern>
<br> </filter-mapping>
<br>-->
<br><br> <!-- Define example application events listeners -->
<br> <listener>
<br> <listener-class>listeners.ContextListener</listener-class>
<br> </listener>
<br> <listener>
<br> <listener-class>listeners.SessionListener</listener-class>
<br> </listener>
<br><br> <!-- Define servlets that are included in the example application -->
<br><br> <servlet>
<br> <servlet-name>CompressionFilterTestServlet</servlet-name>
<br> <servlet-class>compressionFilters.CompressionFilterTestServlet</servlet-class>
<br> </servlet>
<br> <servlet>
<br> <servlet-name>HelloWorldExample</servlet-name>
<br> <servlet-class>HelloWorldExample</servlet-class>
<br> </servlet>
<br> <servlet>
<br> <servlet-name>RequestInfoExample</servlet-name>
<br> <servlet-class>RequestInfoExample</servlet-class>
<br> </servlet>
<br> <servlet>
<br> <servlet-name>RequestHeaderExample</servlet-name>
<br> <servlet-class>RequestHeaderExample</servlet-class>
<br> </servlet>
<br> <servlet>
<br> <servlet-name>RequestParamExample</servlet-name>
<br> <servlet-class>RequestParamExample</servlet-class>
<br> </servlet>
<br> <servlet>
<br> <servlet-name>CookieExample</servlet-name>
<br> <servlet-class>CookieExample</servlet-class>
<br> </servlet>
<br> <servlet>
<br> <servlet-name>SessionExample</servlet-name>
<br> <servlet-class>SessionExample</servlet-class>
<br> </servlet>
<br><br> <servlet-mapping>
<br> <servlet-name>CompressionFilterTestServlet</servlet-name>
<br> <url-pattern>/CompressionTest</url-pattern>
<br> </servlet-mapping>
<br> <servlet-mapping>
<br> <servlet-name>HelloWorldExample</servlet-name>
<br> <url-pattern>/servlet/HelloWorldExample</url-pattern>
<br> </servlet-mapping>
<br> <servlet-mapping>
<br> <servlet-name>RequestInfoExample</servlet-name>
<br> <url-pattern>/servlet/RequestInfoExample/*</url-pattern>
<br> </servlet-mapping>
<br> <servlet-mapping>
<br> <servlet-name>RequestHeaderExample</servlet-name>
<br> <url-pattern>/servlet/RequestHeaderExample</url-pattern>
<br> </servlet-mapping>
<br> <servlet-mapping>
<br> <servlet-name>RequestParamExample</servlet-name>
<br> <url-pattern>/servlet/RequestParamExample</url-pattern>
<br> </servlet-mapping>
<br> <servlet-mapping>
<br> <servlet-name>CookieExample</servlet-name>
<br> <url-pattern>/servlet/CookieExample</url-pattern>
<br> </servlet-mapping>
<br> <servlet-mapping>
<br> <servlet-name>SessionExample</servlet-name>
<br> <url-pattern>/servlet/SessionExample</url-pattern>
<br> </servlet-mapping>
<br><br> <security-constraint>
<br> <display-name>Example Security Constraint</display-name>
<br> <web-resource-collection>
<br> <web-resource-name>Protected Area</web-resource-name>
<br> <!-- Define the context-relative URL(s) to be protected -->
<br> <url-pattern>/jsp/security/protected/*</url-pattern>
<br> <!-- If you list http methods, only those methods are protected -->
<br> <http-method>DELETE</http-method>
<br> <http-method>GET</http-method>
<br> <http-method>POST</http-method>
<br> <http-method>PUT</http-method>
<br> </web-resource-collection>
<br> <auth-constraint>
<br> <!-- Anyone with one of the listed roles may access this area -->
<br> <role-name>tomcat</role-name>
<br> <role-name>role1</role-name>
<br> </auth-constraint>
<br> </security-constraint>
<br><br> <!-- Default login configuration uses form-based authentication -->
<br> <login-config>
<br> <auth-method>FORM</auth-method>
<br> <realm-name>Example Form-Based Authentication Area</realm-name>
<br> <form-login-config>
<br> <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<br> <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
<br> </form-login-config>
<br> </login-config>
<br><br> <!-- Security roles referenced by this web application -->
<br> <security-role>
<br> <role-name>role1</role-name>
<br> </security-role>
<br> <security-role>
<br> <role-name>tomcat</role-name>
<br> </security-role>
<br><br> <!-- Environment entry examples -->
<br> <!--env-entry>
<br> <env-entry-description>
<br> The maximum number of tax exemptions allowed to be set.
<br> </env-entry-description>
<br> <env-entry-name>maxExemptions</env-entry-name>
<br> <env-entry-value>15</env-entry-value>
<br> <env-entry-type>java.lang.Integer</env-entry-type>
<br> </env-entry-->
<br> <env-entry>
<br> <env-entry-name>minExemptions</env-entry-name>
<br> <env-entry-type>java.lang.Integer</env-entry-type>
<br> <env-entry-value>1</env-entry-value>
<br> </env-entry>
<br> <env-entry>
<br> <env-entry-name>foo/name1</env-entry-name>
<br> <env-entry-type>java.lang.String</env-entry-type>
<br> <env-entry-value>value1</env-entry-value>
<br> </env-entry>
<br> <env-entry>
<br> <env-entry-name>foo/bar/name2</env-entry-name>
<br> <env-entry-type>java.lang.Boolean</env-entry-type>
<br> <env-entry-value>true</env-entry-value>
<br> </env-entry>
<br> <env-entry>
<br> <env-entry-name>name3</env-entry-name>
<br> <env-entry-type>java.lang.Integer</env-entry-type>
<br> <env-entry-value>1</env-entry-value>
<br> </env-entry>
<br> <env-entry>
<br> <env-entry-name>foo/name4</env-entry-name>
<br> <env-entry-type>java.lang.Integer</env-entry-type>
<br> <env-entry-value>10</env-entry-value>
<br> </env-entry>
<br><br></web-app>
<br><br><br /><html><head><title>Apache Tomcat/5.5.23 - Error report</title> </head><body><h1>HTTP Status 500 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>The server encountered an internal error () that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://jordan.bccampus.ca/cas/serviceValidate] ticket=[ST-6-nvCOGCdgwpJsIuLSeD21-cas] service=[http%3A%2F%2Fjordan.bccampus.ca%2Fservlets-examples%2Fservlet%2FHelloWorldExample] renew=false]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
filters.ExampleFilter.doFilter(ExampleFilter.java:102)
</pre></p><p><b>root cause</b> <pre>edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://jordan.bccampus.ca/cas/serviceValidate] ticket=[ST-6-nvCOGCdgwpJsIuLSeD21-cas] service=[http%3A%2F%2Fjordan.bccampus.ca%2Fservlets-examples%2Fservlet%2FHelloWorldExample] renew=false]]]
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
filters.ExampleFilter.doFilter(ExampleFilter.java:102)
</pre></p><p><b>root cause</b> <pre>javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
com.ibm.jsse2.n.a(n.java:3)
com.ibm.jsse2.jc.a(jc.java:501)
com.ibm.jsse2.db.a(db.java:144)
com.ibm.jsse2.db.a(db.java:416)
com.ibm.jsse2.eb.a(eb.java:89)
com.ibm.jsse2.eb.a(eb.java:291)
com.ibm.jsse2.db.m(db.java:192)
com.ibm.jsse2.db.a(db.java:79)
com.ibm.jsse2.jc.a(jc.java:184)
com.ibm.jsse2.jc.g(jc.java:257)
com.ibm.jsse2.jc.a(jc.java:361)
com.ibm.jsse2.jc.startHandshake(jc.java:304)
com.ibm.net.ssl.www2.protocol.https.b.afterConnect(b.java:125)
com.ibm.net.ssl.www2.protocol.https.c.connect(c.java:28)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:959)
com.ibm.net.ssl.www2.protocol.https.a.getInputStream(a.java:34)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
filters.ExampleFilter.doFilter(ExampleFilter.java:102)
</pre></p><p><b>root cause</b> <pre>com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
com.ibm.jsse2.util.f.b(f.java:49)
com.ibm.jsse2.util.f.b(f.java:16)
com.ibm.jsse2.util.e.a(e.java:2)
com.ibm.jsse2.yb.checkServerTrusted(yb.java:46)
com.ibm.jsse2.hb.checkServerTrusted(hb.java:22)
com.ibm.jsse2.eb.a(eb.java:8)
com.ibm.jsse2.eb.a(eb.java:291)
com.ibm.jsse2.db.m(db.java:192)
com.ibm.jsse2.db.a(db.java:79)
com.ibm.jsse2.jc.a(jc.java:184)
com.ibm.jsse2.jc.g(jc.java:257)
com.ibm.jsse2.jc.a(jc.java:361)
com.ibm.jsse2.jc.startHandshake(jc.java:304)
com.ibm.net.ssl.www2.protocol.https.b.afterConnect(b.java:125)
com.ibm.net.ssl.www2.protocol.https.c.connect(c.java:28)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:959)
com.ibm.net.ssl.www2.protocol.https.a.getInputStream(a.java:34)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
filters.ExampleFilter.doFilter(ExampleFilter.java:102)
</pre></p><p><b>root cause</b> <pre>java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target
com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:379)
com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:195)
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:215)
com.ibm.jsse2.util.f.b(f.java:82)
com.ibm.jsse2.util.f.b(f.java:16)
com.ibm.jsse2.util.e.a(e.java:2)
com.ibm.jsse2.yb.checkServerTrusted(yb.java:46)
com.ibm.jsse2.hb.checkServerTrusted(hb.java:22)
com.ibm.jsse2.eb.a(eb.java:8)
com.ibm.jsse2.eb.a(eb.java:291)
com.ibm.jsse2.db.m(db.java:192)
com.ibm.jsse2.db.a(db.java:79)
com.ibm.jsse2.jc.a(jc.java:184)
com.ibm.jsse2.jc.g(jc.java:257)
com.ibm.jsse2.jc.a(jc.java:361)
com.ibm.jsse2.jc.startHandshake(jc.java:304)
com.ibm.net.ssl.www2.protocol.https.b.afterConnect(b.java:125)
com.ibm.net.ssl.www2.protocol.https.c.connect(c.java:28)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:959)
com.ibm.net.ssl.www2.protocol.https.a.getInputStream(a.java:34)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
filters.ExampleFilter.doFilter(ExampleFilter.java:102)
</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/5.5.23 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/5.5.23</h3></body></html>tag:old.nabble.com,2006:post-25919347Re: Hardware for CAS server2009-10-15T20:35:15Z2009-10-15T20:35:15Zscott_battagliaYour ram and disk should be more than fine. We generally deploy on Sun Hardware so I'm not sure I can compare the processors (if you're familiar with both, then we use the Sun T5120)<br><br><br><div class="gmail_quote">
On Thu, Oct 15, 2009 at 11:58 AM, Gustavo Hartmann <span dir="ltr"><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25919347&i=0" target="_top" rel="nofollow">gustavo.hartmann@...</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" lang="EN-GB">
<div>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US">Hi,</span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US"> </span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US">We’re buying new kit for our CAS server and
wondered what the right spec would be? These are the application requirements:</span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US"> </span></font></p>
<p class="MsoNormal" style="margin-left: 18pt;"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US"><span>1)<font size="1" face="Times New Roman"><span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"> </span></font></span></span></font><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US">Total
30 thousand users in the system: peaks of 300 to 500 simultaneous logins</span></font></p>
<p class="MsoNormal" style="margin-left: 18pt;"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US"><span>2)<font size="1" face="Times New Roman"><span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"> </span></font></span></span></font><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US">We’re
using CentOS 64-bit and Tomcat</span></font></p>
<p class="MsoNormal" style="margin-left: 18pt;"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US"><span>3)<font size="1" face="Times New Roman"><span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"> </span></font></span></span></font><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US">Authentication
is based on a REST web service that talks to a MySQL database.</span></font></p>
<p class="MsoNormal" style="margin-left: 18pt;"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US"><span>4)<font size="1" face="Times New Roman"><span style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"> </span></font></span></span></font><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US">Server
will not be dedicated as we will have other tomcat apps running on it</span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US"> </span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US">This is what we were thinking in terms of hardware:</span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="EN-US"> </span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;" lang="PT-BR">Dell Core2Duo E7300 (2x2.66GHz)</span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;">8GB of RAM</span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;">2x250GB SATA2 RAID1</span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;"> </span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;">Any thoughts are welcome. Not sure whether CPU, RAM or Disk is
the most important bit here.</span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;"> </span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;">Thanks,</span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;">Gustavo</span></font></p>
</div>
<pre>-- <font color="#888888"><br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25919347&i=1" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25919347&i=2" target="_top" rel="nofollow">scott.battaglia@...</a><br>
To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_blank" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a></font></pre>
</div>
</blockquote></div><br>
<pre>-- <br />You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25919347&i=3" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25919347&i=4" target="_top" rel="nofollow">lists@...</a><br />To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user</pre>tag:old.nabble.com,2006:post-25912967Re: cas+ldap [beginner's?] problem2009-10-15T10:40:40Z2009-10-15T10:40:40ZTechnolithicSorry guys, I think I'm going to give up on trying to understand this.
<br> There's too many holes in my understanding and I'm getting into a
<br>rut of frustration with it.
<br><br><br>Quoting <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25912967&i=0" target="_top" rel="nofollow">ashj@...</a>:
<br><div class='shrinkable-quote'><br>> Thanks, Marvin, I found the protocol documents which helped. I
<br>> agree with incorporating diagrams into the protocol documents and I
<br>> agree with adding more links if they help to clear up the
<br>> information already provided.
<br>>
<br>> Here is a sequence diagram in as much as I understand about using
<br>> CAS with an SSO solution. In my scenario the back-end service is an
<br>> LDAP server. Client is the browser, Service is the WebApp, and
<br>> Server is the CAS Server. I'm lacking confidence that this is 100%
<br>> correct.
<br>>
<br>> ---------- ----------- ---------- --------------------
<br>> | Client | | Service | | Server | | Back-end Service |
<br>> ---------- ----------- ---------- --------------------
<br>> |Request for webpage | |
<br>> |----------->| | |
<br>> | | | |
<br>> |Redirect to login url, provides ServiceID |
<br>> |<-----------| | |
<br>> | | | |
<br>> |Request login page, sends ServiceID (and ticket granting
<br>> cookie if already logged in)
<br>> |------------------------->| |
<br>> | | | |
<br>> |redirect to requested webpage (if already logged in)
<br>> |<-------------------------| |
<br>> | | | |
<br>> |GET request with service "ticket" as parameter (if already logged in)
<br>> |----------->| | |
<br>> | | | |
<br>> |Requested webpage (if already logged in) |
<br>> |<-----------| | |
<br>> | | | |
<br>> |Login Landing Page (if not logged in) or error page
<br>> |<-------------------------| |
<br>> | | | |
<br>> |POST credentials (username and password)
<br>> |------------------------->| |
<br>> | | | |
<br>> | | |Validates Username and Password
<br>> | | |---------------->|
<br>> | | | |
<br>> | | |Validation result|
<br>> | | |<----------------|
<br>> |Error page (on fail) | |
<br>> |<-------------------------| |
<br>> |Redirect to service with service ticket (on success)
<br>> |<-------------------------| |
<br>> | | | |
<br>> |GET request for service "ticket" as parameter (on success)
<br>> |----------->| | |
<br>> |Requested webpage (on success) |
<br>> |<-----------| | |
<br>> | | | |
<br>> | | | |
<br>> | | | |
<br>>
<br>>
<br>>
<br>>
<br>>
<br>>
<br>> Quoting Marvin Addison <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25912967&i=1" target="_top" rel="nofollow">marvin.addison@...</a>>:
<br>>
<br>>>> diagram that illustrates the most
<br>>>> current version of CAS and describes, in detail, the intricacies of
<br>>>> the relationships between components in a typical SSO solution
<br>>>
<br>>> The best place for a CAS SSO workflow diagram is in the protocol
<br>>> documents. I don't believe they contain a diagram currently, but I
<br>>> agree that a good diagram could be helpful to augment the verbal
<br>>> description of protocol interactions.
<br>>>
<br>>> If you would like to discuss SSO workflows in general, which is what I
<br>>> understand from the phrase "typical SSO solution," then that would be
<br>>> out of scope of the protocol documents. I would argue that a general
<br>>> discussion of SSO belongs on a general reference like Wikipedia, and
<br>>> that CAS deployers need to come to the CAS wiki with this background
<br>>> before diving into the details of CAS deployment. I believe a
<br>>> thoughtful bibliography of links to general SSO resources would better
<br>>> serve our audience on the CASUM wiki.
<br>>>
<br>>> M
<br>>>
<br>>> --
<br>>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25912967&i=2" target="_top" rel="nofollow">cas-user@...</a> as:
<br>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25912967&i=3" target="_top" rel="nofollow">ashj@...</a>
<br>>> To unsubscribe, change settings or access archives, see
<br>>> <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>>>
<br>>>
<br>>
<br>>
<br>>
<br>> --
<br>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25912967&i=4" target="_top" rel="nofollow">cas-user@...</a> as:
<br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25912967&i=5" target="_top" rel="nofollow">ashj@...</a>
<br>> To unsubscribe, change settings or access archives, see
<br>> <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>>
<br>>
</div><br><br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25912967&i=6" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25912967&i=7" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25911243Hardware for CAS server2009-10-15T08:58:26Z2009-10-15T08:58:26ZGustavo Hartmann<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
</head>
<body lang=EN-GB link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Hi,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>We’re buying new kit for our CAS server and
wondered what the right spec would be? These are the application requirements:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-left:18.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'><span style='mso-list:Ignore'>1)<font size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'> </span></font></span></span></font><![endif]><font size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'>Total
30 thousand users in the system: peaks of 300 to 500 simultaneous logins<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:18.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'><span style='mso-list:Ignore'>2)<font size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'> </span></font></span></span></font><![endif]><font size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'>We’re
using CentOS 64-bit and Tomcat<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:18.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'><span style='mso-list:Ignore'>3)<font size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'> </span></font></span></span></font><![endif]><font size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'>Authentication
is based on a REST web service that talks to a MySQL database.<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:18.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'><span style='mso-list:Ignore'>4)<font size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'> </span></font></span></span></font><![endif]><font size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'>Server
will not be dedicated as we will have other tomcat apps running on it<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>This is what we were thinking in terms of hardware:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=PT-BR style='font-size:
10.0pt;font-family:Arial'>Dell Core2Duo E7300 (2x2.66GHz)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>8GB of RAM<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>2x250GB SATA2 RAID1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Any thoughts are welcome. Not sure whether CPU, RAM or Disk is
the most important bit here.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Gustavo<o:p></o:p></span></font></p>
</div>
<pre>-- <br />You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25911243&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25911243&i=1" target="_top" rel="nofollow">lists@...</a><br />To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user</pre>
</BODY>
</html>
tag:old.nabble.com,2006:post-25910914Re: Does the JPA Ticket Registry stuff work for CAS 3.3.4?2009-10-15T08:40:24Z2009-10-15T08:40:24ZCurtis Garmanthe wiki should probably be updated with a different bean name than
<br>"datasource" so that others don't get the collision between
<br>datasources...especially if no error is produced on startup to flag
<br>the issue.
<br><br>On Thu, Oct 15, 2009 at 10:38 AM, Curtis Garman <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910914&i=0" target="_top" rel="nofollow">curt.garman@...</a>> wrote:
<div class='shrinkable-quote'><br>> Ok, I found out why it created the tables in the portal database but a
<br>> couple things are still a little fuzzy. I found a datasource in the
<br>> deployerConfigContext.xml pointing to it...but I didn't put it
<br>> there...it looks like it copied the credentials from the
<br>> datasource.properties file of the portal so two things
<br>>
<br>> 1) I ended up with two beans with dataSource as their id (both the
<br>> default one in deployerConfigContext.xml and the one in the
<br>> ticketRegistry.xml file that were included in the configuration on the
<br>> wiki) and I don't understand why spring didn't complain about trying
<br>> to have two beans with the same id.
<br>>
<br>> 2) why does cas by default have a datasource bean when the default
<br>> configuration doesn't use it...hmm...but upon further exploration it
<br>> appears this datasource is nescessary to authenticate fragment owner
<br>> accounts and such
<br>>
<br>> I fixed the issue by changing the name of the datasource jpa uses to
<br>> casDataSource and changing the name of the bean being injected into
<br>> the entityManagerFactory...this seems to have fixed the problem.
<br>>
<br>> On Thu, Oct 15, 2009 at 8:49 AM, Curtis Garman <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910914&i=1" target="_top" rel="nofollow">curt.garman@...</a>> wrote:
<br>>> Ok...I'm actually testing 3.1.1 on both a windows machine (laptop) and
<br>>> a linux server...I was trying to get it to work on my laptop...I tried
<br>>> the setup on the linux box and it worked fine...except (even though I
<br>>> pointed it to a different database) it still created the tables in my
<br>>> portal database. Any reason why this would happen? I couldn't see
<br>>> anything and as far as I know cas shouldn't even know my portal
<br>>> database exists
<br>>>
<br>>> On Mon, Oct 12, 2009 at 10:38 AM, Marvin Addison
<br>>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910914&i=2" target="_top" rel="nofollow">marvin.addison@...</a>> wrote:
<br>>>>> it actually looks like the cause of everything is the
<br>>>>> java.io.FileNotFoundException
<br>>>>>
<br>>>>> Caused by: java.io.FileNotFoundException:
<br>>>>> C:\Program%20Files\Apache%20Software%20Foundation\tomcat\6.0.18\jvm1\webapps\cas\WEB-INF\lib\cas-server-core-3.3.4.jar
<br>>>>> (The system cannot find the path specified)
<br>>>>> at java.util.zip.ZipFile.open(Native Method)
<br>>>>> at java.util.zip.ZipFile.<init>(ZipFile.java:114)
<br>>>>> at java.util.jar.JarFile.<init>(JarFile.java:133)
<br>>>>> at java.util.jar.JarFile.<init>(JarFile.java:97)
<br>>>>> at org.jboss.util.file.JarArchiveBrowser.<init>(JarArchiveBrowser.java:69)
<br>>>>> ... 64 more
<br>>>>
<br>>>> <a href="http://opensource.atlassian.com/projects/hibernate/browse/EJB-337" target="_top" rel="nofollow">http://opensource.atlassian.com/projects/hibernate/browse/EJB-337</a><br>>>> looks like a potential cause. Can you move your Tomcat such that the
<br>>>> path above would not contain spaces and try again?
<br>>>>
<br>>>> M
<br>>>>
<br>>>> --
<br>>>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910914&i=3" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910914&i=4" target="_top" rel="nofollow">curt.garman@...</a>
<br>>>> To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>>>>
<br>>>
<br>>>
<br>>>
<br>>> --
<br>>> Curtis Garman
<br>>> Web Programmer
<br>>> Heartland Community College
<br>>>
<br>>
<br>>
<br>>
<br>> --
<br>> Curtis Garman
<br>> Web Programmer
<br>> Heartland Community College
<br>>
</div><br><br><br>--
<br>Curtis Garman
<br>Web Programmer
<br>Heartland Community College
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910914&i=5" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910914&i=6" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br><br>tag:old.nabble.com,2006:post-25910893Re: Does the JPA Ticket Registry stuff work for CAS 3.3.4?2009-10-15T08:38:51Z2009-10-15T08:38:51ZCurtis GarmanOk, I found out why it created the tables in the portal database but a
<br>couple things are still a little fuzzy. I found a datasource in the
<br>deployerConfigContext.xml pointing to it...but I didn't put it
<br>there...it looks like it copied the credentials from the
<br>datasource.properties file of the portal so two things
<br><br>1) I ended up with two beans with dataSource as their id (both the
<br>default one in deployerConfigContext.xml and the one in the
<br>ticketRegistry.xml file that were included in the configuration on the
<br>wiki) and I don't understand why spring didn't complain about trying
<br>to have two beans with the same id.
<br><br>2) why does cas by default have a datasource bean when the default
<br>configuration doesn't use it...hmm...but upon further exploration it
<br>appears this datasource is nescessary to authenticate fragment owner
<br>accounts and such
<br><br>I fixed the issue by changing the name of the datasource jpa uses to
<br>casDataSource and changing the name of the bean being injected into
<br>the entityManagerFactory...this seems to have fixed the problem.
<br><br>On Thu, Oct 15, 2009 at 8:49 AM, Curtis Garman <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910893&i=0" target="_top" rel="nofollow">curt.garman@...</a>> wrote:
<div class='shrinkable-quote'><br>> Ok...I'm actually testing 3.1.1 on both a windows machine (laptop) and
<br>> a linux server...I was trying to get it to work on my laptop...I tried
<br>> the setup on the linux box and it worked fine...except (even though I
<br>> pointed it to a different database) it still created the tables in my
<br>> portal database. Any reason why this would happen? I couldn't see
<br>> anything and as far as I know cas shouldn't even know my portal
<br>> database exists
<br>>
<br>> On Mon, Oct 12, 2009 at 10:38 AM, Marvin Addison
<br>> <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910893&i=1" target="_top" rel="nofollow">marvin.addison@...</a>> wrote:
<br>>>> it actually looks like the cause of everything is the
<br>>>> java.io.FileNotFoundException
<br>>>>
<br>>>> Caused by: java.io.FileNotFoundException:
<br>>>> C:\Program%20Files\Apache%20Software%20Foundation\tomcat\6.0.18\jvm1\webapps\cas\WEB-INF\lib\cas-server-core-3.3.4.jar
<br>>>> (The system cannot find the path specified)
<br>>>> at java.util.zip.ZipFile.open(Native Method)
<br>>>> at java.util.zip.ZipFile.<init>(ZipFile.java:114)
<br>>>> at java.util.jar.JarFile.<init>(JarFile.java:133)
<br>>>> at java.util.jar.JarFile.<init>(JarFile.java:97)
<br>>>> at org.jboss.util.file.JarArchiveBrowser.<init>(JarArchiveBrowser.java:69)
<br>>>> ... 64 more
<br>>>
<br>>> <a href="http://opensource.atlassian.com/projects/hibernate/browse/EJB-337" target="_top" rel="nofollow">http://opensource.atlassian.com/projects/hibernate/browse/EJB-337</a><br>>> looks like a potential cause. Can you move your Tomcat such that the
<br>>> path above would not contain spaces and try again?
<br>>>
<br>>> M
<br>>>
<br>>> --
<br>>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910893&i=2" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910893&i=3" target="_top" rel="nofollow">curt.garman@...</a>
<br>>> To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>>>
<br>>
<br>>
<br>>
<br>> --
<br>> Curtis Garman
<br>> Web Programmer
<br>> Heartland Community College
<br>>
</div><br><br><br>--
<br>Curtis Garman
<br>Web Programmer
<br>Heartland Community College
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910893&i=4" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910893&i=5" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br><br>tag:old.nabble.com,2006:post-25910447Re: Does the JPA Ticket Registry stuff work for CAS 3.3.4?2009-10-15T08:00:41Z2009-10-15T08:00:41ZMarvin Addison> except (even though I
<br>> pointed it to a different database) it still created the tables in my
<br>> portal database. Any reason why this would happen?
<br><br>You're using the wrong JDBC URL in your CAS DataSource definition?
<br><br>M
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910447&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25910447&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25909569CAS 3.3.4 & attributeRepository2009-10-15T07:23:36Z2009-10-15T07:23:36ZPavlos Drandakis-2Hi all,
<br><br>I am trying to deploy CAS server 3.3.4 using my old (CAS 3.3.3)
<br>deployerConfigContext.xml but I am getting these exceptions:
<br><br>Error creating bean with name 'attributeRepository' defined in
<br>ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Error
<br>setting property values; nested exception is
<br>org.springframework.beans.NotWritablePropertyException: Invalid property
<br>'query' of bean class
<br>[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao]: Bean
<br>property 'query' is not writable or has an invalid setter method. Does
<br>the parameter type of the setter match the return type of the getter?
<br><br>Error creating bean with name 'attributeRepository' defined in
<br>ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Error
<br>setting property values; nested exception is
<br>org.springframework.beans.NotWritablePropertyException: Invalid property
<br>'ldapAttributesToPortalAttributes' of bean class
<br>[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao]: Bean
<br>property 'ldapAttributesToPortalAttributes' is not writable or has an
<br>invalid setter method. Does the parameter type of the setter match the
<br>return type of the getter?
<br><br>This is what I have in my deployerConfigContext.xml about
<br>attributeRepository:
<br><br><bean id="attributeRepository"
<br>class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<br> <property name="baseDN" value="dc=X,dc=Y" />
<br> <property name="query" value="(uid={0})" />
<br> <property name="contextSource" ref="contextSource"/>
<br> <property name="ldapAttributesToPortalAttributes">
<br> <map>
<br> <entry key="attribute1"
<br>value="attribute1" />
<br> </map>
<br> </property>
<br></bean>
<br><br><br>As far as I can tell, this happens because of the new Person Directory
<br>API, that is used in this release... If true, what should be the
<br>appropriate configuration for attributeRepository bean?
<br><br>Thanks,
<br>Pavlos
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25909569&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25909569&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25908995Re: Does the JPA Ticket Registry stuff work for CAS 3.3.4?2009-10-15T06:49:09Z2009-10-15T06:49:09ZCurtis GarmanOk...I'm actually testing 3.1.1 on both a windows machine (laptop) and
<br>a linux server...I was trying to get it to work on my laptop...I tried
<br>the setup on the linux box and it worked fine...except (even though I
<br>pointed it to a different database) it still created the tables in my
<br>portal database. Any reason why this would happen? I couldn't see
<br>anything and as far as I know cas shouldn't even know my portal
<br>database exists
<br><br>On Mon, Oct 12, 2009 at 10:38 AM, Marvin Addison
<br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908995&i=0" target="_top" rel="nofollow">marvin.addison@...</a>> wrote:
<div class='shrinkable-quote'><br>>> it actually looks like the cause of everything is the
<br>>> java.io.FileNotFoundException
<br>>>
<br>>> Caused by: java.io.FileNotFoundException:
<br>>> C:\Program%20Files\Apache%20Software%20Foundation\tomcat\6.0.18\jvm1\webapps\cas\WEB-INF\lib\cas-server-core-3.3.4.jar
<br>>> (The system cannot find the path specified)
<br>>> at java.util.zip.ZipFile.open(Native Method)
<br>>> at java.util.zip.ZipFile.<init>(ZipFile.java:114)
<br>>> at java.util.jar.JarFile.<init>(JarFile.java:133)
<br>>> at java.util.jar.JarFile.<init>(JarFile.java:97)
<br>>> at org.jboss.util.file.JarArchiveBrowser.<init>(JarArchiveBrowser.java:69)
<br>>> ... 64 more
<br>>
<br>> <a href="http://opensource.atlassian.com/projects/hibernate/browse/EJB-337" target="_top" rel="nofollow">http://opensource.atlassian.com/projects/hibernate/browse/EJB-337</a><br>> looks like a potential cause. Can you move your Tomcat such that the
<br>> path above would not contain spaces and try again?
<br>>
<br>> M
<br>>
<br>> --
<br>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908995&i=1" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908995&i=2" target="_top" rel="nofollow">curt.garman@...</a>
<br>> To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>>
</div><br><br><br>--
<br>Curtis Garman
<br>Web Programmer
<br>Heartland Community College
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908995&i=3" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908995&i=4" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br><br>tag:old.nabble.com,2006:post-25908879Loop of granting service ticket (was Re: cas+ldap [beginner's?] problem)2009-10-15T06:42:21Z2009-10-15T06:42:21ZGiuseppe Sollazzo-2Hi Marvin,
<br>as we have many different DNs, for the moment being I cannot use the
<br>FastBindLdapAuthenticationHandler due to limitations on our system.
<br>So that's why I have to use the BindLdap, for which I seem to get to the
<br>point outlined in my last e-mail: an infinite sequence of (incrementally
<br>numbered) "Granting service tickets" that lead to nowhere (on Explorer)
<br>or to a "Redirect loop" error on Firefox.
<br><br>Is this something happened to anyone?
<br><br>Thanks,
<br>Giuseppe
<br><br>Marvin Addison wrote:
<div class='shrinkable-quote'><br>>> Here was my misunderstanding: there is a need for fully qualified identifier
<br>>> for the user who binds, not for the one we're searching
<br>>>
<br>>
<br>> This is only true if you are using the BindLdapAuthenticationHandler,
<br>> but I see you're using FastBind. I see from the XML snippets you
<br>> shared that you are defining manager bind credentials in the context,
<br>> then using the FastBind handler which does not need them. Let me
<br>> outline the use cases for Bind and FastBind:
<br>>
<br>> Use BindLdapAuthenticationHandler when you _cannot_ construct the full
<br>> DN of a user from the username given in the CAS login screen. That
<br>> is, you must perform a search based on some other attribute, e.g.
<br>> mail, in order to determine the DN. This handler performs
<br>> authentication for each user in three steps: admin bind, search, user
<br>> bind.
<br>>
<br>> FastBindLdapAuthenticationHandler is more efficient and preferable
<br>> when you can construct the DN from the username in the login form,
<br>> e.g. uid=%s,ou=People,dc=vt,dc=edu. The
<br>> FastBindLdapAuthenticationHandler will immediately construct the user
<br>> DN and use it with the password provided on the login form to perform
<br>> an LDAP bind operation.
<br>>
<br>> Hopefully this will clear up what you need to do for your environment.
<br>>
<br>> M
<br>>
<br>>
</div><br>--
<br>Giuseppe Sollazzo
<br>Systems Developer / Administrator
<br><br>Computing Services
<br>St. George's, University of London
<br><br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908879&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908879&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25908779Re: cas+ldap [beginner's?] problem2009-10-15T06:37:30Z2009-10-15T06:37:30ZMarvin Addison> Here was my misunderstanding: there is a need for fully qualified identifier
<br>> for the user who binds, not for the one we're searching
<br><br>This is only true if you are using the BindLdapAuthenticationHandler,
<br>but I see you're using FastBind. I see from the XML snippets you
<br>shared that you are defining manager bind credentials in the context,
<br>then using the FastBind handler which does not need them. Let me
<br>outline the use cases for Bind and FastBind:
<br><br>Use BindLdapAuthenticationHandler when you _cannot_ construct the full
<br>DN of a user from the username given in the CAS login screen. That
<br>is, you must perform a search based on some other attribute, e.g.
<br>mail, in order to determine the DN. This handler performs
<br>authentication for each user in three steps: admin bind, search, user
<br>bind.
<br><br>FastBindLdapAuthenticationHandler is more efficient and preferable
<br>when you can construct the DN from the username in the login form,
<br>e.g. uid=%s,ou=People,dc=vt,dc=edu. The
<br>FastBindLdapAuthenticationHandler will immediately construct the user
<br>DN and use it with the password provided on the login form to perform
<br>an LDAP bind operation.
<br><br>Hopefully this will clear up what you need to do for your environment.
<br><br>M
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908779&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908779&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25908683Re: cas+ldap [beginner's?] problem2009-10-15T06:30:32Z2009-10-15T06:30:32ZGiuseppe Sollazzo-2A little update...
<br>I managed to get something different using the BindLdap instead of the
<br>FastBind.
<br><br>What I get this time is:
<br><br>2009-10-15 14:28:03,472 INFO
<br>[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<br><AuthenticationHandler:
<br>org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
<br>authenticated the user which provided the following credentials:
<br>[username: user]>
<br><br><br>followed by an eternal sequence of:
<br><br>2009-10-15 14:28:03,477 INFO
<br>[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
<br>ticket [ST-1-OVG5l4krlYLR9q0Xl5Jl-cas] for service
<br>[<a href="https://moodle.sgul.ac.uk/devmoodle/login/index.php" target="_top" rel="nofollow">https://moodle.sgul.ac.uk/devmoodle/login/index.php</a>] for user [user]>
<br>2009-10-15 14:28:04,229 INFO
<br>[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
<br>ticket [ST-2-RBc0et7WkjCTqduVaPcK-cas] for service
<br>[<a href="https://moodle.sgul.ac.uk/devmoodle/login/index.php" target="_top" rel="nofollow">https://moodle.sgul.ac.uk/devmoodle/login/index.php</a>] for user [user]>
<br>...
<br>2009-10-15 14:28:16,812 INFO
<br>[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
<br>ticket [ST-31-y1i0RQ5mfqS2zOzokAtx-cas] for service
<br>[<a href="https://moodle.sgul.ac.uk/devmoodle/login/index.php" target="_top" rel="nofollow">https://moodle.sgul.ac.uk/devmoodle/login/index.php</a>] for user [user]>
<br>2009-10-15 14:28:17,231 INFO
<br>[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ser...
<br>...
<br>(and counting :P)
<br><br>I guess something is moving in the right direction but there are still
<br>some issues?
<br><br>Thanks for any help,
<br>Giuseppe
<br><br>Giuseppe Sollazzo wrote:
<div class='shrinkable-quote'><br>> Hi Ryan,
<br>> yes the way I get it to work is by giving the fully qualified id
<br>>
<br>> ldapsearch -H ldap://my.ldap.server -x -Z -b o=Y -D
<br>> "uid=user,ou=a,ou=b,ou=c,ou=X,o=Y,o=Z" -W uid=user
<br>>
<br>> Here was my misunderstanding: there is a need for fully qualified
<br>> identifier for the user who binds, not for the one we're searching
<br>> (yep - I know it wouldn't make sense otherwise but it was not
<br>> extremely clear to me).
<br>>
<br>> So, what happens now is that by adjusting the xml to look like
<br>>
<br>> <bean id="contextSource"
<br>> class="org.springframework.ldap.core.support.LdapContextSource">
<br>> <property name="pooled" value="true"/>
<br>> <property name="urls">
<br>> <list>
<br>> <value>ldap://my.ldap.server</value>
<br>> </list>
<br>> </property>
<br>> <property name="userDn" value="uid=user,ou=a,ou=b,ou=c,ou=X,o=Y,o=Z"/>
<br>> <property name="password" value="pass"/>
<br>> <property name="baseEnvironmentProperties">
<br>> <map>
<br>> <entry key="java.naming.security.authentication"
<br>> value="simple" />
<br>> </map>
<br>> </property>
<br>> </bean>
<br>>
<br>> and
<br>>
<br>> <property name="authenticationHandlers">
<br>> <list>
<br>> <bean
<br>> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
<br>> p:httpClient-ref="httpClient" />
<br>> <bean
<br>> class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" >
<br>> <property name="filter" value="uid=%u,o=Y" />
<br>> <property name="contextSource" ref="contextSource" />
<br>> </bean>
<br>> </list>
<br>> </property>
<br>>
<br>> is that I still get kicked out when I try to authenticate with CAS on
<br>> moodle. Just to summarize:
<br>> - I activated CAS in the Authentication settings
<br>> - I moved CAS on top of LDAP and Moodle Network Authentication
<br>> - Logged out
<br>> - clicked on Login, entered a username (in this case "user" itself, as
<br>> given the execution of ldapsearch it should work).
<br>>
<br>> Any idea?
<br>>
<br>> Thanks,
<br>> Giuseppe
<br>>
<br>> Ryan Fox wrote:
<br>>> Sorry... now that I've read more of the thread, I can offer more help. Funny how that works.
<br>>>
<br>>> The err=32 means that the dn you are binding with doesn't exist. If you look, that is the uid=user,ou=X,o=Y,o=Z.
<br>>>
<br>>>
<br>>>> First of all, I discovered I was being silly, using a wrong user. Only
<br>>>> the Directory Manager is allowed to search ldap in my current
<br>>>> configuration, so I managed to get info for "username" running this
<br>>>> command:
<br>>>>
<br>>>
<br>>> You need
<br>>> ldapsearch -H ldap://my.ldap.server -x -Z -b ou=X,o=Y,o=Z -D "uid=user,ou=X,o=Y,o=Z" -W uid=user
<br>>> to succeed. I can't tell from your e-mail if it will or not, as I don't know what ACL's you have on your ldap. The FastBindLdapAuthenticationHandler binds to your ldap as the user, and uses the result (success/error) to judge the validity of the credentials. The ldapsearch above is a good analogue for that. Once that works, CAS auth should work (or at least progress farther). :)
<br>>>
<br>>> Ryan
<br>>>
<br>>>
<br>>> ----- "Giuseppe Sollazzo" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908683&i=0" target="_top" rel="nofollow">gsollazz@...</a>> wrote:
<br>>>
<br>>>
<br>>>> The ldapsearch tool (provided by ldap-utils package on Debian) is
<br>>>> invaluable for diagnosing LDAP bind problems. Execute the following
<br>>>> command which attempts to bind as the user above:
<br>>>>
<br>>>> ldapsearch -H ldap://your.ldap.host -x -Z -b ou=X,o=Y,o=Z -D
<br>>>> uid=username,ou=X,o=Y,o=Z -W uid=user
<br>>>>
<br>>>> Omit the -Z argument if you use an ldaps URL (SSL) to talk to your
<br>>>> LDAP host.
<br>>>> Hi Marvin,
<br>>>> your help is being amazingly invaluable!
<br>>>>
<br>>>> First of all, I discovered I was being silly, using a wrong user. Only
<br>>>> the Directory Manager is allowed to search ldap in my current
<br>>>> configuration, so I managed to get info for "username" running this
<br>>>> command:
<br>>>>
<br>>>> ldapsearch -H ldap://my.ldap.server -x -Z -b ou=X,o=Y,o=Z -D
<br>>>> "cn=Directory Manager" -W uid=user
<br>>>> So I adapted the deployerConfigContext.xml accordingly:
<br>>>>
<br>>>> <bean id="contextSource"
<br>>>> class="org.springframework.ldap.core.support.LdapContextSource">
<br>>>> <property name="pooled" value="true"/>
<br>>>> <property name="urls">
<br>>>> <list>
<br>>>> <value>ldap://my.ldap.server</value>
<br>>>> </list>
<br>>>> </property>
<br>>>> <property name="userDn" value="cn=Directory Manager"/>
<br>>>> <property name="password" value="HISPASSWORD"/>
<br>>>> <property name="baseEnvironmentProperties">
<br>>>> <map>
<br>>>> <entry key="java.naming.security.authentication" value="simple" />
<br>>>> </map>
<br>>>> </property>
<br>>>> </bean> and
<br>>>>
<br>>>> <bean id="authenticationManager"
<br>>>> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<br>>>> [...]
<br>>>> <property name="authenticationHandlers">
<br>>>> <list>
<br>>>> <bean
<br>>>> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
<br>>>> p:httpClient-ref="httpClient" />
<br>>>> <bean
<br>>>> class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"
<br>>>>
<br>>>> <property name="filter" value="uid=%u,ou=X,o=Y,o=Z" /> // [I also
<br>>>> tried with username=%u, as it's called in our ldap]
<br>>>> <property name="contextSource" ref="contextSource" />
<br>>>> </bean>
<br>>>>
<br>>>> </list>
<br>>>> </property>
<br>>>> [...]
<br>>>> </bind>
<br>>>>
<br>>>> The result when I try to authenticate with username "user" is always
<br>>>> as follows:
<br>>>>
<br>>>> [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - BIND
<br>>>> dn="username=user,ou=people,o=sghms.ac.uk,o=sghms.ac.uk" method=128
<br>>>> version=3
<br>>>> [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - RESULT err=32
<br>>>> tag=97 nentries=0 etime=0
<br>>>>
<br>>>> (or uid=... in place of username)
<br>>>>
<br>>>> I'm wondering if I'm getting something wrong elsewhere in the
<br>>>> deployerConfigContext.xml?
<br>>>>
<br>>>> Thanks again for your help,
<br>>>> Giuseppe
<br>>>>
<br>>>> --
<br>>>> Giuseppe Sollazzo
<br>>>> Systems Developer / Administrator
<br>>>>
<br>>>> Computing Services
<br>>>> St. George's, University of London --
<br>>>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908683&i=1" target="_top" rel="nofollow">cas-user@...</a> as:
<br>>>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908683&i=2" target="_top" rel="nofollow">rfox@...</a>
<br>>>> To unsubscribe, change settings or access archives, see
<br>>>> <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>>>>
<br>>>
<br>>>
<br>>
<br>>
<br>> --
<br>> Giuseppe Sollazzo
<br>> Systems Developer / Administrator
<br>>
<br>> Computing Services
<br>> St. George's, University of London
<br>>
<br>> --
<br>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908683&i=3" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908683&i=4" target="_top" rel="nofollow">gsollazz@...</a>
<br>> To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a></div><br><br>--
<br>Giuseppe Sollazzo
<br>Systems Developer / Administrator
<br><br>Computing Services
<br>St. George's, University of London
<br><br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908683&i=5" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908683&i=6" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25908632Re: cas+ldap [beginner's?] problem2009-10-15T06:28:08Z2009-10-15T06:28:08ZMarvin AddisonCan you repost this on a new thread? I can see we're muddying the
<br>waters on solving this LDAP auth problem.
<br><br>M
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908632&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908632&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25908508Re: cas+ldap [beginner's?] problem2009-10-15T06:19:12Z2009-10-15T06:19:12ZGiuseppe Sollazzo-2<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Ryan,<br>
yes the way I get it to work is by giving the fully qualified id<br>
<tt><br>
ldapsearch -H ldap://my.ldap.server -x -Z -b o=Y -D
"uid=user,ou=a,ou=b,ou=c,ou=X,o=Y,o=Z" -W uid=user</tt><br>
<br>
Here was my misunderstanding: there is a need for fully qualified
identifier for the user who binds, not for the one we're searching (yep
- I know it wouldn't make sense otherwise but it was not extremely
clear to me).<br>
<br>
So, what happens now is that by adjusting the xml to look like<br>
<br>
<tt><bean id="contextSource" <br>
class="org.springframework.ldap.core.support.LdapContextSource"><br>
<property name="pooled" value="true"/><br>
<property name="urls"><br>
<list><br>
<value>ldap://my.ldap.server</value><br>
</list><br>
</property><br>
<property name="userDn"
value="uid=user,ou=a,ou=b,ou=c,ou=X,o=Y,o=Z"/><br>
<property name="password" value="pass"/><br>
<property name="baseEnvironmentProperties"><br>
<map><br>
<entry key="java.naming.security.authentication"
value="simple" /><br>
</map><br>
</property><br>
</bean></tt><br>
<br>
and<tt><br>
<br>
<property name="authenticationHandlers"><br>
<list><br>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" /><br>
<bean
class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"
><br>
<property name="filter" value="uid=%u,o=Y" /><br>
<property name="contextSource" ref="contextSource" /><br>
</bean><br>
</list><br>
</property></tt><br>
<br>
is that I still get kicked out when I try to authenticate with CAS on
moodle. Just to summarize:<br>
- I activated CAS in the Authentication settings<br>
- I moved CAS on top of LDAP and Moodle Network Authentication<br>
- Logged out<br>
- clicked on Login, entered a username (in this case "user" itself, as
given the execution of ldapsearch it should work).<br>
<br>
Any idea?<br>
<br>
Thanks, <br>
Giuseppe<br>
<br>
Ryan Fox wrote:
<blockquote cite="mid:10600200.8741255610764910.JavaMail.rfox@rfox-maclt.fs.findlay.edu" type="cite">
<pre wrap="">Sorry... now that I've read more of the thread, I can offer more help. Funny how that works.
The err=32 means that the dn you are binding with doesn't exist. If you look, that is the uid=user,ou=X,o=Y,o=Z.
</pre>
<blockquote type="cite">
<pre wrap="">First of all, I discovered I was being silly, using a wrong user. Only
the Directory Manager is allowed to search ldap in my current
configuration, so I managed to get info for "username" running this
command:
</pre>
</blockquote>
<pre wrap=""><!---->
You need
ldapsearch -H ldap://my.ldap.server -x -Z -b ou=X,o=Y,o=Z -D "uid=user,ou=X,o=Y,o=Z" -W uid=user
to succeed. I can't tell from your e-mail if it will or not, as I don't know what ACL's you have on your ldap. The FastBindLdapAuthenticationHandler binds to your ldap as the user, and uses the result (success/error) to judge the validity of the credentials. The ldapsearch above is a good analogue for that. Once that works, CAS auth should work (or at least progress farther). :)
Ryan
----- "Giuseppe Sollazzo" <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908508&i=0" target="_top" rel="nofollow">gsollazz@...</a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">The ldapsearch tool (provided by ldap-utils package on Debian) is
invaluable for diagnosing LDAP bind problems. Execute the following
command which attempts to bind as the user above:
ldapsearch -H ldap://your.ldap.host -x -Z -b ou=X,o=Y,o=Z -D
uid=username,ou=X,o=Y,o=Z -W uid=user
Omit the -Z argument if you use an ldaps URL (SSL) to talk to your
LDAP host.
Hi Marvin,
your help is being amazingly invaluable!
First of all, I discovered I was being silly, using a wrong user. Only
the Directory Manager is allowed to search ldap in my current
configuration, so I managed to get info for "username" running this
command:
ldapsearch -H ldap://my.ldap.server -x -Z -b ou=X,o=Y,o=Z -D
"cn=Directory Manager" -W uid=user
So I adapted the deployerConfigContext.xml accordingly:
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="true"/>
<property name="urls">
<list>
<value>ldap://my.ldap.server</value>
</list>
</property>
<property name="userDn" value="cn=Directory Manager"/>
<property name="password" value="HISPASSWORD"/>
<property name="baseEnvironmentProperties">
<map>
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property>
</bean> and
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
[...]
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean
class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"
</pre>
<pre wrap=""><property name="filter" value="uid=%u,ou=X,o=Y,o=Z" /> // [I also
tried with username=%u, as it's called in our ldap]
<property name="contextSource" ref="contextSource" />
</bean>
</list>
</property>
[...]
</bind>
The result when I try to authenticate with username "user" is always
as follows:
[15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - BIND
dn="username=user,ou=people,o=sghms.ac.uk,o=sghms.ac.uk" method=128
version=3
[15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - RESULT err=32
tag=97 nentries=0 etime=0
(or uid=... in place of username)
I'm wondering if I'm getting something wrong elsewhere in the
deployerConfigContext.xml?
Thanks again for your help,
Giuseppe
--
Giuseppe Sollazzo
Systems Developer / Administrator
Computing Services
St. George's, University of London --
You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908508&i=1" target="_top" rel="nofollow">cas-user@...</a> as:
<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908508&i=2" target="_top" rel="nofollow">rfox@...</a>
To unsubscribe, change settings or access archives, see
<a class="moz-txt-link-freetext" href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a>
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Giuseppe Sollazzo
Systems Developer / Administrator
Computing Services
St. George's, University of London
</pre>
<pre>-- <br />You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908508&i=3" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25908508&i=4" target="_top" rel="nofollow">lists@...</a><br />To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user</pre>
</BODY>
</html>
tag:old.nabble.com,2006:post-25907944Re: cas+ldap [beginner's?] problem2009-10-15T05:46:09Z2009-10-15T05:46:09ZRyan FoxSorry... now that I've read more of the thread, I can offer more help. Funny how that works.
<br><br>The err=32 means that the dn you are binding with doesn't exist. If you look, that is the uid=user,ou=X,o=Y,o=Z.
<br><br>> First of all, I discovered I was being silly, using a wrong user. Only
<br>> the Directory Manager is allowed to search ldap in my current
<br>> configuration, so I managed to get info for "username" running this
<br>> command:
<br><br>You need
<br>ldapsearch -H ldap://my.ldap.server -x -Z -b ou=X,o=Y,o=Z -D "uid=user,ou=X,o=Y,o=Z" -W uid=user
<br>to succeed. I can't tell from your e-mail if it will or not, as I don't know what ACL's you have on your ldap. The FastBindLdapAuthenticationHandler binds to your ldap as the user, and uses the result (success/error) to judge the validity of the credentials. The ldapsearch above is a good analogue for that. Once that works, CAS auth should work (or at least progress farther). :)
<br><br>Ryan
<br><br><br>----- "Giuseppe Sollazzo" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25907944&i=0" target="_top" rel="nofollow">gsollazz@...</a>> wrote:
<br><div class='shrinkable-quote'><br>> The ldapsearch tool (provided by ldap-utils package on Debian) is
<br>> invaluable for diagnosing LDAP bind problems. Execute the following
<br>> command which attempts to bind as the user above:
<br>>
<br>> ldapsearch -H ldap://your.ldap.host -x -Z -b ou=X,o=Y,o=Z -D
<br>> uid=username,ou=X,o=Y,o=Z -W uid=user
<br>>
<br>> Omit the -Z argument if you use an ldaps URL (SSL) to talk to your
<br>> LDAP host.
<br>> Hi Marvin,
<br>> your help is being amazingly invaluable!
<br>>
<br>> First of all, I discovered I was being silly, using a wrong user. Only
<br>> the Directory Manager is allowed to search ldap in my current
<br>> configuration, so I managed to get info for "username" running this
<br>> command:
<br>>
<br>> ldapsearch -H ldap://my.ldap.server -x -Z -b ou=X,o=Y,o=Z -D
<br>> "cn=Directory Manager" -W uid=user
<br>> So I adapted the deployerConfigContext.xml accordingly:
<br>>
<br>> <bean id="contextSource"
<br>> class="org.springframework.ldap.core.support.LdapContextSource">
<br>> <property name="pooled" value="true"/>
<br>> <property name="urls">
<br>> <list>
<br>> <value>ldap://my.ldap.server</value>
<br>> </list>
<br>> </property>
<br>> <property name="userDn" value="cn=Directory Manager"/>
<br>> <property name="password" value="HISPASSWORD"/>
<br>> <property name="baseEnvironmentProperties">
<br>> <map>
<br>> <entry key="java.naming.security.authentication" value="simple" />
<br>> </map>
<br>> </property>
<br>> </bean> and
<br>>
<br>> <bean id="authenticationManager"
<br>> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<br>> [...]
<br>> <property name="authenticationHandlers">
<br>> <list>
<br>> <bean
<br>> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
<br>> p:httpClient-ref="httpClient" />
<br>> <bean
<br>> class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"
<br>> >
<br>> <property name="filter" value="uid=%u,ou=X,o=Y,o=Z" /> // [I also
<br>> tried with username=%u, as it's called in our ldap]
<br>> <property name="contextSource" ref="contextSource" />
<br>> </bean>
<br>>
<br>> </list>
<br>> </property>
<br>> [...]
<br>> </bind>
<br>>
<br>> The result when I try to authenticate with username "user" is always
<br>> as follows:
<br>>
<br>> [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - BIND
<br>> dn="username=user,ou=people,o=sghms.ac.uk,o=sghms.ac.uk" method=128
<br>> version=3
<br>> [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - RESULT err=32
<br>> tag=97 nentries=0 etime=0
<br>>
<br>> (or uid=... in place of username)
<br>>
<br>> I'm wondering if I'm getting something wrong elsewhere in the
<br>> deployerConfigContext.xml?
<br>>
<br>> Thanks again for your help,
<br>> Giuseppe
<br>>
<br>> --
<br>> Giuseppe Sollazzo
<br>> Systems Developer / Administrator
<br>>
<br>> Computing Services
<br>> St. George's, University of London --
<br>> You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25907944&i=1" target="_top" rel="nofollow">cas-user@...</a> as:
<br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25907944&i=2" target="_top" rel="nofollow">rfox@...</a>
<br>> To unsubscribe, change settings or access archives, see
<br>> <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a></div><br>--
<br><br>Ryan Fox
<br>The University of Findlay
<br>1000 N Main St - Findlay, OH 45840
<br>419-434-4348
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25907944&i=3" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25907944&i=4" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25907907CAS SSO with Multiple applications running on remote systems2009-10-15T05:43:15Z2009-10-15T05:43:15ZAlbert EINstEINHello Folks,
<br><br>I am new to CAS. We have a requirement to provide SSO for remote applications.
<br><br>I am explaining the requirement i.e.,
<br><br><b>Scenario: </b>There are three Systems ie.., CAS is running on System_A, ApplicationOne is running on System_B, and ApplicationeTwo is running on System_C.
<br>
<br> CAS is running in JBoss 4.0.5 on System_A. We have provided the self signed certificate for Jboss application server by referring the CAS User Manaual.We have configured the SSO in JBoss server i.e., server.xml. We have configured the CAS with LDAP.If multiple applications are running in only one server i.e.,(JBoss 4.0.5) then SSO is working properly without any issues.
<br><br> Issue 1: When we are accessing ApplicationOne i.e., on System_B , we are successfully authenticating with CAS. We have provided a link to access the ApplicationTwo to check the SSO in ApplicationOne. When I am trying to access ApplicationTwo again it is redirecting to CAS Login Form.
<br><br>We are using Spring webflow,Spring security, LDAP in our application.
<br>Please help us. It is urgent.
<br><br>Any help would be appreciated...........................
<br><br>Thanks in advance.
<br><br><br><br>
<br>
<br><br><br>
<br>
<br><br> tag:old.nabble.com,2006:post-25907792Re: cas+ldap [beginner's?] problem2009-10-15T05:36:52Z2009-10-15T05:36:52ZRyan Fox<br>----- "Giuseppe Sollazzo" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25907792&i=0" target="_top" rel="nofollow">gsollazz@...</a>> wrote:
<br><div class='shrinkable-quote'><br>> Giuseppe Sollazzo wrote:
<br>> >
<br>> >
<br>> > The result when I try to authenticate with username "user" is always
<br>>
<br>> > as follows:
<br>> >
<br>> > [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - BIND
<br>> > dn="username=user,ou=people,o=sghms.ac.uk,o=sghms.ac.uk" method=128
<br>>
<br>> > version=3
<br>> > [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - RESULT
<br>> err=32
<br>> > tag=97 nentries=0 etime=0
<br>> >
<br>>
<br>> Erm..of course I left the original output of our domain, where it
<br>> should
<br>> have been dn="username=user,ou=X,o=Y,o=Z"
</div><br><br>LDAP err=32 means the object couldn't be found. That is, the dn you are binding with doesn't exist.
<br><br>Ryan
<br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25907792&i=1" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25907792&i=2" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25905869Re: cas+ldap [beginner's?] problem2009-10-15T02:51:47Z2009-10-15T02:51:47ZGiuseppe Sollazzo-2Giuseppe Sollazzo wrote:
<div class='shrinkable-quote'><br>>
<br>>
<br>> The result when I try to authenticate with username "user" is always
<br>> as follows:
<br>>
<br>> [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - BIND
<br>> dn="username=user,ou=people,o=sghms.ac.uk,o=sghms.ac.uk" method=128
<br>> version=3
<br>> [15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - RESULT err=32
<br>> tag=97 nentries=0 etime=0
<br>>
</div><br>Erm..of course I left the original output of our domain, where it should
<br>have been dn="username=user,ou=X,o=Y,o=Z"
<br><br><br>--
<br>Giuseppe Sollazzo
<br>Systems Developer / Administrator
<br><br>Computing Services
<br>St. George's, University of London
<br><br><br>--
<br>You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25905869&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25905869&i=1" target="_top" rel="nofollow">lists@...</a>
<br>To unsubscribe, change settings or access archives, see <a href="http://www.ja-sig.org/wiki/display/JSG/cas-user" target="_top" rel="nofollow">http://www.ja-sig.org/wiki/display/JSG/cas-user</a><br>tag:old.nabble.com,2006:post-25905797Re: cas+ldap [beginner's?] problem2009-10-15T02:47:47Z2009-10-15T02:47:47ZGiuseppe Sollazzo-2<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<!----><br>
<blockquote cite="mid:6bb3d46a0910140751n16d7b5fendb0b339ad91eeccd@mail.gmail.com" type="cite">
<pre wrap="">The ldapsearch tool (provided by ldap-utils package on Debian) is
invaluable for diagnosing LDAP bind problems. Execute the following
command which attempts to bind as the user above:
ldapsearch -H ldap://your.ldap.host -x -Z -b ou=X,o=Y,o=Z -D
uid=username,ou=X,o=Y,o=Z -W uid=user
Omit the -Z argument if you use an ldaps URL (SSL) to talk to your LDAP host.
</pre>
</blockquote>
<br>
Hi Marvin, <br>
your help is being amazingly invaluable!<br>
<br>
First of all, I discovered I was being silly, using a wrong user. Only
the Directory Manager is allowed to search ldap in my current
configuration, so I managed to get info for "username" running this
command:<br>
<br>
<pre>ldapsearch -H ldap://my.ldap.server -x -Z -b ou=X,o=Y,o=Z -D "cn=Directory Manager" -W uid=user</pre>
<br>
So I adapted the deployerConfigContext.xml accordingly:<br>
<br>
<tt><bean id="contextSource" </tt><br>
<tt>
class="org.springframework.ldap.core.support.LdapContextSource"></tt><br>
<tt> <property name="pooled" value="true"/></tt><br>
<tt> <property name="urls"></tt><br>
<tt> <list></tt><br>
<tt> <value>ldap://my.ldap.server</value></tt><br>
<tt> </list></tt><br>
<tt> </property></tt><br>
<tt> <property name="userDn" value="cn=Directory
Manager"/></tt><br>
<tt> <property name="password" value="HISPASSWORD"/></tt><br>
<tt> <property name="baseEnvironmentProperties"></tt><br>
<tt> <map></tt><br>
<tt> <entry key="java.naming.security.authentication"
value="simple" /></tt><br>
<tt> </map></tt><br>
<tt> </property></tt><br>
<tt></bean></tt>
<pre></pre>
and<br>
<br>
<tt><bean id="authenticationManager"<br>
class="org.jasig.cas.authentication.AuthenticationManagerImpl"><br>
[...]<br>
<property name="authenticationHandlers"><br>
<list><br>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"<br>
p:httpClient-ref="httpClient" /><br>
<bean
class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"
><br>
<property name="filter" value="uid=%u,ou=X,o=Y,o=Z"
/> // [I also tried with username=%u, as it's called in our ldap]<br>
<property name="contextSource" ref="contextSource"
/><br>
</bean><br>
<br>
</list><br>
</property><br>
[...]<br>
</bind></tt><br>
<br>
The result when I try to authenticate with username "user" is always as
follows:<br>
<br>
<tt>[15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - BIND
dn="username=user,ou=people,o=sghms.ac.uk,o=sghms.ac.uk" method=128
version=3<br>
[15/Oct/2009:10:43:11 +0100] conn=374073 op=0 msgId=1 - RESULT err=32
tag=97 nentries=0 etime=0</tt><br>
<br>
(or uid=... in place of username)<br>
<br>
I'm wondering if I'm getting something wrong elsewhere in the
deployerConfigContext.xml?<br>
<br>
Thanks again for your help,<br>
Giuseppe<br>
<br>
<pre class="moz-signature" cols="72">--
Giuseppe Sollazzo
Systems Developer / Administrator
Computing Services
St. George's, University of London
</pre>
<pre>-- <br />You are currently subscribed to <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25905797&i=0" target="_top" rel="nofollow">cas-user@...</a> as: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=25905797&i=1" target="_top" rel="nofollow">lists@...</a><br />To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user</pre>
</BODY>
</html>