CAS SSO solution to LDAP
artmunro Mar 19, 2010 10:31 AMWe need SSO for all our applications against our LDAP server using CAS.
We currently are running a CAS server which authenticates our users that are contained in an LDAP server (OpenLDAP). Our other applications use the SSO (CAS) to login to each of the applications.
Now we have configured the CAS solution (according to documentation) and the solution works as long as I use the Gatein user database. But as soon as I switch and authenticate against the LDAP database I get Access denied
Can someone shed some light on the SSO solution? Does it only work against the Gatein user repository?
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
JBoss Web/2.1.3.GA
Checking the logs show that authentication was successful.
2010-03-18 23:40:06,776 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Placing URL parameters in map.
2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Calling template URL attribute map.
2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Loading custom parameters from configuration.
2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Constructing validation url: http://casIP:8080/cas/proxyValidate?&ticket=ST-5-kMdxP9glKQq6knchzv1s-cas&service=http%3A%2F%2F69.164.201.80%3A8080%2Fportal%2Fprivate%2Fclassic&renew=true
2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Retrieving response from server.
2010-03-18 23:40:06,781 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Server response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>TestCoRedA1</cas:user>
</cas:authenticationSuccess>
</cas:serviceResponse>
2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] ------------------------------------------------------------------------------------
2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] Service: http://gateinIP:8080/portal/private/classic
2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] Principal: TestCoRedA1
2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] ------------------------------------------------------------------------------------
2010-03-18 2