2 Replies Latest reply on Aug 25, 2010 1:15 PM by p1phan

    CAS SSO solution to LDAP

    artmunro

      We need SSO for all our applications against our LDAP server using CAS.

       

       

      We currently are running a CAS server which authenticates our users that are contained in an LDAP server (OpenLDAP). Our other applications use the SSO (CAS) to login to each of the applications.

       

      Now we have configured the CAS solution (according to documentation) and the solution works as long as I use the Gatein user database. But as soon as I switch and authenticate against the LDAP database I get Access denied

       

      Can someone shed some light on the SSO solution?  Does it only work against the Gatein user repository?

       

       

      HTTP Status 403 - Access to the requested resource has been denied


      type Status report

      message Access to the requested resource has been denied

      description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.


      JBoss Web/2.1.3.GA

       

      Checking the logs show that authentication was successful.

       

       

       

       

       

       

       

       

      2010-03-18 23:40:06,776 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Placing URL parameters in map.

      2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Calling template URL attribute map.

      2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Loading custom parameters from configuration.

      2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Constructing validation url: http://casIP:8080/cas/proxyValidate?&ticket=ST-5-kMdxP9glKQq6knchzv1s-cas&service=http%3A%2F%2F69.164.201.80%3A8080%2Fportal%2Fprivate%2Fclassic&renew=true

      2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Retrieving response from server.

      2010-03-18 23:40:06,781 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Server response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>

      <cas:authenticationSuccess>

      <cas:user>TestCoRedA1</cas:user>

       

       

      </cas:authenticationSuccess>

      </cas:serviceResponse>

       

      2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] ------------------------------------------------------------------------------------

      2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] Service: http://gateinIP:8080/portal/private/classic

      2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] Principal: TestCoRedA1

      2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] ------------------------------------------------------------------------------------

      2010-03-18 2

        • 1. Re: CAS SSO solution to LDAP
          prabhat.jha

          We are currently working on guide on how to configure SSO + LDAP combination. As soon as we have it ready, we will let you know.

          • 2. Re: CAS SSO solution to LDAP
            p1phan

            Hey is the document on setting up CAS to use users from openLdap up yet?

            Can you link me to that if it is?

             

            I got JBoss GateIn to work with CAS using GateIn's credentials.

            When I introduce OpenLdap into the mix, after logging in using openLDap credentials (success)

            I get a connection refused after redirect.

            Any Ideas or suggestions?