2 Replies Latest reply on Aug 25, 2010 1:15 PM by Phu Phan

    CAS SSO solution to LDAP

    Art Munro Novice

      We need SSO for all our applications against our LDAP server using CAS.



      We currently are running a CAS server which authenticates our users that are contained in an LDAP server (OpenLDAP). Our other applications use the SSO (CAS) to login to each of the applications.


      Now we have configured the CAS solution (according to documentation) and the solution works as long as I use the Gatein user database. But as soon as I switch and authenticate against the LDAP database I get Access denied


      Can someone shed some light on the SSO solution?  Does it only work against the Gatein user repository?



      HTTP Status 403 - Access to the requested resource has been denied

      type Status report

      message Access to the requested resource has been denied

      description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

      JBoss Web/2.1.3.GA


      Checking the logs show that authentication was successful.









      2010-03-18 23:40:06,776 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Placing URL parameters in map.

      2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Calling template URL attribute map.

      2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Loading custom parameters from configuration.

      2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Constructing validation url: http://casIP:8080/cas/proxyValidate?&ticket=ST-5-kMdxP9glKQq6knchzv1s-cas&service=http%3A%2F%2F69.164.201.80%3A8080%2Fportal%2Fprivate%2Fclassic&renew=true

      2010-03-18 23:40:06,777 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Retrieving response from server.

      2010-03-18 23:40:06,781 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketValidator] Server response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>








      2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] ------------------------------------------------------------------------------------

      2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] Service: http://gateinIP:8080/portal/private/classic

      2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] Principal: TestCoRedA1

      2010-03-18 23:40:06,784 DEBUG [org.gatein.sso.agent.cas.CASAgent] ------------------------------------------------------------------------------------

      2010-03-18 2