Software
 » 
CAS
 » 
CAS Users

 « Return to Thread: CAS with acegi client

Access denied

by Richard Gundersen :: Rate this Message:

Reply to Author | View in Thread

Some parts of this message have been removed. Learn more about Nabble's security policy.
Hi, me again... :)

Got CAS working with Spring Security, providing I use an in-memory user-service. All good.

When I use an ldap-user-service to get my roles, I authenticate OK, but I just get dumped to a Tomcat 403 page.

To determine if my app was making the rejection, I removed all filters except the CAS one, but added a new one to the start of the chain with some debug. It's not getting called at all.

All looks good at the CAS side (see output below) - it's granting me a ticket for my app. But something is blocking me at the last hurdle. Anyone know what it could be?

**************
2008-05-08 12:37:01,360 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-XNUBA3eFkRCjIe6nTrBs-cas] for service [http://mycomputer:8080/MQS4/j_spring_cas_security_check] for user [richard.gundersen]>
May 8, 2008 12:37:02 PM org.apache.tomcat.util.http.Parameters processParameters
WARNING: Parameters: Invalid chunk ignored.
**************

Here's my LDAP config in case it's useful:

**************
    <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
        <sec:custom-authentication-provider />
        <property name="userDetailsService" ref="userService"/>
        <property name="serviceProperties" ref="serviceProperties" />
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0" value="https://mycomputer/cas" />
            </bean>
        </property>
        <property name="key" value="an_id_for_this_auth_provider_only"/>
    </bean>

    <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
        <property name="service" value="http://mycomputer:8080/MQS4/j_spring_cas_security_check"/>
        <property name="sendRenew" value="false"/>
    </bean>

    <sec:ldap-server id="ldapServer" url="ldap://mycompany.com:13060/" manager-dn="cn=adminusername,cn=Users,dc=mycompany,dc=com" manager-password="somepassword" />

    <sec:ldap-user-service id="userService" server-ref="ldapServer" group-search-base="cn=Groups,dc=mycompany,dc=com" group-role-attribute="cn" group-search-filter="(uniquemember={0})" user-search-base="cn=Users,dc=mycompany,dc=com" user-search-filter="(uid={0})" />
**************

Thanks (again)

Richard



Miss your Messenger buddies when on-the-go? Get Messenger on your Mobile!
_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas

 « Return to Thread: CAS with acegi client

LightInTheBox - Buy quality products at wholesale price
Free Forum Powered by Nabble Forum Help