Kombinierte Ansicht Flache Ansicht Baumansicht
Threads [ Zurück | Nächste ]
toggle
andy chan
CAS, Kerberos and Active directory
15. Dezember 2011 19:26
Antwort

andy chan

Rang: New Member

Nachrichten: 7

Eintrittsdatum: 15. Dezember 2011

Neue Beiträge

HI all,

I have question about setting for CAS, Kerberos and Active directory:
My environment is :
one linux server (CAS+ liferay)
one window 2008 server (AD)
one window xp client

I think I can setup Kerberos in CAS(https://wiki.jasig.org/display/CASUM/SPNEGO), but how can I setup setting between CAS and AD?
Is my proposal possible?

Thank all a lot
andy chan
RE: CAS, Kerberos and Active directory
16. Dezember 2011 01:24
Antwort

andy chan

Rang: New Member

Nachrichten: 7

Eintrittsdatum: 15. Dezember 2011

Neue Beiträge

I have followed setting in (https://wiki.jasig.org/display/CASUM/SPNEGO) , however it is fail to authenticate user. It is shown following message in log.

2011-12-16 09:15:18,358 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler failed to authenticate the user which provided the following credentials: unknown
2011-12-16 09:15:18,364 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================


2011-12-16 09:15:18,391 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================


2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================


2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================

Thank you for any help.
Jayson Ilagan
RE: CAS, Kerberos and Active directory
16. August 2012 19:21
Antwort

Jayson Ilagan

Rang: New Member

Nachrichten: 7

Eintrittsdatum: 1. Dezember 2011

Neue Beiträge

Hi Andy,

Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini section.

udp_preference_limit = 1

Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.

I got the same error when this code is not existed on my kbr5.conf.

Regrads,
Jayson
Miguel Ángel Júlvez
RE: CAS, Kerberos and Active directory
10. September 2012 02:44
Antwort

Miguel Ángel Júlvez

Rang: Junior Member

Nachrichten: 56

Eintrittsdatum: 29. März 2011

Neue Beiträge

Hi Jayson,

do you mean krb5.ini on CAS server machine or client machine?

Thanks

Jayson Ilagan:
Hi Andy,

Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini section.

udp_preference_limit = 1

Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.

I got the same error when this code is not existed on my kbr5.conf.

Regrads,
Jayson
Jayson Ilagan
RE: CAS, Kerberos and Active directory
12. September 2012 19:21
Antwort

Jayson Ilagan

Rang: New Member

Nachrichten: 7

Eintrittsdatum: 1. Dezember 2011

Neue Beiträge

Hi Andy,

Where did you placed your krb5.ini/kbr5.conf? Mine, I placed it on Tomcat root directory I'm using separately installed tomcat.


Regards,
Jayson