CAS, Kerberos and Active directory

Foren

andy chan, geändert vor 12 Jahren.

CAS, Kerberos and Active directory

New Member Beiträge: 6 Beitrittsdatum: 16.12.11 Neueste Beiträge

HI all,

I have question about setting for CAS, Kerberos and Active directory:
My environment is :
one linux server (CAS+ liferay)
one window 2008 server (AD)
one window xp client

I think I can setup Kerberos in CAS(https://wiki.jasig.org/display/CASUM/SPNEGO), but how can I setup setting between CAS and AD?
Is my proposal possible?

Thank all a lot

andy chan, geändert vor 12 Jahren.

RE: CAS, Kerberos and Active directory

New Member Beiträge: 6 Beitrittsdatum: 16.12.11 Neueste Beiträge

I have followed setting in (https://wiki.jasig.org/display/CASUM/SPNEGO) , however it is fail to authenticate user. It is shown following message in log.

2011-12-16 09:15:18,358 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler failed to authenticate the user which provided the following credentials: unknown
2011-12-16 09:15:18,364 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================

2011-12-16 09:15:18,391 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================

2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================

2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================

Thank you for any help.

Jayson Ilagan, geändert vor 11 Jahren.

RE: CAS, Kerberos and Active directory

New Member Beiträge: 7 Beitrittsdatum: 01.12.11 Neueste Beiträge

Hi Andy,

Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini [libdefaults] section.

udp_preference_limit = 1

Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.

I got the same error when this code is not existed on my kbr5.conf.

Regrads,
Jayson

Miguel Ángel Júlvez, geändert vor 11 Jahren.

RE: CAS, Kerberos and Active directory

Junior Member Beiträge: 63 Beitrittsdatum: 29.03.11 Neueste Beiträge

Hi Jayson,

do you mean krb5.ini on CAS server machine or client machine?

Thanks

Jayson Ilagan:

Hi Andy,

Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini [libdefaults] section.

udp_preference_limit = 1

Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.

I got the same error when this code is not existed on my kbr5.conf.

Regrads,
Jayson

Jayson Ilagan, geändert vor 11 Jahren.

RE: CAS, Kerberos and Active directory

New Member Beiträge: 7 Beitrittsdatum: 01.12.11 Neueste Beiträge

Hi Andy,

Where did you placed your krb5.ini/kbr5.conf? Mine, I placed it on Tomcat root directory I'm using separately installed tomcat.

Regards,
Jayson