« Zurück zu FrontPage

CAS Authentication using multiple Ldap Servers

CAS is multiprotocol Web Single sign-on product , we often use it with Liferay to achieve Single sign-on. However sometime we need to authenticate it with LDAP server and may be sometime we need to have multiple LDAP servers.

Installed LDAP server (here for example i am using Apache Directory server in local machine and two other LDAP servers (Here i installed two other LDAP servers (Apache DS) at ip address 192.168.1.108 and 192.168.1.121).

Download CAS-EE that is available in .lpkg file from Liferay marketplace. In a production environment The CAS server should run on its own tomcat instance but for testing purpose we will drop it in the same instance as our Liferay portal.

Download Liferay6.1-EE-GA2 bundle and edit server.xml to enable SSL. We will edit the server.xml file in tomcat, remove comment of the SSL section to open up port 8443.

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true maxThreads="150" scheme="https" secure="true" disableUploadTimeout="true" enableLookups="false" clientAuth="false" sslProtocol="TLS" /> Generate the SSL cert with the help of following URL.

http://www.liferay.com/community/wiki/-/wiki/Main/Single+SignOn+-+Integrating+Liferay+With+CAS+Server

After that start Liferay6.1-EE-GA2 server deploy CAS-EE .lpkg file inside deploy folder.After deployment stop the server.

Change deployment configuration file of CAS inside webapps/cas-web/WEB-INF/deployerConfigContext.xml.Please note that here i am going to use three Ldap servers so I made three different contextSource. By default CAS is using SimpleTestUsernamePasswordAuthenticationHandler. so replace this authentication handler inside authentication handlers property like structure mention below.

<property name="authenticationHandlers"> <list> <!-- This is the authentication handler that authenticates services by means of callback via SSL, thereby validating a server side SSL certificate. --> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient"></bean> <!-- This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your local authentication strategy. You might accomplish this by coding a new such handler and declaring edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. -->

<bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="cn=%u,dc=example,dc=com" /> <property name="contextSource" ref="contextSource" />

</bean>

<bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="cn=%u,dc=example,dc=com" /> <property name="contextSource" ref="contextSourcetwo" />

</bean>

<bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="cn=%u,dc=example,dc=com" /> <property name="contextSource" ref="contextSourcethree" />

</bean>

<!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"></bean> -->

</list> </property> </bean>

<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="pooled" value="true"/> <property name="urls"> <list> <value>ldap://localhost:10389</value> </list> </property> <property name="userDn" value="uid=admin,ou=system"/> <property name="password" value="secret"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> </map> </property> </bean>

<bean id="contextSourcetwo" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="pooled" value="true"/> <property name="urls"> <list> <value>ldap://192.168.1.108:10389</value> </list> </property> <property name="userDn" value="uid=admin,ou=system"/> <property name="password" value="secret"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> </map> </property> </bean>

<bean id="contextSourcethree" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="pooled" value="true"/> <property name="urls"> <list> <value>ldap://192.168.1.121:10389</value> </list> </property> <property name="userDn" value="uid=admin,ou=system"/> <property name="password" value="secret"/> <property name="baseEnvironmentProperties"> <map> <entry> <key> <value>java.naming.security.authentication</value> </key> <value>simple</value> </entry> </map> </property> </bean>

Save deployerConfigContext.xml and add cas-server-support-ldap-3.3.5.jar inside \webapps\cas-web\WEB-INF\lib then Start Server. Enable your LDAP servers and CAS in Liferay to use.

0 Anhänge
21442 Angesehen
Durchschnitt (1 Stimme)
Die durchschnittliche Bewertung ist 1.0 von max. 5 Sternen.
Kommentare