Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
andy chan
CAS, Kerberos and Active directory
December 15, 2011 7:26 PM
Answer

andy chan

Rank: New Member

Posts: 7

Join Date: December 15, 2011

Recent Posts

HI all,

I have question about setting for CAS, Kerberos and Active directory:
My environment is :
one linux server (CAS+ liferay)
one window 2008 server (AD)
one window xp client

I think I can setup Kerberos in CAS(https://wiki.jasig.org/display/CASUM/SPNEGO), but how can I setup setting between CAS and AD?
Is my proposal possible?

Thank all a lot
andy chan
RE: CAS, Kerberos and Active directory
December 16, 2011 1:24 AM
Answer

andy chan

Rank: New Member

Posts: 7

Join Date: December 15, 2011

Recent Posts

I have followed setting in (https://wiki.jasig.org/display/CASUM/SPNEGO) , however it is fail to authenticate user. It is shown following message in log.

2011-12-16 09:15:18,358 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler failed to authenticate the user which provided the following credentials: unknown
2011-12-16 09:15:18,364 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================


2011-12-16 09:15:18,391 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================


2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================


2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================

Thank you for any help.
Jayson Ilagan
RE: CAS, Kerberos and Active directory
August 16, 2012 7:21 PM
Answer

Jayson Ilagan

Rank: New Member

Posts: 7

Join Date: December 1, 2011

Recent Posts

Hi Andy,

Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini section.

udp_preference_limit = 1

Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.

I got the same error when this code is not existed on my kbr5.conf.

Regrads,
Jayson
Miguel Ángel Júlvez
RE: CAS, Kerberos and Active directory
September 10, 2012 2:44 AM
Answer

Miguel Ángel Júlvez

Rank: Junior Member

Posts: 56

Join Date: March 29, 2011

Recent Posts

Hi Jayson,

do you mean krb5.ini on CAS server machine or client machine?

Thanks

Jayson Ilagan:
Hi Andy,

Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini section.

udp_preference_limit = 1

Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.

I got the same error when this code is not existed on my kbr5.conf.

Regrads,
Jayson
Jayson Ilagan
RE: CAS, Kerberos and Active directory
September 12, 2012 7:21 PM
Answer

Jayson Ilagan

Rank: New Member

Posts: 7

Join Date: December 1, 2011

Recent Posts

Hi Andy,

Where did you placed your krb5.ini/kbr5.conf? Mine, I placed it on Tomcat root directory I'm using separately installed tomcat.


Regards,
Jayson