CAS 4 SPNEGO configuration

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CAS 4 SPNEGO configuration

jamalissimo
This post has NOT been accepted by the mailing list yet.
Hello guys,

We are currently upgrading our CAS 3 configured with spnego to CAS 4 and have some problems. This documentation http://jasig.github.io/cas/development/installation/SPNEGO-Authentication.html is not as useful as it looks but I was able to get something together with help of my old configuration. It all looks ok till I start the server. I have this problem:


ERROR [org.springframework.web.context.ContextLoader] - <Context initialization failed>
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Duplicate <http> element detected
Offending resource: ServletContext resource [/WEB-INF/spring-configuration/securityContext.xml]
        at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68)
        at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)
        at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:72)
        at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.registerFilterChainProxy(HttpSecurityBeanDefinitionParser.java:256)

Here is my deployerConfigContext.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:c="http://www.springframework.org/schema/c"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

    <bean id="proxyAuthenticationHandler"
          class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
          p:httpClient-ref="httpClient" />

   <bean id="primaryAuthenticationHandler"
          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
        <property name="users">
            <map>
                <entry key="casuser" value="Mellon"/>
            </map>
        </property>
    </bean>

<bean id="jcifsConfig"
      class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig"
      p:jcifsServicePrincipal="username@COMPANY.COM"
      p:jcifsServicePassword="password"
      p:kerberosDebug="false"
      p:kerberosRealm="COMPANY.COM"
      p:kerberosKdc="adserver.company.com"
      p:loginConf="/opt/cas/webapps/cas/WEB-INF/login.conf" />

<bean id="spnegoAuthentication" class="jcifs.spnego.Authentication" />

<bean id="spnegoHandler"
      class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler"
      p:authentication-ref="spnegoAuthentication"
      p:principalWithDomainName="false"
      p:NTLMallowed="true" />

<bean id="spnegoPrincipalResolver"
      class="org.jasig.cas.support.spnego.authentication.principal.SpnegoPrincipalResolver" />

<bean id="authenticationManager"
      class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
  <constructor-arg>
    <map>
      <entry key-ref="spnegoHandler" value-ref="spnegoPrincipalResolver"/>
      <entry key-ref="adAuthenticationHandler" value-ref="primaryPrincipalResolver" />
      <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
      <entry key-ref="ldapAuthenticationHandler" value-ref="primaryPrincipalResolver" />
    </map>
  </constructor-arg>
  <property name="authenticationMetaDataPopulators">
    <list>
      <bean class="org.jasig.cas.authentication.SuccessfulHandlerMetaDataPopulator" />
    </list>
  </property>
</bean>

    <bean id="proxyPrincipalResolver"
          class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />

    <bean id="primaryPrincipalResolver"
          class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
        <property name="attributeRepository" ref="attributeRepository" />
    </bean>

    <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"
            p:backingMap-ref="attrRepoBackingMap" />
   
    <util:map id="attrRepoBackingMap">
        <entry key="uid" value="uid" />
        <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> 
        <entry key="groupMembership" value="groupMembership" />
    </util:map>


    <util:list id="registeredServicesList">
        <bean class="org.jasig.cas.services.RegexRegisteredService"
              p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
              p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" />

    </util:list>
   
    <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
   
    <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />
 
    <util:list id="monitorsList">
      <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" />
      <bean class="org.jasig.cas.monitor.SessionMonitor"
          p:ticketRegistry-ref="ticketRegistry"
          p:serviceTicketCountWarnThreshold="5000"
          p:sessionCountWarnThreshold="100000" />
    </util:list>
   
   
    <bean id="ldapAuthenticationHandler"
      class="org.jasig.cas.authentication.LdapAuthenticationHandler"
      p:principalIdAttribute="uid"
      c:authenticator-ref="authenticator">
    <property name="principalAttributeMap">
        <map>
            <entry key="member" value="member" />
            <entry key="mail" value="mail" />
            <entry key="displayName" value="displayName" />
        </map>
    </property>
</bean>

<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
      c:resolver-ref="dnResolver"
      c:handler-ref="authHandler" />

<bean id="dnResolver"
      class="org.ldaptive.auth.FormatDnResolver"
      c:format="uid=%s,ou=People,dc=company,dc=com" />
     
      <bean id="authHandler" class="org.ldaptive.auth.BindAuthenticationHandler"
      p:connectionFactory-ref="connectionFactory" />

<bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory"
      p:connectionConfig-ref="connectionConfig" />

<bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
      p:ldapUrl="ldap://ldap.company.com:389" />

<bean id="adAuthenticationHandler"
      class="org.jasig.cas.authentication.LdapAuthenticationHandler"
      p:principalIdAttribute="sAMAccountName"
      c:authenticator-ref="adAuthenticator">
    <property name="principalAttributeMap">
        <map>
            <entry key="displayName" value="displayName" />
            <entry key="mail" value="mail" />
            <entry key="memberOf" value="memberOf" />
        </map>
    </property>
</bean>

<bean id="adAuthenticator" class="org.ldaptive.auth.Authenticator"
      c:resolver-ref="adDnResolver"
      c:handler-ref="adAuthHandler"
      p:entryResolver-ref="adEntryResolver" />


<bean id="adDnResolver"
      class="org.ldaptive.auth.FormatDnResolver"
      c:format="%s@${ad.domain}" />
     
<bean id="adAuthHandler" class="org.ldaptive.auth.BindAuthenticationHandler"
      p:connectionFactory-ref="adConnectionFactory" />

<bean id="adConnectionFactory" class="org.ldaptive.DefaultConnectionFactory"
      p:connectionConfig-ref="adConnectionConfig" />

<bean id="adConnectionConfig" class="org.ldaptive.ConnectionConfig"
      p:ldapUrl="${ad.url}" />

<bean id="adEntryResolver"
      class="org.jasig.cas.authentication.support.UpnSearchEntryResolver"
      p:baseDn="${ad.baseDn}" />
     
   
   
<bean id="factoryBean"
      class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"
      p:dataSource-ref="dataSource"
      p:jpaVendorAdapter-ref="jpaVendorAdapter">
     
    <property name="jpaProperties">
      <props>
        <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
        <prop key="hibernate.hbm2ddl.auto">update</prop>
       
      </props>
    </property>
</bean>

<bean id="jpaVendorAdapter"
      class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"
      p:generateDdl="true"
      p:showSql="false" />

<bean id="serviceRegistryDao"
      class="org.jasig.cas.services.JpaServiceRegistryDaoImpl" />

<bean id="transactionManager"
      class="org.springframework.orm.jpa.JpaTransactionManager"
      p:entityManagerFactory-ref="factoryBean" />
   
<tx:annotation-driven transaction-manager="transactionManager" />

<bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />


<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
        p:driverClassName="com.mysql.jdbc.Driver"
        p:url="jdbc:mysql://${mysql.database.host}:${mysql.database.port}/${mysql.database.name}?autoReconnect=true"
        p:password="${mysql.database.userpass}"
        p:username="${mysql.database.username}" />
   
</beans>


Thanks for help
Roman