SPNEGO with CAS does not work

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SPNEGO with CAS does not work

atsushi.d
This post has NOT been accepted by the mailing list yet.
Hi,

I followed this tutorial, but CAS Kerberos authentication does not work...
http://jasig.github.io/cas/development/installation/SPNEGO-Authentication.html

1) CAS compile
download cas-server-4.0.0-release.zip
unzip and move to cas-server-4.0.0/cas-server-webapp

Add this to pom.xml
<dependency>
  <groupId>org.jasig.cas</groupId>
  <artifactId>cas-server-support-spnego</artifactId>
  <version>4.0.0</version>
</dependency>

mvn clean package and success.

2) CAS deploy at tomcat
download apache-tomcat-7.0.62.tar.gz and unzip to /opt/tomcat-casv4
copy cas-server-4.0.0/cas-server-webapp/target/cas.war file to tomcat-casv4

start tomcat and access localhost:8080/cas/login, then delete cas.war file


3) Kerberos configuration
sudo apt-get install krb5-user
vi /etc/krb5.conf and edit my domain info
import keytab file and test by klist command

4) CAS Configuration
change these files
./webapps/cas/WEB-INF/login-webflow.xml
./webapps/cas/WEB-INF/cas-servlet.xml
./webapps/cas/WEB-INF/deployerConfigContext.xml
login.conf

my deployerConfigContext.xml file is like this, I think configration of this file not correct?
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:c="http://www.springframework.org/schema/c"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">


<bean id="jcifsConfig"
      class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig"
      p:jcifsServicePrincipal="HTTP/cas-auth.example.com@example.COM"
      p:kerberosDebug="false"
      p:kerberosRealm="example.COM"
      p:kerberosKdc="192.168.1.5"
      p:loginConf="/opt/tomcat-casv4/login.conf" />

<bean id="spnegoAuthentication" class="jcifs.spnego.Authentication" />

<bean id="spnegoHandler"
      class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler"
      p:authentication-ref="spnegoAuthentication"
      p:principalWithDomainName="false"
      p:NTLMallowed="true" />

<bean id="spnegoPrincipalResolver"
      class="org.jasig.cas.support.spnego.authentication.principal.SpnegoPrincipalResolver" />

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
  <constructor-arg>
    <map>
      <entry key-ref="spnegoHandler" value-ref="spnegoPrincipalResolver"/>
    </map>
  </constructor-arg>
  <property name="authenticationMetaDataPopulators">
    <list>
      <bean class="org.jasig.cas.authentication.SuccessfulHandlerMetaDataPopulator" />
    </list>
  </property>
</bean>




5) Error message when I login CAS server
But if I input the login ID: test and Password: test at CAS login URL, cannot login and this error displayed at cas.log

2015-06-17 14:59:47,050 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services.
2015-06-17 14:59:47,050 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 1 services.
2015-06-17 15:00:01,619 WARN [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Cannot find authentication handler that supports test+password, which suggests a configuration problem.
2015-06-17 15:00:01,621 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: supplied credentials: [test+password]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed Jun 17 15:00:01 JST 2015
CLIENT IP ADDRESS: 192.168.1.154
SERVER IP ADDRESS: 192.168.1.234
=============================================================


2015-06-17 15:00:01,621 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: 0 errors, 0 successes
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Wed Jun 17 15:00:01 JST 2015
CLIENT IP ADDRESS: 192.168.1.154
SERVER IP ADDRESS: 192.168.1.234
=============================================================

I got Cannot find authentication handler error...
Please help!