Foros de discusión
CAS, Kerberos and Active directory
andy chan, modificado hace 12 años.
CAS, Kerberos and Active directory
New Member Mensajes: 6 Fecha de incorporación: 16/12/11 Mensajes recientes
HI all,
I have question about setting for CAS, Kerberos and Active directory:
My environment is :
one linux server (CAS+ liferay)
one window 2008 server (AD)
one window xp client
I think I can setup Kerberos in CAS(https://wiki.jasig.org/display/CASUM/SPNEGO), but how can I setup setting between CAS and AD?
Is my proposal possible?
Thank all a lot
I have question about setting for CAS, Kerberos and Active directory:
My environment is :
one linux server (CAS+ liferay)
one window 2008 server (AD)
one window xp client
I think I can setup Kerberos in CAS(https://wiki.jasig.org/display/CASUM/SPNEGO), but how can I setup setting between CAS and AD?
Is my proposal possible?
Thank all a lot
andy chan, modificado hace 12 años.
RE: CAS, Kerberos and Active directory
New Member Mensajes: 6 Fecha de incorporación: 16/12/11 Mensajes recientes
I have followed setting in (https://wiki.jasig.org/display/CASUM/SPNEGO) , however it is fail to authenticate user. It is shown following message in log.
2011-12-16 09:15:18,358 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler failed to authenticate the user which provided the following credentials: unknown
2011-12-16 09:15:18,364 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,391 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
Thank you for any help.
2011-12-16 09:15:18,358 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler failed to authenticate the user which provided the following credentials: unknown
2011-12-16 09:15:18,364 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,391 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
Thank you for any help.
Jayson Ilagan, modificado hace 11 años.
RE: CAS, Kerberos and Active directory
New Member Mensajes: 7 Fecha de incorporación: 1/12/11 Mensajes recientes
Hi Andy,
Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini [libdefaults] section.
udp_preference_limit = 1
Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.
I got the same error when this code is not existed on my kbr5.conf.
Regrads,
Jayson
Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini [libdefaults] section.
udp_preference_limit = 1
Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.
I got the same error when this code is not existed on my kbr5.conf.
Regrads,
Jayson
Miguel Ángel Júlvez, modificado hace 11 años.
RE: CAS, Kerberos and Active directory
Junior Member Mensajes: 63 Fecha de incorporación: 29/03/11 Mensajes recientes
Hi Jayson,
do you mean krb5.ini on CAS server machine or client machine?
Thanks
do you mean krb5.ini on CAS server machine or client machine?
Thanks
Jayson Ilagan:
Hi Andy,
Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini [libdefaults] section.
udp_preference_limit = 1
Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.
I got the same error when this code is not existed on my kbr5.conf.
Regrads,
Jayson
Jayson Ilagan, modificado hace 11 años.
RE: CAS, Kerberos and Active directory
New Member Mensajes: 7 Fecha de incorporación: 1/12/11 Mensajes recientes
Hi Andy,
Where did you placed your krb5.ini/kbr5.conf? Mine, I placed it on Tomcat root directory I'm using separately installed tomcat.
Regards,
Jayson
Where did you placed your krb5.ini/kbr5.conf? Mine, I placed it on Tomcat root directory I'm using separately installed tomcat.
Regards,
Jayson