掲示板
CAS, Kerberos and Active directory
12年前 に andy chan によって更新されました。
CAS, Kerberos and Active directory
New Member 投稿: 6 参加年月日: 11/12/16 最新の投稿
HI all,
I have question about setting for CAS, Kerberos and Active directory:
My environment is :
one linux server (CAS+ liferay)
one window 2008 server (AD)
one window xp client
I think I can setup Kerberos in CAS(https://wiki.jasig.org/display/CASUM/SPNEGO), but how can I setup setting between CAS and AD?
Is my proposal possible?
Thank all a lot
I have question about setting for CAS, Kerberos and Active directory:
My environment is :
one linux server (CAS+ liferay)
one window 2008 server (AD)
one window xp client
I think I can setup Kerberos in CAS(https://wiki.jasig.org/display/CASUM/SPNEGO), but how can I setup setting between CAS and AD?
Is my proposal possible?
Thank all a lot
12年前 に andy chan によって更新されました。
RE: CAS, Kerberos and Active directory
New Member 投稿: 6 参加年月日: 11/12/16 最新の投稿
I have followed setting in (https://wiki.jasig.org/display/CASUM/SPNEGO) , however it is fail to authenticate user. It is shown following message in log.
2011-12-16 09:15:18,358 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler failed to authenticate the user which provided the following credentials: unknown
2011-12-16 09:15:18,364 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,391 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
Thank you for any help.
2011-12-16 09:15:18,358 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler failed to authenticate the user which provided the following credentials: unknown
2011-12-16 09:15:18,364 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,391 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================
Thank you for any help.
11年前 に Jayson Ilagan によって更新されました。
RE: CAS, Kerberos and Active directory
New Member 投稿: 7 参加年月日: 11/12/01 最新の投稿
Hi Andy,
Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini [libdefaults] section.
udp_preference_limit = 1
Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.
I got the same error when this code is not existed on my kbr5.conf.
Regrads,
Jayson
Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini [libdefaults] section.
udp_preference_limit = 1
Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.
I got the same error when this code is not existed on my kbr5.conf.
Regrads,
Jayson
11年前 に Miguel Ángel Júlvez によって更新されました。
RE: CAS, Kerberos and Active directory
Junior Member 投稿: 63 参加年月日: 11/03/29 最新の投稿
Hi Jayson,
do you mean krb5.ini on CAS server machine or client machine?
Thanks
do you mean krb5.ini on CAS server machine or client machine?
Thanks
Jayson Ilagan:
Hi Andy,
Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini [libdefaults] section.
udp_preference_limit = 1
Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.
I got the same error when this code is not existed on my kbr5.conf.
Regrads,
Jayson
11年前 に Jayson Ilagan によって更新されました。
RE: CAS, Kerberos and Active directory
New Member 投稿: 7 参加年月日: 11/12/01 最新の投稿
Hi Andy,
Where did you placed your krb5.ini/kbr5.conf? Mine, I placed it on Tomcat root directory I'm using separately installed tomcat.
Regards,
Jayson
Where did you placed your krb5.ini/kbr5.conf? Mine, I placed it on Tomcat root directory I'm using separately installed tomcat.
Regards,
Jayson