Fórum

  1. Início
  2. Development
  3. Configure CAS with database as well as LDAP

Configure CAS with database as well as LDAP

Prateeksha Mandloi, modificado 9 Anos atrás.

Configure CAS with database as well as LDAP

Regular Member Postagens: 112 Data de Entrada: 05/02/14 Postagens Recentes
Configured CAS+LDAP+Liferay.

My Requirement :
Hi All,
I have users in my custom CASuser_ table (not a liferay table) and in LDAP(OpenDJ) server.
When I click on sign-in, I have 2 things to do , based on user roles:

1. If user is, lets say 'Á', it should be authenticated by LDAP.
2. If user is, lets say 'B', it should be authenticated by my CASuser_ table.

And user should get logged in. In both the conditions.

How my app is working is as follows:
On click of sign-in it gets redirected to CAS Login Page and :
1. If I enter credentials of user present in CASuser_ table --> Redirect back to liferay's login page. In console : Ticket gets generated and gives com.liferay.portal.NoSuchUserException: No User exists with the key
2. If I enter credentials of user present in LDAP , it shows miscellaneous behaviour :

- If user gets imported into my portal's table, first time user login terms and condition page comes and on click of "Accept" button --> I get blank page again. In my URL I can see generated ticket gets appended.
- If user does not get imported , I again CAS is unavailable page.

Also CAS login and logout button doesn't work as required.
Jimit Shah, modificado 9 Anos atrás.

RE: Configure CAS with database as well as LDAP

Junior Member Postagens: 62 Data de Entrada: 05/02/14 Postagens Recentes
Hey Prateeksha,
Did u find a solution to your problem?
thumbnail
Olaf Kock, modificado 9 Anos atrás.

RE: Configure CAS with database as well as LDAP

Liferay Legend Postagens: 6403 Data de Entrada: 23/09/08 Postagens Recentes
If I understand correctly, you want to use a Single Sign On system together with a Secondary Sign On system. While you can abbreviate both as SSO, this is not quite the original meaning of SSO...

One of the advantages of an SSO system is that an application never sees a user's password.

IMHO a better solution would be to maintain two LDAP servers (if you want to have separate user bases) and connect CAS as well as Liferay to both, then import the users from there. This is a more standard configuration (I have only basic experience with CAS and none running currently, but assume that you can configure it with multiple LDAP servers, please check and report back). You'll be able to customize a lot less with this setup:

If a user unknown to CAS tries to sign in, CAS would default to have them try again - they might have mistyped username or password. You'd have to change this. Also, you'll have to change Liferay's Login system, which assumes that SSO would take over the work. Not something I'd recommend, if there's a better option. And luckily there is...
thumbnail
Jack Bakker, modificado 9 Anos atrás.

RE: Configure CAS with database as well as LDAP

Liferay Master Postagens: 978 Data de Entrada: 03/01/10 Postagens Recentes
Hi Prateeksha,

I have a cas server config scenario where if user not in LDAP, then looks to Liferay user_ table for auth. The config is in the cas server*/WEB-INF/deployerConfigContext.xml

For my use case, it is to support LDAP as being main source for user identity, and then to support users that are only in Liferay and not in LDAP.

If user _is_ in LDAP then at login and not in Liferay, then user gets imported into Liferay. If user is already in Liferay, then Liferay usergroup membership gets updated to reflect most current in LDAP.

But above is different from your descrip of requirements and experience based on what you write so far...

1) how are roles associated with your CASuser_ entity ?
2) why are you are mixing CAS login page with Liferay login page ?

and then with your approach you seem to be having issues with blank pages and so on

--
I prescribe 5 red pills and one blue (silly Matrix reference, please ignore)
scott E mitchell, modificado 7 Anos atrás.

RE: Configure CAS with database as well as LDAP

Junior Member Postagens: 41 Data de Entrada: 01/10/16 Postagens Recentes
I have same issue like while configaring sso cas its redirect to the liferay login but that control panel get disappear.Can i get the role while fetching the email and password from user_ table of liferay 7 ,can you please guide me how to get role with email and password from user table ...TIA