组合视图 统一视图 树状图
讨论主题 [ 上一个 | 下一个 ]
toggle
andy chan
CAS, Kerberos and Active directory
2011年12月15日 下午7:26
答复

andy chan

等级: New Member

帖子: 7

加入日期: 2011年12月15日

最近的帖子

HI all,

I have question about setting for CAS, Kerberos and Active directory:
My environment is :
one linux server (CAS+ liferay)
one window 2008 server (AD)
one window xp client

I think I can setup Kerberos in CAS(https://wiki.jasig.org/display/CASUM/SPNEGO), but how can I setup setting between CAS and AD?
Is my proposal possible?

Thank all a lot
andy chan
RE: CAS, Kerberos and Active directory
2011年12月16日 上午1:24
答复

andy chan

等级: New Member

帖子: 7

加入日期: 2011年12月15日

最近的帖子

I have followed setting in (https://wiki.jasig.org/display/CASUM/SPNEGO) , however it is fail to authenticate user. It is shown following message in log.

2011-12-16 09:15:18,358 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler failed to authenticate the user which provided the following credentials: unknown
2011-12-16 09:15:18,364 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================


2011-12-16 09:15:18,391 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================


2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: supplied credentials: unknown
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================


2011-12-16 09:15:18,551 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: unknown
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Fri Dec 16 09:15:18 GMT 2011
CLIENT IP ADDRESS: 10.46.17.57
SERVER IP ADDRESS: 10.46.1.105
=============================================================

Thank you for any help.
Jayson Ilagan
RE: CAS, Kerberos and Active directory
2012年8月16日 下午7:21
答复

Jayson Ilagan

等级: New Member

帖子: 7

加入日期: 2011年12月1日

最近的帖子

Hi Andy,

Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini section.

udp_preference_limit = 1

Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.

I got the same error when this code is not existed on my kbr5.conf.

Regrads,
Jayson
Miguel Ángel Júlvez
RE: CAS, Kerberos and Active directory
2012年9月10日 上午2:44
答复

Miguel Ángel Júlvez

等级: Junior Member

帖子: 58

加入日期: 2011年3月29日

最近的帖子

Hi Jayson,

do you mean krb5.ini on CAS server machine or client machine?

Thanks

Jayson Ilagan:
Hi Andy,

Maybe you are using UDP protocal, to change it to TCP use this configuration in your kbr5.conf/kbr5.ini section.

udp_preference_limit = 1

Then you also need to update you cas-client-core to cas-client-core3.1.9 in Liferay Portal library.

I got the same error when this code is not existed on my kbr5.conf.

Regrads,
Jayson
Jayson Ilagan
RE: CAS, Kerberos and Active directory
2012年9月12日 下午7:21
答复

Jayson Ilagan

等级: New Member

帖子: 7

加入日期: 2011年12月1日

最近的帖子

Hi Andy,

Where did you placed your krb5.ini/kbr5.conf? Mine, I placed it on Tomcat root directory I'm using separately installed tomcat.


Regards,
Jayson