| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
docpublic:systemes:ssocas:cas4install [2015/01/07 15:53]
procacci@tem-tsp.eu [cas.properties] |
docpublic:systemes:ssocas:cas4install [2015/07/01 22:20] (current)
procacci@tem-tsp.eu |
| ==== ref ==== | ==== ref ==== |
| |
| * http://jasig.github.io/cas/4.0.0/planning/Installation-Requirements.html | * http://jasig.github.io/cas/4.0.x/planning/Installation-Requirements.html |
| * http://jasig.github.io/cas/4.0.x/installation/Maven-Overlay-Installation.html | * http://jasig.github.io/cas/4.0.x/installation/Maven-Overlay-Installation.html |
| * https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method | * https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method |
| * http://www.ensor.cc/2011/06/mavens-war-overlay-what-are-war.html | * http://www.ensor.cc/2011/06/mavens-war-overlay-what-are-war.html |
| | * http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html |
| |
| autres | autres |
| * http://fr.wikibooks.org/wiki/D%C3%A9velopper_en_Java/Introduction_%C3%A0_Apache_Maven | * http://fr.wikibooks.org/wiki/D%C3%A9velopper_en_Java/Introduction_%C3%A0_Apache_Maven |
| * https://blog.zenithar.org/post/2013/10/17/personalisation-war-maven-overlay/ | * https://blog.zenithar.org/post/2013/10/17/personalisation-war-maven-overlay/ |
| | * http://aldian.developpez.com/tutoriels/javaee/authentification-centralisee-sso-cas/ |
| | * http://www.developertutorials.com/single-sign-on/ |
| ==== rpm package system installés ==== | ==== rpm package system installés ==== |
| |
| └─10829 java -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/... | └─10829 java -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/... |
| |
| déc. 10 15:54:18 cas4.int-evry.fr systemd[1]: Started Apache Tomcat Web Application Container. | déc. 10 15:54:18 cas4.exemple.fr systemd[1]: Started Apache Tomcat Web Application Container. |
| |
| </code> | </code> |
| |
| </code> | </code> |
| | |
| | === firewalld rich-format rules === |
| | |
| | autre option plus precise |
| | |
| | <code> |
| | # firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" service name="http" log prefix="http_192_168" accept' |
| | # firewall-cmd --reload |
| | |
| | </code> |
| | |
| |
| ==== tomcat manager user ==== | ==== tomcat manager user ==== |
| ainsi a ce niveau nous pouvons atteindre notre serveur tomcat en natif (8080) sur le manager via : | ainsi a ce niveau nous pouvons atteindre notre serveur tomcat en natif (8080) sur le manager via : |
| |
| http://cas4.tem-tsp.eu:8080/manager/html | http://cas4.exemple.fr:8080/manager/html |
| |
| ===== Cas4 UniconLabs/simple-cas4-overlay-template ===== | ===== Cas4 UniconLabs/simple-cas4-overlay-template ===== |
| [root@cas4 log]# chmod 775 cas | [root@cas4 log]# chmod 775 cas |
| </code> | </code> |
| ==== CAS4 cas-overlay-demo ==== | ===== FR CAS4 cas-overlay-demo ===== |
| |
| autre exemple de source d'overlay fr , a poursuivre .... | autre exemple de source d'overlay fr , a poursuivre .... |
| </code> | </code> |
| |
| variables appelées dans deployerConfigContext.xml mais pas definie dans le cas.properties d'exemple . | variables appelées dans deployerConfigContext.xml mais pas definies dans le cas.properties d'exemple . |
| |
| (cf http://comments.gmane.org/gmane.comp.java.jasig.cas.user/27717 ) | (cf http://comments.gmane.org/gmane.comp.java.jasig.cas.user/27717 ) |
| |
| {{:docpublic:systemes:ssocas:cas.properties|}} | {{:docpublic:systemes:ssocas:cas.properties|}} |
| | |
| | maintenant une authentification CAS4 + ldap fonctionne |
| | |
| | {{:docpublic:systemes:ssocas:cas4-ldap-auth-success.png?600|}} |
| | |
| | ===== debug info ===== |
| | |
| | une fois cette configuration en place (mvn clean package et relance du tomcat + effacement manuel du cas.war et repertoire cas dans le webapps tomcat, car le nouveau fichier deployerConfigContext.xml n'etait pas automatiquement repositionné !) , une authentification via ldap fonctionne enfin . |
| | |
| | log tomcat : |
| | |
| | |
| | <code> |
| | 2015-01-07 16:18:36,027 DEBUG [org.jasig.cas.authentication.AcceptUsersAuthenticationHandler] - <test was not found in the map.> |
| | 2015-01-07 16:18:36,028 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <AcceptUsersAuthenticationHandler failed authenticating test+password> |
| | 2015-01-07 16:18:36,028 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP authentication for test+password> |
| | 2015-01-07 16:18:36,030 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] - <resolve user=test> |
| | 2015-01-07 16:18:36,030 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] - <searching for DN using userFilter> |
| | 2015-01-07 16:18:36,053 DEBUG [org.ldaptive.SearchOperation] - <execute request=[org.ldaptive.SearchRequest@1830579154::baseDn=ou=people,dc=exemple,dc=fr, searchFilter=[org.ldaptive.SearchFilter@929747261::filter=(uid={user}), parameters={user=test}], returnAttributes=[1.1], searchScope=ONELEVEL, timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false |
| | .... |
| | .... |
| | [displayName[Test TEST]]], responseControls=null, messageId=-1], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]> |
| | 2015-01-07 16:18:36,380 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [uid[test]]> |
| | 2015-01-07 16:18:36,380 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [mail[test@exemple.fr]]> |
| | 2015-01-07 16:18:36,380 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [displayName[Test TEST]]> |
| | 2015-01-07 16:18:36,388 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler successfully authenticated test+password> |
| | 2015-01-07 16:18:36,388 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <org.jasig.cas.authentication.principal.BasicPrincipalResolver@303cfcca resolved test from test+password> |
| | 2015-01-07 16:18:36,391 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated test with credentials [test+password].> |
| | 2015-01-07 16:18:36,391 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Attribute map for test: {}> |
| | 2015-01-07 16:18:36,392 INFO [org.perf4j.TimingLogger] - <start[1420643916024] time[367] tag[AUTHENTICATE]> |
| | 2015-01-07 16:18:36,410 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN |
| | ============================================================= |
| | WHO: audit:unknown |
| | WHAT: supplied credentials: [test+password] |
| | ACTION: AUTHENTICATION_SUCCESS |
| | APPLICATION: CAS |
| | WHEN: Wed Jan 07 16:18:36 CET 2015 |
| | CLIENT IP ADDRESS: 157.158.211.9 |
| | SERVER IP ADDRESS: cas4.exemple.fr |
| | ============================================================= |
| | |
| | > |
| | 2015-01-07 16:18:36,413 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [TGT-1-I9PM7KyilG0eFfHYLp23qvUymsveWehnNUtQn7BEAtJtSidyBP-cas4.exemple.fr] to registry.> |
| | 2015-01-07 16:18:36,414 INFO [org.perf4j.TimingLogger] - <start[1420643916022] time[391] tag[CREATE_TICKET_GRANTING_TICKET]> |
| | 2015-01-07 16:18:36,414 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN |
| | ============================================================= |
| | WHO: audit:unknown |
| | WHAT: TGT-1-I9PM7KyilG0eFfHYLp23qvUymsveWehnNUtQn7BEAtJtSidyBP-cas4.exemple.fr |
| | ACTION: TICKET_GRANTING_TICKET_CREATED |
| | APPLICATION: CAS |
| | WHEN: Wed Jan 07 16:18:36 CET 2015 |
| | CLIENT IP ADDRESS: 157.158.211.9 |
| | SERVER IP ADDRESS: cas4.exemple.fr |
| | ============================================================= |
| | </code> |
| | |
| | requete dans ldap.log coté ldap serveur : |
| | |
| | <code> |
| | Jan 7 16:59:36 ldap4 slapd[1236]: conn=32062 op=0 SRCH base="ou=people,dc=exemple,dc=fr" scope=1 deref=0 filter="(uid=test)" |
| | Jan 7 16:59:36 ldap4 slapd[1236]: conn=32062 op=0 SRCH attr=1.1 |
| | Jan 7 16:59:36 ldap4 slapd[1236]: conn=32062 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= |
| | Jan 7 16:59:36 ldap4 slapd[1236]: conn=32059 op=0 BIND dn="uid=test,ou=people,dc=exemple,dc=fr" method=128 |
| | Jan 7 16:59:36 ldap4 slapd[1236]: conn=32059 op=0 BIND dn="uid=test,ou=People,dc=exemple,dc=fr" mech=SIMPLE ssf=0 |
| | Jan 7 16:59:36 ldap4 slapd[1236]: conn=32059 op=0 RESULT tag=97 err=0 text= |
| | Jan 7 16:59:36 ldap4 slapd[1236]: conn=32059 op=1 SRCH base="uid=test,ou=people,dc=exemple,dc=fr" scope=0 deref=0 filter="(objectClass=*)" |
| | Jan 7 16:59:36 ldap4 slapd[1236]: conn=32059 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= |
| | </code> |
| | |
| | |
| | ===== redeploiement cas ===== |
| | |
| | On reconstruit a nouveau Cas |
| | |
| | <code> |
| | [disi@cas4 simple-cas4-overlay-template]$ mvn -Dmaven.test.skip\=true package |
| | </code> |
| | |
| | |
| | puis on fait un RAZ du war dans l'arborescence tomcat |
| | |
| | <code> |
| | [root@cas4 cas-server-webapp]# systemctl stop tomcat.service |
| | [root@cas4 cas-server-webapp]# rm -rf /var/lib/tomcat/webapps/cas |
| | [root@cas4 cas-server-webapp]# rm -rf /var/lib/tomcat/webapps/cas.war |
| | [root@cas4 cas-server-webapp]# systemctl start tomcat.service ; tail -f /var/log/cas/cas.log |
| | </code> |
| | |
| | |
| | |
| | |
| | |
| |
| |
| |
