Differences

This shows you the differences between two versions of the page.

Link to this comparison view

--- docpublic:systemes:ssocas:cas4install [2015/01/07 15:56]
procacci@tem-tsp.eu [ref]
+++ docpublic:systemes:ssocas:cas4install [2015/07/01 22:20] (current)
procacci@tem-tsp.eu
@@ Line 3: / Line 3: @@
 ==== ref ====
-  * http://jasig.github.io/cas/4.0.0/planning/Installation-Requirements.html
+  * http://jasig.github.io/cas/4.0.x/planning/Installation-Requirements.html
   * http://jasig.github.io/cas/4.0.x/installation/Maven-Overlay-Installation.html
   * https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method
@@ Line 18: / Line 18: @@
   * http://fr.wikibooks.org/wiki/D%C3%A9velopper_en_Java/Introduction_%C3%A0_Apache_Maven
   * https://blog.zenithar.org/post/2013/10/17/personalisation-war-maven-overlay/
+  * http://aldian.developpez.com/tutoriels/javaee/authentification-centralisee-sso-cas/
+  * http://www.developertutorials.com/single-sign-on/
 ==== rpm package system  installés ====
@@ Line 82: / Line 84: @@
            └─10829 java -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/...
-déc. 10 15:54:18 cas4.int-evry.fr systemd[1]: Started Apache Tomcat Web Application Container.
+déc. 10 15:54:18 cas4.exemple.fr systemd[1]: Started Apache Tomcat Web Application Container.
 </code>
@@ Line 150: / Line 152: @@
 </code>
+=== firewalld rich-format rules ===
+autre option plus precise
+<code>
+# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" service name="http" log prefix="http_192_168" accept'
+# firewall-cmd --reload
+</code>
 ==== tomcat manager user ====
@@ Line 185: / Line 198: @@
 ainsi a ce niveau nous pouvons atteindre notre serveur tomcat en natif (8080) sur le manager via :
-http://cas4.tem-tsp.eu:8080/manager/html
+http://cas4.exemple.fr:8080/manager/html
 ===== Cas4 UniconLabs/simple-cas4-overlay-template =====
@@ Line 355: / Line 368: @@
 [root@cas4 log]# chmod 775 cas
 </code>
-==== CAS4 cas-overlay-demo ====
+===== FR CAS4 cas-overlay-demo =====
 autre exemple de source d'overlay fr , a poursuivre ....
@@ Line 600: / Line 613: @@
 {{:docpublic:systemes:ssocas:cas.properties|}}
+maintenant une authentification CAS4 + ldap fonctionne
+{{:docpublic:systemes:ssocas:cas4-ldap-auth-success.png?600|}}
+===== debug info =====
+une fois cette configuration en place (mvn clean package et relance du tomcat + effacement manuel du cas.war et repertoire cas dans le webapps tomcat, car le nouveau fichier deployerConfigContext.xml n'etait pas automatiquement repositionné !) , une authentification via ldap fonctionne enfin .
+log tomcat :
+<code>
+-01-07 16:18:36,027 DEBUG [org.jasig.cas.authentication.AcceptUsersAuthenticationHandler] - <test was not found in the map.>
+-01-07 16:18:36,028 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <AcceptUsersAuthenticationHandler failed authenticating test+password>
+-01-07 16:18:36,028 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP authentication for test+password>
+-01-07 16:18:36,030 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] - <resolve user=test>
+-01-07 16:18:36,030 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] - <searching for DN using userFilter>
+-01-07 16:18:36,053 DEBUG [org.ldaptive.SearchOperation] - <execute request=[org.ldaptive.SearchRequest@1830579154::baseDn=ou=people,dc=exemple,dc=fr, searchFilter=[org.ldaptive.SearchFilter@929747261::filter=(uid={user}), parameters={user=test}], returnAttributes=[1.1], searchScope=ONELEVEL, timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false
+....
+....
+[displayName[Test TEST]]], responseControls=null, messageId=-1], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]>
+-01-07 16:18:36,380 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [uid[test]]>
+-01-07 16:18:36,380 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [mail[test@exemple.fr]]>
+-01-07 16:18:36,380 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Found principal attribute: [displayName[Test TEST]]>
+-01-07 16:18:36,388 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler successfully authenticated test+password>
+-01-07 16:18:36,388 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <org.jasig.cas.authentication.principal.BasicPrincipalResolver@303cfcca resolved test from test+password>
+-01-07 16:18:36,391 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated test with credentials [test+password].>
+-01-07 16:18:36,391 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Attribute map for test: {}>
+-01-07 16:18:36,392 INFO [org.perf4j.TimingLogger] - <start[1420643916024] time[367] tag[AUTHENTICATE]>
+-01-07 16:18:36,410 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
+=============================================================
+WHO: audit:unknown
+WHAT: supplied credentials: [test+password]
+ACTION: AUTHENTICATION_SUCCESS
+APPLICATION: CAS
+WHEN: Wed Jan 07 16:18:36 CET 2015
+CLIENT IP ADDRESS: 157.158.211.9
+SERVER IP ADDRESS: cas4.exemple.fr
+=============================================================
+>
+-01-07 16:18:36,413 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [TGT-1-I9PM7KyilG0eFfHYLp23qvUymsveWehnNUtQn7BEAtJtSidyBP-cas4.exemple.fr] to registry.>
+-01-07 16:18:36,414 INFO [org.perf4j.TimingLogger] - <start[1420643916022] time[391] tag[CREATE_TICKET_GRANTING_TICKET]>
+-01-07 16:18:36,414 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
+=============================================================
+WHO: audit:unknown
+WHAT: TGT-1-I9PM7KyilG0eFfHYLp23qvUymsveWehnNUtQn7BEAtJtSidyBP-cas4.exemple.fr
+ACTION: TICKET_GRANTING_TICKET_CREATED
+APPLICATION: CAS
+WHEN: Wed Jan 07 16:18:36 CET 2015
+CLIENT IP ADDRESS: 157.158.211.9
+SERVER IP ADDRESS: cas4.exemple.fr
+=============================================================
+</code>
+requete dans ldap.log coté ldap serveur :
+<code>
+Jan  7 16:59:36 ldap4 slapd[1236]: conn=32062 op=0 SRCH base="ou=people,dc=exemple,dc=fr" scope=1 deref=0 filter="(uid=test)"
+Jan  7 16:59:36 ldap4 slapd[1236]: conn=32062 op=0 SRCH attr=1.1
+Jan  7 16:59:36 ldap4 slapd[1236]: conn=32062 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
+Jan  7 16:59:36 ldap4 slapd[1236]: conn=32059 op=0 BIND dn="uid=test,ou=people,dc=exemple,dc=fr" method=128
+Jan  7 16:59:36 ldap4 slapd[1236]: conn=32059 op=0 BIND dn="uid=test,ou=People,dc=exemple,dc=fr" mech=SIMPLE ssf=0
+Jan  7 16:59:36 ldap4 slapd[1236]: conn=32059 op=0 RESULT tag=97 err=0 text=
+Jan  7 16:59:36 ldap4 slapd[1236]: conn=32059 op=1 SRCH base="uid=test,ou=people,dc=exemple,dc=fr" scope=0 deref=0 filter="(objectClass=*)"
+Jan  7 16:59:36 ldap4 slapd[1236]: conn=32059 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
+</code>
+===== redeploiement cas  =====
+On reconstruit a nouveau Cas
+<code>
+[disi@cas4 simple-cas4-overlay-template]$  mvn -Dmaven.test.skip\=true package
+</code>
+puis on fait un RAZ du war dans l'arborescence tomcat
+<code>
+[root@cas4 cas-server-webapp]# systemctl stop tomcat.service
+[root@cas4 cas-server-webapp]# rm -rf /var/lib/tomcat/webapps/cas
+[root@cas4 cas-server-webapp]# rm -rf /var/lib/tomcat/webapps/cas.war
+[root@cas4 cas-server-webapp]# systemctl start tomcat.service ; tail -f /var/log/cas/cas.log
+</code>

docpublic/systemes/ssocas/cas4install.1420646199.txt.gz · Last modified: 2015/01/07 15:56 by procacci@tem-tsp.eu

Show page Old revisions

[unknown link type]Back to top