Configuring SPNEGO with CAS 5.2.0-RC3-SNAPSHOT

94 views
Skip to first unread message

Fabio Martelli

unread,
Sep 7, 2017, 10:18:27 AM9/7/17
to CAS Community

Hi All, I'm facing with spnego configuration into CAS 5.2.0-RC3-SNAPSHOT.

Unfortunately it seems that I cannot be able to start the aimed webflow.

I think all the configurations are right:

  1. added cas-server-support-spnego-webflow dependency into the pom
  2. configured cas.properties as following
    • cas.authn.spnego.jcifsServicePrincipal=HTTP/......
    • cas.authn.spnego.loginConf=file:///etc/cas/config/login.conf
    • cas.authn.spnego.hostNamePatternString=.+
    • cas.authn.spnego.hostNameClientActionStrategy=hostnameSpnegoClientAction
    • cas.authn.spnego.kerberosKdc=192.168.111.2
    • cas.authn.spnego.ipsToCheckPattern=192.168.111.+
    • cas.authn.spnego.kerberosDebug=true
    • cas.authn.spnego.send401OnAuthenticationFailure=true
    • cas.authn.spnego.kerberosRealm=OR.LAN
  3. Created SPN Account + Keytab File (tested successfully)
  4. Configured the IE and Firefox for testing

Am I missing something?

Please, let me know.

BR,

F.


-- 
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html

Tirasa - Open Source Excellence
http://www.tirasa.net/index.html?pk_campaign=email&pk_kwd=fm

Apache Syncope PMC
http://people.apache.org/~fmartelli/

Fabio Martelli

unread,
Sep 7, 2017, 11:43:33 AM9/7/17
to CAS Community
Hi, it seems that there is a conflict with X509 webflow.
Cannot the two webflow co-exist?

Regards,
F.

Petr Gašparík - AMI Praha a.s.

unread,
Sep 8, 2017, 2:42:19 AM9/8/17
to CAS Community
Hi Fabio,
We also changed login-webflow.xml:

    <action-state id="initializeLoginForm">
        <evaluate expression="initializeLoginAction" />
        <transition on="error" to="viewLoginForm"/>
        <transition on="success" to="startSpnegoAuthenticate"/>
        <!--transition on="success" to="viewLoginForm"/-->
    </action-state>


--

s pozdravem

Petr Gašparík
solution architect

gsm: [+420] 603 523 860
e-mail: petr.g...@ami.cz

      

AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz

      

AMI Praha a.s.


Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe42ef0b-3cf9-9361-2c02-e48a82506aee%40gmail.com.

Fabio Martelli

unread,
Sep 8, 2017, 3:23:25 AM9/8/17
to cas-...@apereo.org, Petr Gašparík - AMI Praha a.s.
Il 08/09/2017 08:41, Petr Gašparík - AMI Praha a.s. ha scritto:
Hi Fabio,
We also changed login-webflow.xml:

    <action-state id="initializeLoginForm">
        <evaluate expression="initializeLoginAction" />
        <transition on="error" to="viewLoginForm"/>
        <transition on="success" to="startSpnegoAuthenticate"/>
        <!--transition on="success" to="viewLoginForm"/-->
    </action-state>
Hi Petr, thank you for the tip.
BR,
F.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABAspd1qNmRCQZd4xt%2Ba3XdVinjmXA7G-DOnJ1pykKyPuPF-Dg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages