| Warning | ||
|---|---|---|
| ||
CAS documentation has moved over to jasig.github.io/cas, starting with CAS version 4.x. The wiki will no longer be maintained. For the most recent version of the documentation, please refer to the aforementioned link. |
JAAS Authentication Handler
...
Like other handlers, the JAAS Authentication Handler is simply configured in the deployerConfigContext.xml. Within the AuthenticationManager's "authenticationHandlers" property, place the following configuration (replacing the example Test handler):
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler" />
|
...
The path to the JAAS Configuration file is specified for this JVM as a system property, i.e. -Djava.security.auth.login.config=jaas.conf , or a default can be specified for an entire Java Runtime Environment by changing the {jre-home}/lib/security/java.security properties file to add a "Default login configuration file" under the property "login.config.url.1=file:..." (find the comment example in the current file).
| Code Block |
|---|
/**
* Login Configuration for JAAS. First try Kerberos, then LDAP, then AD
* Note that a valid krb5.conf must be supplied to the JVM for Kerberos auth
* -Djava.security.krb5.conf=/etc/krb5.conf
*/
CAS {
com.ibm.security.auth.module.Krb5LoginModule sufficient
debug=FALSE;
edu.uconn.netid.jaas.LDAPLoginModule sufficient
java.naming.provider.url="ldap://ldap.my.org:389/dc=my,dc=org"
java.naming.security.principal="uid=cas,dc=my,dc=org"
java.naming.security.credentials="password"
Attribute="uid"
startTLS="true";
edu.uconn.netid.jaas.LDAPLoginModule sufficient
java.naming.provider.url="ldaps://ad.my.org:636/dc=ad,dc=my,dc=org"
java.naming.security.principal="cas@ad.my.org"
java.naming.security.credentials="password"
Attribute="sAMAccountName";
};
|
...