I want to configure CAS server 4.0 with ApacheDS LDAP. I followed the bellow steps:
1- Based on this Link I modify the deployerConfigContext.xml file. The following beans added to this file:
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="uid"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<!--
| This map provides a simple attribute resolution mechanism.
| Keys are LDAP attribute names, values are CAS attribute names.
| Use this facility instead of a PrincipalResolver if LDAP is
| the only attribute source.
-->
<entry key="member" value="member" />
<entry key="mail" value="mail" />
<entry key="displayName" value="displayName" />
</map>
</property>
</bean>
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="dnResolver"
c:handler-ref="authHandler" />
<!--
| The following DN format works for many directories, but may need to be
| customized.
-->
<bean id="dnResolver"
class="org.ldaptive.auth.FormatDnResolver"
c:format="uid=%s,${ldap.baseDn}" />
<bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler"
p:connectionFactory-ref="pooledLdapConnectionFactory" />
<bean id="pooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="connectionPool" />
<bean id="connectionPool"
class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize"
p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="${ldap.pool.blockWaitTime}"
p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy"
p:connectionFactory-ref="connectionFactory" />
<bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
p:minPoolSize="${ldap.pool.minSize}"
p:maxPoolSize="${ldap.pool.maxSize}"
p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
p:validatePeriodically="${ldap.pool.validatePeriodically}"
p:validatePeriod="${ldap.pool.validatePeriod}" />
<bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="connectionConfig" />
<bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
p:ldapUrl="${ldap.url}"
p:connectTimeout="${ldap.connectTimeout}"
p:useStartTLS="${ldap.useStartTLS}"
p:sslConfig-ref="sslConfig" />
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="${ldap.trustedCert}" />
</property>
</bean>
<bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
p:prunePeriod="${ldap.pool.prunePeriod}"
p:idleTime="${ldap.pool.idleTime}" />
<bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
Also the bellow properties added to the cas.properties:
#========================================
# General properties
#========================================
ldap.url=ldaps://localhost:10636
# LDAP connection timeout in milliseconds
ldap.connectTimeout=30000
# Whether to use StartTLS (probably needed if not SSL connection)
ldap.useStartTLS=true
#========================================
# LDAP connection pool configuration
#========================================
ldap.pool.minSize=3
ldap.pool.maxSize=10
ldap.pool.validateOnCheckout=false
ldap.pool.validatePeriodically=true
# Amount of time in milliseconds to block on pool exhausted condition
# before giving up.
ldap.pool.blockWaitTime=3000
# Frequency of connection validation in seconds
# Only applies if validatePeriodically=true
ldap.pool.validatePeriod=3000
# Attempt to prune connections every N seconds
ldap.pool.prunePeriod=3000
# Maximum amount of time an idle connection is allowed to be in
# pool before it is liable to be removed/destroyed
ldap.pool.idleTime=6000
#========================================
# Authentication
#========================================
ldap.baseDn=dc=example,dc=com
# Base DN of users to be authenticated
ldap.authn.baseDn=dc=example,dc=com
# Manager DN for authenticated searches
ldap.authn.managerDN=uid=admin,ou=system
# Manager password for authenticated searches
ldap.authn.managerPassword=secret
# Search filter used for configurations that require searching for DNs
#ldap.authn.searchFilter=(&(uid={user})(accountState=active))
ldap.authn.searchFilter=(uid={0})
# Search filter used for configurations that require searching for DNs
#ldap.authn.format=uid=%s,ou=Users,dc=example,dc=org
ldap.authn.format=uid=%s,ou=system
ldap.trustedCert=file:/D:/ApacheDS.cer
Also I used InstallCert to add the port of localhosr:8443 (tomcat) and localhost:10636 (ApacheDS) to the cacers file. And with Portecle export the ApacheDS.cer from ApacheDs certification from cacers.
My server.xml file of tomcat modified as bellow:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="50" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Program Files/Java/jdk1.7.0_60/jre/lib/security/cacerts"
keystorePass="changeit"
/>
Also the following Jars add to the apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\WEB-INF\lib :
cas-server-support-ldap-4.0.0.jar
spring-ldap-core-2.0.2.RELEASE.jar
spring-ldap-1.2.1.jar
ldaptive-1.0.5.jar
Finally! After lots of struggling tries I get the bellow error:
Caused by: java.lang.IllegalStateException: Could not initialize pool size
at org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:258)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1638)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1579)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1509)
... 70 more
Caused by: [org.ldaptive.provider.ConnectionException#3778440::resultCode=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, providerException=javax.naming.ServiceUnavailableException: localhost:10636; socket closed]
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.createInternal(JndiStartTLSConnectionFactory.java:95)
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.createInternal(JndiStartTLSConnectionFactory.java:37)
at org.ldaptive.provider.AbstractProviderConnectionFactory.create(AbstractProviderConnectionFactory.java:99)
at org.ldaptive.DefaultConnectionFactory$DefaultConnection.open(DefaultConnectionFactory.java:295)
at org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:482)
at org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:523)
at org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:363)
at org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:252)
... 77 more
Caused by: javax.naming.ServiceUnavailableException: localhost:10636; socket closed
at com.sun.jndi.ldap.Connection.readReply(Connection.java:454)
at com.sun.jndi.ldap.LdapClient.extendedOp(LdapClient.java:1202)
at com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3206)
at javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:183)
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.startTLS(JndiStartTLSConnectionFactory.java:134)
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.createInternal(JndiStartTLSConnectionFactory.java:92)
... 84 more
Could you possibly help me to solve this issue! I really don't know the main reason of my problem?
I don`t know is it late to answer or not, but to day I had same problem and after reading the ldaptive project source, I found the answer as below:
just add the p:failFastInitialize="false" parameter to your connectionPool bean just like
<bean id="connectionPool"
class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize"
p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="${ldap.pool.blockWaitTime}"
p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy"
p:connectionFactory-ref="connectionFactory" p:failFastInitialize="false" />
Finally I can find the solution! Listed bellow are the steps that help you to connect to AacheDS through CAS server 4.
Download cas-server-4.0.0-release.zip
Download Tomcat 8 and run it
Extract the cas-server-4.0.0-release.zip and copy cas-server-webapp-4.0.0.war into apache-tomcat-8.0.8\webapps of your tomcat. Wait till Tomcat extract the War file and make cas-server-webapp-4.0.0
Stop Tomcat Server
Go to conf folder of your Tomcat and edit the server.xml file. You should uncomment the HTTPS part of this file.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Program Files/Java/jdk1.7.0_60/jre/lib/security/cacerts"
keystorePass="changeit"
/>
As you can see , the certification of HTTPS Tomcat should be added to the cacerts file. You can check the following link to do this:
A Simple Step-By-Step Guide To Apache Tomcat SSL Configuration
Go to the apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\WEB-INF and replace deployerConfigContext.xml content with the following:
Go to my Blog to copy the content of file
Go to the apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\META-INF\maven\org.jasig.cas\cas-server-webapp and add the following to the pom.xml:
Add the following jar files into apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\WEB-INF\lib
cas-server-support-ldap-4.0.0.jar
spring-ldap-core-2.0.2.RELEASE.jar
spring-ldap-1.2.1.jar
ldaptive-1.0.5.jar
Run ApacheDS
Connect to your ApacheDS with Apache Directory Studio and create a user in dc=example,dc=com
Start Tomcat
Go to the http://localhost:8080/cas-server-webapp-4.0.0/login
Type username and password that you made in the Apache Directory Studio. You can login to CAS with ldap user now!
I'm using successfully Moghadam's solution above, but I had to make a small adjustment in deployerConfigContext.xml:
<bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" >
<constructor-arg ref="authenticator" />
<property name="principalAttributeMap">
<map>
<entry key="mail" value="mail" />
<entry key="cn" value="cn" />
</map>
</property>
</bean>
Please notice I removed the p:principalIdAttribute="uid" property.
Related
I have modified the admin console of ActiveMQ, i.e. the built-in Jetty, to use HTTPS instead of plain HTTP. However, two (albeit minor) issues remain:
I only managed to disable the HTTP port and enable the HTTPS port as suggested in the jetty.xml file:
<list>
<!--
Default: Enable this connector if you wish to use http with web console
->
<bean id="Connector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<!- see the jettyPort bean ->
<property name="host" value="#{systemProperties['jetty.host']}" />
<property name="port" value="#{systemProperties['jetty.port']}" />
</bean>
<!- -->
<!--
Enable this connector if you wish to use https with web console
-->
<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<constructor-arg>
<bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<property name="keyStorePath" value="${activemq.conf}/broker.ks" />
<property name="keyStorePassword" value="password" />
</bean>
</constructor-arg>
<property name="port" value="8162" />
</bean>
I would have preferred to leave the HTTP port active but use it to redirect HTTP calls to HTTPS. Can one do that and if so, how? I found no documentation describing this.
If one looks at the log at startup one gets a line
...
2022-11-23 17:56:04,836 | INFO | ActiveMQ WebConsole available at http://0.0.0.0:8162/ | org.apache.activemq.web.WebConsoleStarter | WrapperSimpleAppMain
2022-11-23 17:56:04,836 | INFO | ActiveMQ Jolokia REST API available at http://0.0.0.0:8162/api/jolokia/ | org.apache.activemq.web.WebConsoleStarter | WrapperSimpleAppMain
...
I.e. the URL displayed obviously picks up the correct port (8162 which I had changed from the default 8161 when switching to HTTPS) but displays the wrong protocol ("http") which is not correct. HTTP is not served any more, only HTTPS.
Can one tweak that as well so that the log also displays the correct protocol, i.e https://0.0.0.0:8162/....
Specify your (http connector) HttpConfiguration properly with regards to securePort and secureScheme.
Then add the SecureRedirectHandler somewhere early in your Jetty Handler tree.
How to disable ssl v3 in activemq Admin console (port 8161)? I did not found any document on line.
In my jetty.xml file I can see below lines:
<bean id="SecureConnector" class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<property name="port" value="8161" />
<property name="keystore" value="file:${activemq.conf}/broker.ks" />
<property name="password" value="password" />
</bean>
ActiveMQ uses a basic spring wired jetty server for the admin web-gui. Use the methods available in Jetty documentation - or look at this SO.
SslSelectChannelConnector takes a SslContextFactory as constructor arg. That factory has a excludeProtocols property which you can feed with "sslv3".
Wire that up in spring should be straight forward.
I have a sample Spring application for registering the student. I even created a SQLDB Service using Bluemix. I am unable to bind the service in the spring application in Jpacontext.xml.
If someone could please help me in providing the syntax how to call that would really help me.
The following entries in server.xml enabled me to connect my Spring application to SQLDB Service instance running in Bluemix.
I kept db2jcc4.jar and db2jcc_license_cu.jar in shared/db2 folder.
Please look at the credentials for SQLDB instance in Bluemix to get the database instance name, username, password and host ip address.
<jdbcDriver id="DB2JDBCDriver" libraryRef="DB2"/>
<library id="DB2" name="DB2 Shared Library">
<fileset dir="${shared.resource.dir}/db2" includes="*.jar"/>
</library>
<dataSource id='MyDataSource' beginTranForVendorAPIs="false" jdbcDriverRef="DB2JDBCDriver" jndiName="jdbc/MyDataSource" type="javax.sql.DataSource">
<properties.db2.jcc id='MyDataSource-props' currentLockTimeout="10s"
databaseName='<Database instance name>'
password='<password>'
portNumber='50000'
serverName='<host ip address>'
user='<username>'/>
<connectionManager connectionTimeout="10s" maxConnectionsPerThread="10" maxPoolSize="25" minPoolSize="5"/>
</dataSource>
Hope this helps !
I agree, I think we need more information to be of any real value, however, it may be helpful to begin by reviewing the link below which discusses the SQLDB service
https://www.ng.bluemix.net/docs/services/SQLDB/index.html#cli
and the following link which discusses how to bind to a service in Bluemix.
https://www.ng.bluemix.net/docs/services/reqnsi.html#config
If you still have problems after reviewing this material, then please provide a code snippet and the errors you're encountering.
You may refer to sqldb as JNDI resource. See more details on this here:
https://developer.ibm.com/answers/questions/178223/how-to-connect-to-db2-with-spring/
Taken from the link, example:
datasource-config.xml
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="jdbc/[some-jndi-name-from-server.xml]" />
</bean>
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
p:dataSource-ref="dataSource" />
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<constructor-arg ref="dataSource" />
</bean>
<bean id="namedParameterJdbcTemplate"
class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
<constructor-arg ref="dataSource" />
</bean>
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:WEB-INF/datasource-config.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
basically what you need is JNDI name to refer, from server.xml path in your application:
Dashboard -> Your application -> Logs and Files -> app -> .liberty -> usr -> servers -> defaultServer -> server.xml
Than it's possible to refer to your "dataSource" bean in application.
I followed the instructions at (https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method) for building the CAS server, and then the instructions for authenticating through LDAP (https://wiki.jasig.org/display/CASUM/LDAP). However, I keep getting the following error message in my Tomcat logs:
[LDAP: error code 34 - Invalid DN]; nested exception is javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN]
I have verified that my bind user credentials are correct as I am able to perform the following search from the command line:
ldapsearch -x -H ldaps://fuller.edu:636 -b "ou=People,o=fuller.edu,o=cp" -D "cn=Directory Manager" -w "password" "(sn=Smith)" cn sn pdsLoginId
The results from that search are correct and nearly instantaneous.
At this point, I'm not entirely certain what I'm missing. Below are snippets from my deployerConfigContext.xml file.
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="pdsLoginId=%u"
p:searchBase="ou=People,o=fuller.edu,o=cp"
p:contextSource-ref="contextSource" />
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="true"/>
<property name="url" value="ldaps://fuller.edu:636" />
<property name="userDn" value="cn=Directory Manager"/>
<property name="password" value="our password"/>
<property name="baseEnvironmentProperties">
<map>
<entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property>
</bean>
I've searched through several posts here at stackoverflow.com, and tried most of the answers, but without luck. I'm hoping someone will spot what is missing in my configuration and send me in the right direction.
I'm happy to post any more code that you may need to see.
Thanks in advance.
Your command line LDAP bind test uses the DN of "ou=People,o=our.edu,o=cp" but the config file specifies the DN of ou=People,o=edu,o=cp. Those are not the same.
o=our.edu or o=edu
Comment explained, it is ou=People,o=fuller.edu,o=cp
Next step would be to see if you need to escape the period with a backslash, so that ou=People,o=fuller.edu,o=cp which works on the command line, might beed to be ou=People,o=fuller\.edu,o=cp in the configuration file.
I have a problem with Jboss SSL connection. When I try to connect to the JBOSS by using changing client's windows host file (192.168.80.115 zimbrax.com) with my browser, I cant access. I am getting "Unable to connect" error. But when I try to connect on the server by using 127.0.0.1 zimbrax.com so I can access.
There is no firewall or other tool between my client and jboss server.
Below is my SSL configurations. (by the way there is no same problem with http:// but only https://)
server.xml :
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="D:\jboss-5.1.0.GA\server\zimbrax\conf\zimbrax.com.jks"
keystorePass="6v4xse32a096be4x" useBodyEncodingForURI="true" sslProtocol = "TLS" />
binding-jboss-beans.xml
<!-- For services like those listed above that need to know the
port of the HTTPS connector -->
<bean class="org.jboss.services.binding.ServiceBindingMetadata">
<property name="serviceName">jboss.web:service=WebServer</property>
<property name="bindingName">HttpsConnector</property>
<property name="port">443</property>
<property name="description">JBoss Web HTTPS connector socket</property>
</bean>
<xsl:variable name="portHttps" select="443"/>
<xsl:when test="(name() = 'port' and . = '443')">
<xsl:attribute name="port"><xsl:value-of select="$portHttps" /></xsl:attribute>
</xsl:when>
and this is my jboss startup :
d:
cd D:\JBoss-5.1.0.GA\bin
run.bat -b 0.0.0.0 -c zimbrax -Djavax.net.ssl.keyStore="D:/jboss-5.1.0.GA/server/zimbrax/conf/zimbrax.com.jks"
where should I check?
Could you please help me?
Are you saying it works over http ? What url do you use for that ?
Please try https://ipaddress/ and let us know what you find.