I deployed my CAS server with OAuth protocol support
I've added this code to my deployerConfigContext.xml
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="1"/>
<property name="name" value="the_key"/>
<property name="description" value="the_secret"/>
<property name="theme" value="my great webapp for OAuth"/>
<property name="serviceId" value="http://localhost:8080/cas/login"/>
<property name="evaluationOrder" value="10000001"/>
<property name="allowedAttributes">
<list>
<!-- facebook -->
<value>the_key</value>
<value>the_secret</value>
</list>
</property>
</bean>
and
<bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.DefaultTicketRegistry">
<constructor-arg index="0" value="1000"/>
<constructor-arg index="1" value="1"/>
<constructor-arg index="2" value="16"/>
</bean>
to define my ticketRegistry
So my OAuth client secret code key is the_secret and the_key
but when I load this URL http://localhost:8080/cas/oauth2.0/accessToken?client_secret=the_secret&grant_type=refresh_token&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcas%2Flogin&code=0&client_id=the_key to test my OAuth protocol, I've got this exception
<Code Expired 0>
Why and how could I fix it?
You need to define two CAS services :
one for internal mechanism of OAuth server support (with CASservice.serviceId = http://localhost:8080/cas/oauth2.0/callbackAuthorize)
one for the each client OAuth application you want to authorize (with oauthclient.key = CASservice.name, oauthclient.secret = CASservice.description, oauthclient.redirect_uri should start with CASservice.serviceId).
The documentation : https://wiki.jasig.org/display/CASUM/OAuth+server+support, part 3...
Related
I'm trying to use ActiveDirectory to authenticate to JasperServer , that still not working for some reason :
here is my configuration :
1. STEP 1 : access params to the AD Server :
<bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
<constructor-arg value="ldap://192.10.0.190:389/dc=sifast,dc=infra"/>
<!-- manager user name and password (may not be needed) -->
<property name="userDn" value="CN=recherche,CN=Users,DC=sifast,DC=infra"/>
<property name="password" value="*******"/>
<property name="referral">
<value>follow</value>
</property>
</bean>
2.STEP 2: configuration of the access within "userDnPatterns" :
here i wanna access with the login already entered
<bean id="ldapAuthenticationProvider" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">
<constructor-arg><ref local="ldapContextSource"/></constructor-arg>
<property name="userDnPatterns">
<list>
<value>CN={0},CN=Users,DC=sifast,DC=infra</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator">
<constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>
</bean>
so here i'm setting it within that : CN={0},CN=Users,DC=sifast,DC=infra
3. STEP 3 : configuring the userSearch method:
<bean id="userSearch"
class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">
<constructor-arg index="0">
<value></value>
</constructor-arg>
<constructor-arg index="1">
<value>(sAMAccountName={0})</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="ldapContextSource" />
</constructor-arg>
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
here i'm using the login "({0})" entered to look for the similar sAMAccountName of the right user.
that still not working.
my AD Schema looks like this:
so i wanna let simple users inside CN=USERS acquire access
Actually my authentication is still failing. Any ideas?
In your step 2 spring configuration file JSBindAuthenticator missing the following property reference:
<property name="userSearch" ref="userSearch"/>
I'm using CAS server 4.x and I'm trying to delegate authentication using google. My idea is that a web application A redirects to CAS for login, there the user presses a "login using google" and then he gets redirected to log in using google.
To achieve that I created a client application (A).
I run A and it redirects me to the CAS login page, there I press the "login using google" link and it redirects me to login with google, there I login and consent.
On the CAS side the info from google is received ok and the TGT is created. However, the server fails to redirect to A cause it doesn't have the redirect info in the session:
ERROR [org.jasig.cas.support.oauth.web.OAuth20CallbackAuthorizeController] - oauth20_callbackUrl is missing from the session and can not be retrieved.
Any idea of what could be wrong?
This is how I configured everything:
First, I followed the steps mentioned here:
http://jasig.github.io/cas/development/integration/Delegate-Authentication.html
In the login view I added:
login using google
applicationContext:
<bean id="google" class="org.pac4j.oauth.client.Google2Client">
<property name="key" value="key" />
<property name="secret" value="secret" />
</bean>
<bean id="clients" class="org.pac4j.core.client.Clients">
<property name="callbackUrl" value="http://localhost:8080/cas/login" />
<property name="clients">
<list>
<ref bean="google" />
</list>
</property>
</bean>
cas servlet:
<bean id="clientAction" class="org.jasig.cas.support.pac4j.web.flow.ClientAction">
<constructor-arg index="0" ref="centralAuthenticationService"/>
<constructor-arg index="1" ref="clients"/>
</bean>
deployerConfigContext:
<property name="authenticationMetaDataPopulators">
<util:list>
<bean class="org.jasig.cas.support.pac4j.authentication.ClientAuthenticationMetaDataPopulator" />
</util:list>
</property>
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler">
<constructor-arg index="0" ref="clients"/>
</bean>
Then I added an OAuth client in the deployerConfigContext:
registeredServicesList:
<bean class="org.jasig.cas.support.oauth.services.OAuthRegisteredService">
<property name="id" value="1" />
<property name="name" value="serviceName" />
<property name="description" value="Service Description" />
<property name="serviceId" value="http://localhost:8080/A/" />
<property name="clientId" value="123" />
<property name="clientSecret" value="123" />
</bean>
The error you get happens only if you enable OAuth server support, but what you want is to enable OAuth client support (based on pac4j) to be able to delegate the authentication to Google. You have the right link to the documentation, but you should check you followed every steps (there is no "OAuthRegisteredService").
I am trying to make Spring Security 3.05 to work with a modified UserDetailsContextMapper so that i can get a few more info out of LDAP they way i need to, a task that seems fairly straightforward, but had no success.
I have configured Spring Security to use LDAP authentication with the following beans:
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://192.168.1.102:636" />
<property name="userDn" value="manager" />
<property name="password" value="password" />
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="" />
<constructor-arg index="1" value="(mail={0})" />
<constructor-arg index="2" ref="contextSource" />
</bean>
</property>
</bean>
</constructor-arg>
<property name="userDetailsContextMapper" ref="myContextMapper" />
</bean>
However even though i have defined myContextMapper as:
<bean id="myContextMapper" class="com.mypackage.MyLDAPUserDetailsMapper">
<property name="rolePrefix" value="TEST_PREFIX" />
</bean>
it does not work. meaning that the custom mapper is ignored (i get no debug output whatsoever).
p.s. applicationContext-security.xml can be seen below and apart from the custom UserDetailsMapper that's been ignored, authentication and role assignment is working fine.
<authentication-manager>
<ldap-authentication-provider server-ref="contextSource"/>
</authentication-manager>
You don't need to configure the in-built UserDetailsContextMapper classes. Spring Security automatically picks up the correct UserDetailsContextMapper based on the type of LdapUserDetails class requested, which is configured by user-details-class attribute of ldap-authentication-provider. If you are using your own context mapper then configure it using the attribute user-context-mapper-ref.
I have an application that use Spring-Security framework with Jboss Server. Everything works fine. I can get account locked, bad credentials messages based on the authentication.
Now, I'm trying to move to configure the same thing with Tomcat. But, I don't get account locked, bad credentials messages. I just get "Unauthorized" for every wrong authentication. Can some body point me to What I am missing ? Here is the securitycontext.xml file content:
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint"/>
</bean>
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager">
</property>
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="jaasAuthenticationProvider"/>
<ref local="casAuthenticationProvider"/>
</list>
</property>
</bean>
I want to add SSL security in the Database layer. I am using Struts2.1.6, Spring 2.5, JBOSS 5.0 and Informix 11.5. Any idea how to do this?
I have researched through a lot on the internet but could not find any solution.
Please suggest!
Here is my datasource and entity manager beans which is working perfect without SSL:
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="database" value="INFORMIX" />
<property name="showSql" value="true" />
</bean>
</property>
</bean>
<bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="com.informix.jdbc.IfxDriver" />
<property name="url"
value="jdbc:informix-sqli://SERVER_NAME:9088/DB_NAME:INFORMIXSERVER=SERVER_NAME;DELIMIDENT=y;" />
<property name="username" value="username" />
<property name="password" value="password" />
<property name="minIdle" value="2" />
</bean>
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean" lazy-init="false">
<property name="targetObject" ref="dataSource" />
<property name="targetMethod" value="addConnectionProperty" />
<property name="arguments">
<list>
<value>characterEncoding</value>
<value>UTF-8</value>
</list>
</property>
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate" scope="prototype">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
Thankyou very much for your suggestion. So basically I need to set something like this in my applicationContext.xml, Please correct me if I am wrong:
<property name="username" value="username" />
<property name="password" value="password" />
**<property name="sslConnection" value="true" />**
<property name="minIdle" value="2" />
But how do I set the SSL certificate in java runtime. The link which you have provided is good but for some reason I am not able to follow. Please put your suggestion.
Using SSL for the communication between an application and a database is something that has to be supported by the database server (and the JDBC driver).
According to the documentation, this is supported by Informix Dynamic Server (IDS) since version 11.50.
You can use SSL support in your Java applications if you use IBM Data Server Driver for JDBC and SQLJ type 4 connectivity to DB2® for z/OS® Version 9 or later, to DB2 Database for Linux®, UNIX®, and Windows® Version 9.1, Fix Pack 2 or later, or to IBM Informix® Dynamic Server (IDS) Version 11.50 or later.
(...)
To use SSL connections, you need to:
Configure connections to the data source to use SSL. (link)
Configure your Java Runtime Environment to use SSL. (link)
The documentation should help.
If you're using a version of IDS prior to 11.50, then I'm afraid you'll have to use SSH tunneling.