0

我正在尝试配置 Tomcat 和 CAS。

我的部署有: 1. 单个 Tomcat 服务器(版本 7.0.29) 2. Apache DS 作为 LDAP 3. CAS 服务器 3.5.2 部署到 Tomcat 4. 我的 Web 应用程序部署到同一个 Tomcat 服务器

我正在使用自签名证书,并且必须修改 CAS 以提供自定义 HostNameVerifier 来解决错误的主机名错误。

所以现在当我尝试访问我的 Web 应用程序时,我会被重定向到 CAS 登录页面。我可以使用来自 LDAP 的凭据登录并重定向回 Web 应用程序。但是我在使用 CAS20 验证器时得到了 401(当我尝试 SAML11 验证器时得到了 403)。

所以我怀疑 web.xml 可能有问题。这是我正在使用的:

<security-constraint>
    <display-name>Global Access</display-name>
    <web-resource-collection>
        <web-resource-name>Global</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

关于我做错了什么的任何想法?

谢谢马克

CAS 跟踪

2013-09-07 11:45:33,206 INFO  [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: fadams]
WHAT: supplied credentials: [username: fadams]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Sat Sep 07 11:45:33 BST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2013-09-07 11:45:33,209 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: fadams]
WHAT: TGT-1-1cSjhWvG2A6kQcEJVOFkHAiQgGRyejeoVkpTkzbqSBftS7LApp-localhost
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Sat Sep 07 11:45:33 BST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2013-09-07 11:45:33,212 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-vjLbc7KbWAK5kyYTSJTZ-localhost] for service [https://localhost:8443/moodle.webapp/] for user [fadams]>
2013-09-07 11:45:33,212 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: fadams
WHAT: ST-1-vjLbc7KbWAK5kyYTSJTZ-localhost for https://localhost:8443/moodle.webapp/
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sat Sep 07 11:45:33 BST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
Warning: URL Host: localhost vs. localhost
2013-09-07 11:45:33,259 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-1-vjLbc7KbWAK5kyYTSJTZ-localhost
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Sat Sep 07 11:45:33 BST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
4

1 回答 1

0

您是否在 web 应用程序中安装了所有必要的 CAS 过滤器,尤其是票证验证过滤器和请求包装器过滤器?详情请看这里:https ://wiki.jasig.org/plugins/servlet/mobile#content/view/8096602

于 2013-09-07T22:33:53.530 回答