You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Trenton Perceval <tr...@gmail.com> on 2012/04/17 16:34:26 UTC
OFBiz integration with CAS and LDAP
Welcome.
I would like to ask you for a help with OFBiz integration with CAS and LDAP.
My environment is as follows:
1. Apache Directory Server 1.5.7
2. CAS Server 3.4.11 deployed on Tomcat 7.0.23
3. Apache OFBiz 10.04 (default deployment)
Problem: logging into OFBiz with assistance of CAS does not work.
What is already done:
- working CAS server (authentication works well with Liferay 6.1, with SSO
as well)
- working Apache Directory Server with my simple custom directory tree
What happens: after successfull authentication and ticket grant in CAS, I
still get the login page in OFBiz.
Configuration:
### /specialpurpose/ldap/conf/ldap.xml ###
<ldap>
<!-- common configuration -->
<Attribute>uid=%u</Attribute>
<AuthenType>simple</AuthenType>
<AuthenticationHandler>org.ofbiz.ldap.cas.OFBizCasAuthenticationHandler</AuthenticationHandler>
<AutoPartyId>admin</AutoPartyId>
<AutoSecurityGroupId>FULLADMIN</AutoSecurityGroupId>
<BaseDN>ou=uzytkownicy,o=IBL</BaseDN>
<!-- <BaseDN>uid=admin,ou=system</BaseDN> -->
<Filter>(objectClass=*)</Filter>
<Scope>sub</Scope>
<URL>ldaps://lr1ibl:10636</URL>
<UseOFBizLoginWhenLDAPFail>true</UseOFBizLoginWhenLDAPFail>
<!-- for CAS-LDAP -->
<CasLoginUri>/login</CasLoginUri>
<CasLogoutUri>/logout</CasLogoutUri>
<CasUrl>https://lr1ibl:8444/cas</CasUrl>
<CasValidateUri>/validate</CasValidateUri>
<CasLdapHandler>org.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler</CasLdapHandler>
<CasTGTCookieName>CASTGC</CasTGTCookieName>
<!-- for MS Active Directory -->
<SearchType/>
<UserDNForSearch/>
<PasswordForSearch/>
</ldap>
### /framework/common/webcommon/WEB-INF/common-controller.xml ###
<!-- Security Mappings -->
<request-map uri="checkLogin" edit="false">
<description>Verify a user is logged in.</description>
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.ldap.LdapLoginWorker"
invoke="checkLogin"/>
<response name="success" type="view" value="main"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="login">
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.ldap.LdapLoginWorker"
invoke="login"/>
<response name="success" type="view" value="main"/>
<response name="requirePasswordChange" type="view"
value="requirePasswordChange"/>
<response name="error" type="view" value="login"/>
</request-map>
<request-map uri="logout">
<security https="true" auth="true"/>
<event type="java" path="org.ofbiz.ldap.LdapLoginWorker"
invoke="logout"/>
<response name="success" type="request-redirect" value="main"/>
<response name="error" type="view" value="main"/>
</request-map>
I have also prepared some part of debug.log from /runtime/logs directory.
It can be found here: http://pastebin.com/raw.php?i=PvXALQGi
It is only part, where checkLogin is mentioned. I could not put whole file,
because its size is about 5 MB.
If you need it, I will provide whole file in some way.
I think CAS does not cause a problem, because it works well with other
services like Liferay and Moodle on my server.
The problem lays rather in OFBiz. Unfortunately, there is a very tiny
amount of information on the web about such integration.
In fact, you can see that I used some config samples present on the web
with small modification according to my directory tree.
It looks as follows:
o=IBL
|- ou=uzytkownicy
|-- uid=kowalskij
|-- uid=nowakp
My aim is to ingerate few different elements like OFBiz, Liferay and Moodle
with CAS assistance.
I have already configured it for Liferay, which authenticates users by
e-mail.
Maybe these causes a problem? How to configure it in OFBiz? I would like to
have e-mail authenatication in OFBiz too.
I am stuck. I would appreciate any help.
Re: OFBiz integration with CAS and LDAP
Posted by Trenton Perceval <tr...@gmail.com>.
It works. Thank you!
--
View this message in context: http://ofbiz.135035.n4.nabble.com/OFBiz-integration-with-CAS-and-LDAP-tp4564915p4586596.html
Sent from the OFBiz - User mailing list archive at Nabble.com.