Welcome.
I would like to ask you for a help with OFBiz integration with CAS and LDAP. My environment is as follows: 1. Apache Directory Server 1.5.7 2. CAS Server 3.4.11 deployed on Tomcat 7.0.23 3. Apache OFBiz 10.04 (default deployment) Problem: logging into OFBiz with assistance of CAS does not work. What is already done: - working CAS server (authentication works well with Liferay 6.1, with SSO as well) - working Apache Directory Server with my simple custom directory tree What happens: after successfull authentication and ticket grant in CAS, I still get the login page in OFBiz. Configuration: ### /specialpurpose/ldap/conf/ldap.xml ### <ldap> <!-- common configuration --> <Attribute>uid=%u</Attribute> <AuthenType>simple</AuthenType> <AuthenticationHandler>org.ofbiz.ldap.cas.OFBizCasAuthenticationHandler</AuthenticationHandler> <AutoPartyId>admin</AutoPartyId> <AutoSecurityGroupId>FULLADMIN</AutoSecurityGroupId> <BaseDN>ou=uzytkownicy,o=IBL</BaseDN> <!-- <BaseDN>uid=admin,ou=system</BaseDN> --> <Filter>(objectClass=*)</Filter> <Scope>sub</Scope> <URL>ldaps://lr1ibl:10636</URL> <UseOFBizLoginWhenLDAPFail>true</UseOFBizLoginWhenLDAPFail> <!-- for CAS-LDAP --> <CasLoginUri>/login</CasLoginUri> <CasLogoutUri>/logout</CasLogoutUri> <CasUrl>https://lr1ibl:8444/cas</CasUrl> <CasValidateUri>/validate</CasValidateUri> <CasLdapHandler>org.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler</CasLdapHandler> <CasTGTCookieName>CASTGC</CasTGTCookieName> <!-- for MS Active Directory --> <SearchType/> <UserDNForSearch/> <PasswordForSearch/> </ldap> ### /framework/common/webcommon/WEB-INF/common-controller.xml ### <!-- Security Mappings --> <request-map uri="checkLogin" edit="false"> <description>Verify a user is logged in.</description> <security https="true" auth="false"/> <event type="java" path="org.ofbiz.ldap.LdapLoginWorker" invoke="checkLogin"/> <response name="success" type="view" value="main"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="login"> <security https="true" auth="false"/> <event type="java" path="org.ofbiz.ldap.LdapLoginWorker" invoke="login"/> <response name="success" type="view" value="main"/> <response name="requirePasswordChange" type="view" value="requirePasswordChange"/> <response name="error" type="view" value="login"/> </request-map> <request-map uri="logout"> <security https="true" auth="true"/> <event type="java" path="org.ofbiz.ldap.LdapLoginWorker" invoke="logout"/> <response name="success" type="request-redirect" value="main"/> <response name="error" type="view" value="main"/> </request-map> I have also prepared some part of debug.log from /runtime/logs directory. It can be found here: http://pastebin.com/raw.php?i=PvXALQGi It is only part, where checkLogin is mentioned. I could not put whole file, because its size is about 5 MB. If you need it, I will provide whole file in some way. I think CAS does not cause a problem, because it works well with other services like Liferay and Moodle on my server. The problem lays rather in OFBiz. Unfortunately, there is a very tiny amount of information on the web about such integration. In fact, you can see that I used some config samples present on the web with small modification according to my directory tree. It looks as follows: o=IBL |- ou=uzytkownicy |-- uid=kowalskij |-- uid=nowakp My aim is to ingerate few different elements like OFBiz, Liferay and Moodle with CAS assistance. I have already configured it for Liferay, which authenticates users by e-mail. Maybe these causes a problem? How to configure it in OFBiz? I would like to have e-mail authenatication in OFBiz too. I am stuck. I would appreciate any help. |
This post was updated on .
Please change in ldap.xml the line:
<Attribute>uid=%u</Attribute> to: <Attribute>mail=%u</Attribute> Authentication by mail should work now. |
It works. Thank you!
|
Free forum by Nabble | Edit this page |