OFBiz integration with CAS and LDAP

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

OFBiz integration with CAS and LDAP

Trenton Perceval-2
Welcome.
I would like to ask you for a help with OFBiz integration with CAS and LDAP.

My environment is as follows:
1. Apache Directory Server 1.5.7
2. CAS Server 3.4.11 deployed on Tomcat 7.0.23
3. Apache OFBiz 10.04 (default deployment)

Problem: logging into OFBiz with assistance of CAS does not work.

What is already done:
- working CAS server (authentication works well with Liferay 6.1, with SSO
as well)
- working Apache Directory Server with my simple custom directory tree

What happens: after successfull authentication and ticket grant in CAS, I
still get the login page in OFBiz.

Configuration:

### /specialpurpose/ldap/conf/ldap.xml ###
<ldap>
    <!-- common configuration -->
    <Attribute>uid=%u</Attribute>
    <AuthenType>simple</AuthenType>

<AuthenticationHandler>org.ofbiz.ldap.cas.OFBizCasAuthenticationHandler</AuthenticationHandler>
    <AutoPartyId>admin</AutoPartyId>
    <AutoSecurityGroupId>FULLADMIN</AutoSecurityGroupId>
    <BaseDN>ou=uzytkownicy,o=IBL</BaseDN>
    <!-- <BaseDN>uid=admin,ou=system</BaseDN> -->
    <Filter>(objectClass=*)</Filter>
    <Scope>sub</Scope>
    <URL>ldaps://lr1ibl:10636</URL>
    <UseOFBizLoginWhenLDAPFail>true</UseOFBizLoginWhenLDAPFail>

    <!-- for CAS-LDAP -->
    <CasLoginUri>/login</CasLoginUri>
    <CasLogoutUri>/logout</CasLogoutUri>
    <CasUrl>https://lr1ibl:8444/cas</CasUrl>
    <CasValidateUri>/validate</CasValidateUri>

<CasLdapHandler>org.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler</CasLdapHandler>
    <CasTGTCookieName>CASTGC</CasTGTCookieName>

<!-- for MS Active Directory -->
    <SearchType/>
    <UserDNForSearch/>
    <PasswordForSearch/>
</ldap>

### /framework/common/webcommon/WEB-INF/common-controller.xml ###

    <!-- Security Mappings -->
    <request-map uri="checkLogin" edit="false">
        <description>Verify a user is logged in.</description>
        <security https="true" auth="false"/>
        <event type="java" path="org.ofbiz.ldap.LdapLoginWorker"
invoke="checkLogin"/>
        <response name="success" type="view" value="main"/>
        <response name="error" type="view" value="login"/>
    </request-map>
    <request-map uri="login">
        <security https="true" auth="false"/>
        <event type="java" path="org.ofbiz.ldap.LdapLoginWorker"
invoke="login"/>
        <response name="success" type="view" value="main"/>
        <response name="requirePasswordChange" type="view"
value="requirePasswordChange"/>
        <response name="error" type="view" value="login"/>
    </request-map>
    <request-map uri="logout">
        <security https="true" auth="true"/>
        <event type="java" path="org.ofbiz.ldap.LdapLoginWorker"
invoke="logout"/>
        <response name="success" type="request-redirect" value="main"/>
        <response name="error" type="view" value="main"/>
    </request-map>

I have also prepared some part of debug.log from /runtime/logs directory.
It can be found here: http://pastebin.com/raw.php?i=PvXALQGi
It is only part, where checkLogin is mentioned. I could not put whole file,
because its size is about 5 MB.
If you need it, I will provide whole file in some way.

I think CAS does not cause a problem, because it works well with other
services like Liferay and Moodle on my server.
The problem lays rather in OFBiz. Unfortunately, there is a very tiny
amount of information on the web about such integration.
In fact, you can see that I used some config samples present on the web
with small modification according to my directory tree.
It looks as follows:
o=IBL
|- ou=uzytkownicy
   |-- uid=kowalskij
   |-- uid=nowakp

My aim is to ingerate few different elements like OFBiz, Liferay and Moodle
with CAS assistance.
I have already configured it for Liferay, which authenticates users by
e-mail.
Maybe these causes a problem? How to configure it in OFBiz? I would like to
have e-mail authenatication in OFBiz too.

I am stuck. I would appreciate any help.
Reply | Threaded
Open this post in threaded view
|

Re: OFBiz integration with CAS and LDAP

Marcin
This post was updated on .
Please change in ldap.xml the line:
<Attribute>uid=%u</Attribute>
to:
<Attribute>mail=%u</Attribute>

Authentication by mail should work now.
Reply | Threaded
Open this post in threaded view
|

Re: OFBiz integration with CAS and LDAP

Trenton Perceval
It works. Thank you!