• Browse
  • Pages
  • News
  • Labels
  • Attachments
  • Mail
  • Advanced

  • People Directory
• Log In

1. Dashboard
2. > CAS User Manual
3. > Home
4. > Authentication
5. > Active Directory

• Log In

Active Directory

Added by David Durr, last edited by Scott Battaglia on Jan 04, 2008  (view change)

Table of Contents Home Overall Architecture Building and Deploying Development Introduction Java Versions Releasing Spring Configuration Technical Overview Upgrading Authentication Active Directory Generic JAAS JDBC LDAP Legacy RADIUS SPNEGO Trusted X.509 Certificates Authentication Managers Default AuthenticationManager Direct Mapping AuthenticationManager Security Policy Ticket Expiration Policy Remember Me Throttling Login Attempts TicketRegistry BerkleyDB Default JBOSS TreeCache JDBCTicketRegistry JpaTicketRegistry MemcacheTicketRegistry TicketRegistry Cleaner Testing Apache JMeter Nagios plugins Protocols Add Your Custom Protocol Applications that Require POST Responses CAS OpenID RESTful API SAML 1.1 SAML 2.0 (Google Accounts Integration) Single Sign Out Advanced Features Adding "Public Workstation" vs. "Private Workstation" Timeouts Auditing and Statistics Via Inspektr Internationalization LDAP Password Policy Enforcement Localization Second-Level CAS Server Terracotta Use Javascript Redirection Tutorials and HOWTOs Best Practice - Setting Up CAS Locally using the Maven2 WAR Overlay Method CAS on Windows Quick Setup Guide Clustering CAS Demo Deploying CAS 3.0.x in RHEL 5 with Sun Java HOWTO Configure CAS for LDAP DIGEST-MD5 HOWTO Configure JBoss for HTTPS HOWTO Configure Single Sign On Session Timeout HOWTO Run Canoo Web Tests HOWTO Setup Dual Authentication in CAS - SSL Client Auth and LDAP HOWTO Setup LDAP GSSAPI+Kerberos Authentication in CAS HOWTO Switch to Sun JVM in RHEL Shibboleth-CAS Integration Troubleshooting Logging SSL Troubleshooting and Reference Guide Services Management Adding Attributes Configuring Deleting Editing Extensions ClearPass

To authenticate users to MS Active Directory both the LDAP interface and the Kerberos interface can be used. See the relevant sections in this manual for more details: using LDAP using Kerberos using SPNEGO (non-interactive login: works only under certain conditions) The advantage of configuring SPNEGO is that users that are logged in to the AD domain will be logged in automatically at CAS, without any interaction asking for the password yet again. Note that this may not be desirable. Example Configuration for FastBind and Active Directory <bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="%u@domainname.tld" /> <property name="contextSource" ref="contextSource" /> <property name="ignorePartialResultException" value="yes" /> </bean> <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="urls"> <list> <value>ldap://adserver</value> </list> </property> </bean> The example uses something called User Principal Name (UPN) in filter. The full Distinguished Name (DN) was CN=LastName\, FirstName,OU=Users,DC=domainname,DC=tld.

Labels parameters

Labels

draft draft Delete

Enter labels to add to this page:

 

Looking for a label? Just start typing.

Powered by a free Atlassian Confluence Open Source Project License granted to Java Architectures Special Interest Group. Evaluate Confluence today.

• Powered by Atlassian Confluence 2.9, the Enterprise Wiki.
• Printed by Atlassian Confluence 2.9, the Enterprise Wiki.
• Bug/feature request –
• Atlassian news –
• Contact administrators