===== CAS 4 =====
==== ref ====
* http://jasig.github.io/cas/4.0.x/planning/Installation-Requirements.html
* http://jasig.github.io/cas/4.0.x/installation/Maven-Overlay-Installation.html
* https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method
* http://www.ensor.cc/2011/06/mavens-war-overlay-what-are-war.html
* http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html
autres
* http://blog.guiguiabloc.fr/index.php/2013/11/11/mise-en-oeuvre-dun-serveur-dauthentification-sso-avec-cas-et-memcached/
* http://www.ensor.cc/2011/06/mavens-war-overlay-what-are-war.html
* http://maven.apache.org/guides/getting-started/maven-in-five-minutes.html
* http://www.artduweb.com/tutoriels/cas-sso
* http://dcabasson.developpez.com/articles/java/maven/introduction-maven2/
* http://fr.wikibooks.org/wiki/D%C3%A9velopper_en_Java/Introduction_%C3%A0_Apache_Maven
* https://blog.zenithar.org/post/2013/10/17/personalisation-war-maven-overlay/
* http://aldian.developpez.com/tutoriels/javaee/authentification-centralisee-sso-cas/
* http://www.developertutorials.com/single-sign-on/
==== rpm package system installés ====
java
[root@cas4 ~]# rpm -qa | grep java
java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64
java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el7_0.x86_64
python-javapackages-3.4.1-6.el7_0.noarch
tzdata-java-2014j-1.el7_0.noarch
java-1.7.0-openjdk-headless-1.7.0.71-2.5.3.1.el7_0.x86_64
javamail-1.4.6-8.el7.noarch
javassist-3.16.1-10.el7.noarch
javapackages-tools-3.4.1-6.el7_0.noarch
tomcat
[root@cas4 ~]# rpm -qa | grep tomcat
tomcat-jsp-2.2-api-7.0.42-8.el7_0.noarch
tomcat-lib-7.0.42-8.el7_0.noarch
tomcat-servlet-3.0-api-7.0.42-8.el7_0.noarch
tomcat-admin-webapps-7.0.42-8.el7_0.noarch
tomcat-7.0.42-8.el7_0.noarch
tomcat-el-2.2-api-7.0.42-8.el7_0.noarch
maven
[root@cas4 ~]# rpm -qa | grep maven
maven-3.0.5-16.el7.noarch
maven-wagon-2.4-3.el7.noarch
==== tomcat ====
Activation avec systemctl
[root@cas4 ~]# systemctl list-unit-files | grep -i tomcat
tomcat.service disabled
[root@cas4 ~]# systemctl enable tomcat.service
ln -s '/usr/lib/systemd/system/tomcat.service' '/etc/systemd/system/multi-user.target.wants/tomcat.service'
[root@cas4 ~]# systemctl list-unit-files | grep -i tomcat
tomcat.service enabled
[root@cas4 ~]# systemctl status tomcat.service
tomcat.service - Apache Tomcat Web Application Container
Loaded: loaded (/usr/lib/systemd/system/tomcat.service; enabled)
Active: inactive (dead)
[root@cas4 ~]# systemctl start tomcat.service
[root@cas4 ~]# systemctl status tomcat.service
tomcat.service - Apache Tomcat Web Application Container
Loaded: loaded (/usr/lib/systemd/system/tomcat.service; enabled)
Active: active (running) since mer. 2014-12-10 15:54:18 CET; 1s ago
Process: 10811 ExecStart=/usr/sbin/tomcat-sysd start (code=exited, status=0/SUCCESS)
Main PID: 10829 (java)
CGroup: /system.slice/tomcat.service
└─10829 java -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/...
déc. 10 15:54:18 cas4.exemple.fr systemd[1]: Started Apache Tomcat Web Application Container.
==== firewalld ====
centos/redhat 7 arrive avec firewalld , tout un monde !
ref https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html
on va recopier la definition du service ssh vers un service tomcat afin d'ouvrir via un service firewalld notre port tomcat 8080 .
[root@cas4 ~]# cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/tomcat.xml
[root@cas4 ~]# vim /etc/firewalld/services/tomcat.xml
[root@cas4 ~]# cat /etc/firewalld/services/tomcat.xml
tomcat
tomcat is a java servlet container/server
[root@cas4 ~]# firewall-cmd --state
running
[root@cas4 ~]# firewall-cmd --get-active-zones
public
interfaces: eth0
[root@cas4 ~]# firewall-cmd --get-service
amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https
[root@cas4 ~]# firewall-cmd --get-service --permanent
amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client tomcat transmission-client vnc-server wbem-https
l'ajout c'est bien passé au niveau filesystem, il faut recharger la lecture des services via
[root@cas4 ~]# firewall-cmd --reload
success
on ajoute de maniere permanente (disponible aux prochains boot) le service tomcat
[root@cas4 ~]# firewall-cmd --zone=public --add-service=tomcat
success
la visibilité via iptables est toujours possible
[root@cas4 ~]# iptables -L -n | grep 8080
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 ctstate NEW
malgres tout, pour abtenir cette ouverture de maniere stable, un ajout du service dans la zone active (ici public) est necessaire
[root@cas4 ~]# grep tomcat /etc/firewalld/zones/public.xml
[root@cas4 ~]# systemctl restart firewalld.service
=== firewalld rich-format rules ===
autre option plus precise
# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" service name="http" log prefix="http_192_168" accept'
# firewall-cmd --reload
==== tomcat manager user ====
pour une administration web via le manager de tomcat, il faut definir un username et des roles manager-* depuis tomcat7 !
[root@cas4 tomcat]# git diff 18fda4d tomcat-users.xml
diff --git a/tomcat-users.xml b/tomcat-users.xml
index 7224d60..901e50b 100644
--- a/tomcat-users.xml
+++ b/tomcat-users.xml
@@ -33,14 +33,15 @@
-->
+
-
-
-
-
+
+
+
+
ainsi a ce niveau nous pouvons atteindre notre serveur tomcat en natif (8080) sur le manager via :
http://cas4.exemple.fr:8080/manager/html
===== Cas4 UniconLabs/simple-cas4-overlay-template =====
suivant la documentation officielle (http://jasig.github.io/cas/4.0.x/installation/Maven-Overlay-Installation.html) nous partons du Maven WAR overlay founis par UniconLabs
==== git clone ====
on recupere les sources via github :
[disi@cas4 UniconLabs]$ git clone https://github.com/UniconLabs/simple-cas4-overlay-template
Cloning into 'simple-cas4-overlay-template'...
remote: Counting objects: 95, done.
remote: Total 95 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (95/95), done.
[disi@cas4 UniconLabs]$ cd simple-cas4-overlay-template/
[disi@cas4 simple-cas4-overlay-template]$ ls
build.xml etc LICENSE.txt pom.xml README.md src
==== parametrage cas.properties ====
le fichier de parametrage "cas.properties" est definie dans
[disi@cas4 simple-cas4-overlay-template]$ grep cas.properties ./src/main/webapp/WEB-INF/spring-configuration/propertyFileConfigurer.xml
pour le moment nous faisons un simple (server.name, host.name ) parametrage initiale pour le test primaire avec le login password de test (casuser / M..n) cf deployerConfigContext.xml où ce login est definit en dure dans le bean "primaryAuthenticationHandler" .
[disi@cas4 UniconLabs]$ cd simple-cas4-overlay-template/
[disi@cas4 simple-cas4-overlay-template]$ ls
build.xml etc LICENSE.txt pom.xml README.md src
[disi@cas4 simple-cas4-overlay-template]$ cd etc/
[disi@cas4 etc]$ ls
cas.properties log4j.xml
[disi@cas4 etc]$ vim cas.properties
petit backup/versionning git pour le forme
[disi@cas4 etc]$ git commit -a -m "custom cas.properties"
[master cd5dbb4] custom cas.properties
1 file changed, 3 insertions(+), 3 deletions(-)
==== /etc/cas directory ====
[root@cas4 etc]# mkdir cas
[root@cas4 etc]# chgrp disi /etc/cas/
[root@cas4 etc]# chmod 775 /etc/cas/
[disi@cas4 etc]$ cp cas.properties log4j.xml /etc/cas/
==== build ====
on lance la premiere compilation :
[disi@cas4 simple-cas4-overlay-template]$ mvn clean package
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building cas4-overlay 1.0
[INFO] ------------------------------------------------------------------------
Downloading: http://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom
...
Downloaded: http://oss.sonatype.org/content/repositories/releases/org/jasig/cas/cas-server-webapp/4.0.0/cas-server-webapp-4.0.0.war (24474 KB at 3628.4 KB/sec)
[INFO]
[INFO] --- maven-clean-plugin:2.4.1:clean (default-clean) @ cas4-overlay ---
[INFO]
[INFO] --- maven-resources-plugin:2.5:resources (default-resources) @ cas4-overlay ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/disi/UniconLabs/simple-cas4-overlay-template/src/main/resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ cas4-overlay ---
Downloading: http://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom
...
Downloaded: http://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (350 KB at 3208.2 KB/sec)
Downloaded: http://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (625 KB at 3528.8 KB/sec)
[INFO] No sources to compile
[INFO]
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ cas4-overlay ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/disi/UniconLabs/simple-cas4-overlay-template/src/test/resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ cas4-overlay ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.10:test (default-test) @ cas4-overlay ---
[INFO] No tests to run.
[INFO] Surefire report directory: /home/disi/UniconLabs/simple-cas4-overlay-template/target/surefire-reports
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
...
Downloaded: http://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (227 KB at 3059.3 KB/sec)
Downloaded: http://repo.maven.apache.org/maven2/com/thoughtworks/xstream/xstream/1.4.3/xstream-1.4.3.jar (471 KB at 2996.7 KB/sec)
[INFO] Packaging webapp
[INFO] Assembling webapp [cas4-overlay] in [/home/disi/UniconLabs/simple-cas4-overlay-template/target/cas]
[INFO] Processing war project
[INFO] Copying webapp resources [/home/disi/UniconLabs/simple-cas4-overlay-template/src/main/webapp]
[INFO] Processing overlay [ id org.jasig.cas:cas-server-webapp]
[INFO] Webapp assembled in [1023 msecs]
[INFO] Building war: /home/disi/UniconLabs/simple-cas4-overlay-template/target/cas.war
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 21.857s
[INFO] Finished at: Tue Dec 23 16:00:14 CET 2014
[INFO] Final Memory: 10M/25M
[INFO] ------------------------------------------------------------------------
==== deploy ====
et on deploie le cas.war fraichement créé dans le webapps de tomcat qui deploira automatiquement l'appli :
[disi@cas4 ~]$ cp /home/disi/UniconLabs/simple-cas4-overlay-template/target/cas.war /var/lib/tomcat/webapps/
[disi@cas4 ~]$ ls -al /var/lib/tomcat/webapps/
total 24484
drwxrwxr-x. 6 root tomcat 4096 6 janv. 11:46 .
drwxr-xr-x. 3 root tomcat 20 20 nov. 10:44 ..
drwxr-xr-x 7 tomcat tomcat 101 6 janv. 11:46 cas
-rw-rw-r-- 1 disi disi 25057390 6 janv. 11:46 cas.war
catalina log de deploiement
janv. 06, 2015 11:46:17 AM org.apache.catalina.startup.HostConfig deployWAR
INFOS: Déploiement de l'archive /var/lib/tomcat/webapps/cas.war de l'application web
log4j:WARN No appenders could be found for logger (org.springframework.web.context.ContextLoader).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
log4j:ERROR setFile(null,true) call failed.
java.io.FileNotFoundException: /var/log/cas/cas.log (Aucun fichier ou dossier de ce type)
correction du pb de cas.log
[root@cas4 log]# mkdir cas
[root@cas4 log]# chown root:tomcat cas
[root@cas4 log]# chmod 775 cas
===== FR CAS4 cas-overlay-demo =====
autre exemple de source d'overlay fr , a poursuivre ....
[disi@cas4 ~]$ mkdir leleuj
[disi@cas4 ~]$ cd leleuj/
[disi@cas4 leleuj]$ git clone https://github.com/leleuj/cas-overlay-demo
Cloning into 'cas-overlay-demo'...
remote: Counting objects: 307, done.
remote: Total 307 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (307/307), 60.10 KiB | 0 bytes/s, done.
Resolving deltas: 100% (104/104), done.
...
===== httpd et proxy ajp =====
il faut que le serveur reponde en https, avoir un apache en frontal de tomcat pour rediriger les requetes https vers tomcat est pratique
activation du service apache
[root@cas4 log]# systemctl enable httpd.service
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
firewall pour https (http://www.certdepot.net/rhel7-get-started-firewalld/)
[root@cas4 certs]# firewall-cmd --permanent --add-service=https
success
[root@cas4 certs]# firewall-cmd --reload
success
[root@cas4 certs]# firewall-cmd --list-services
dhcpv6-client https ssh tomcat
lien ajp
[root@cas4 certs]# cat /etc/httpd/conf.d/proxy-ajp.conf
ProxyPass /cas ajp://localhost:8009/cas retry=3 min=0 max=100 smax=50 ttl=10 timeout=60
ProxyPass /manager ajp://localhost:8009/manager retry=3 min=0 max=100 smax=50 ttl=10 timeout=60
recharge de cette configuration apache
[root@cas4 certs]# systemctl reload httpd.service
==== CAS login URL ====
premier test d'usage
https://cas4.exemple.fr/cas/login
saisie du login casuser et le password associé , log associés sur le serveur tomcat :
2015-01-07 11:36:24,185 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
2015-01-07 11:36:24,185 DEBUG [org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] -
2015-01-07 11:36:24,185 DEBUG [org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] -
2015-01-07 11:36:24,186 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
2015-01-07 11:36:24,189 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
2015-01-07 11:36:24,189 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
2015-01-07 11:36:24,189 INFO [org.perf4j.TimingLogger] -
2015-01-07 11:36:24,190 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
Cela marche bien avec un compte en dure !.
===== Ldap authentication Handler =====
reference : http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html
il y a 3 etapes / fichiers a modifier
==== pom.xml ====
indiquer au fichier de definition du projet qu'on veux utiliser le support-ldap :
[disi@cas4 simple-cas4-overlay-template]$ diff pom.xml.orig pom.xml
53a54,59
>
> org.jasig.cas
> cas-server-support-ldap
> ${cas.version}
>
>
==== deployerConfigContext.xml ====
les sources de l'overlay UniconLabs ne modifient pas par defaut le fichier deployerConfigContext.xml, il faut donc en mettre une copie dans le repertoire src afin que nos modifications soient prisent en compte lors du deploiement
[disi@cas4 simple-cas4-overlay-template]$ cp ./target/cas/WEB-INF/deployerConfigContext.xml src/main/webapp/WEB-INF/deployerConfigContext.xml
il faut ajouter toutes les directives présentées sur http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html mais aussi faire le lien vers ce ldap authentication Handler ( ce qui a premiere vue n'est pas indiqué dans cette doc, info reprise de https://lists.wisc.edu/read/messages?id=37789779 )
notament dans le bean id="authenticationManager"
et ajouter aussi le bean referencé usernamePasswordCredentialsResolver
j'ai aussi remplacé principalIdAttribute="uid" au lieu de ="mail" (on utilise l'uid ici) et pour le map d'attribut member par uid ,
au final voici tout ce qui a été changé dans deployerConfigContext.xml
[disi@cas4 disi]$ diff ./simple-cas4-overlay-template/target/cas/WEB-INF/deployerConfigContext.xml /home/disi/UniconLabs/simple-cas4-overlay-template/src/main/webapp/WEB-INF/deployerConfigContext.xml
64a65
>
127a129,214
>
> class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
>
>
> class="org.jasig.cas.authentication.LdapAuthenticationHandler"
> p:principalIdAttribute="uid"
> c:authenticator-ref="authenticator">
>
>
>
>
>
> c:resolver-ref="dnResolver"
> c:handler-ref="authHandler" />
>
> p:baseDn="${ldap.baseDn}"
> p:allowMultipleDns="false"
> p:connectionFactory-ref="searchPooledLdapConnectionFactory"
> p:userFilter="${ldap.authn.searchFilter}" />
>
> class="org.ldaptive.pool.PooledConnectionFactory"
> p:connectionPool-ref="searchConnectionPool" />
>
>
>
> class="org.ldaptive.pool.BlockingConnectionPool"
> init-method="initialize"
> p:poolConfig-ref="ldapPoolConfig"
> p:blockWaitTime="${ldap.pool.blockWaitTime}"
> p:validator-ref="searchValidator"
> p:pruneStrategy-ref="pruneStrategy"
> p:connectionFactory-ref="connectionFactory" />
>
> p:minPoolSize="${ldap.pool.minSize}"
> p:maxPoolSize="${ldap.pool.maxSize}"
> p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
> p:validatePeriodically="${ldap.pool.validatePeriodically}"
> p:validatePeriod="${ldap.pool.validatePeriod}" />
>
> p:connectionConfig-ref="connectionConfig" />
>
> p:ldapUrl="${ldap.url}"
> p:connectTimeout="${ldap.connectTimeout}"
> p:useStartTLS="${ldap.useStartTLS}"
> p:sslConfig-ref="sslConfig" />
>
>
>
> p:trustCertificates="${ldap.trustedCert}" />
>
>
>
> p:prunePeriod="${ldap.pool.prunePeriod}"
> p:idleTime="${ldap.pool.idleTime}" />
>
>
>
> p:connectionFactory-ref="bindPooledLdapConnectionFactory" />
>
> class="org.ldaptive.pool.PooledConnectionFactory"
> p:connectionPool-ref="bindConnectionPool" />
>
>
voici le fichier complet :
{{:docpublic:systemes:ssocas:deployerconfigcontext.xml|}}
==== cas.properties ====
enfin , pour alimenter les variables definies dans le deployerConfigContext.xml ci-dessus, voici le cas.properties associé, idem j'ai du ajouter:
ldap.baseDn=ou=people,dc=exemple,dc=fr
ldap.trustedCert=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem
variables appelées dans deployerConfigContext.xml mais pas definies dans le cas.properties d'exemple .
(cf http://comments.gmane.org/gmane.comp.java.jasig.cas.user/27717 )
voici le fichier exemple complet :
{{:docpublic:systemes:ssocas:cas.properties|}}
maintenant une authentification CAS4 + ldap fonctionne
{{:docpublic:systemes:ssocas:cas4-ldap-auth-success.png?600|}}
===== debug info =====
une fois cette configuration en place (mvn clean package et relance du tomcat + effacement manuel du cas.war et repertoire cas dans le webapps tomcat, car le nouveau fichier deployerConfigContext.xml n'etait pas automatiquement repositionné !) , une authentification via ldap fonctionne enfin .
log tomcat :
2015-01-07 16:18:36,027 DEBUG [org.jasig.cas.authentication.AcceptUsersAuthenticationHandler] -
2015-01-07 16:18:36,028 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
2015-01-07 16:18:36,028 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] -
2015-01-07 16:18:36,030 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
2015-01-07 16:18:36,030 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
2015-01-07 16:18:36,053 DEBUG [org.ldaptive.SearchOperation] -
2015-01-07 16:18:36,380 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] -
2015-01-07 16:18:36,380 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] -
2015-01-07 16:18:36,380 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] -
2015-01-07 16:18:36,388 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
2015-01-07 16:18:36,388 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
2015-01-07 16:18:36,391 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
2015-01-07 16:18:36,391 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
2015-01-07 16:18:36,392 INFO [org.perf4j.TimingLogger] -
2015-01-07 16:18:36,410 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
2015-01-07 16:18:36,413 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] -
2015-01-07 16:18:36,414 INFO [org.perf4j.TimingLogger] -
2015-01-07 16:18:36,414 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
requete dans ldap.log coté ldap serveur :
Jan 7 16:59:36 ldap4 slapd[1236]: conn=32062 op=0 SRCH base="ou=people,dc=exemple,dc=fr" scope=1 deref=0 filter="(uid=test)"
Jan 7 16:59:36 ldap4 slapd[1236]: conn=32062 op=0 SRCH attr=1.1
Jan 7 16:59:36 ldap4 slapd[1236]: conn=32062 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 7 16:59:36 ldap4 slapd[1236]: conn=32059 op=0 BIND dn="uid=test,ou=people,dc=exemple,dc=fr" method=128
Jan 7 16:59:36 ldap4 slapd[1236]: conn=32059 op=0 BIND dn="uid=test,ou=People,dc=exemple,dc=fr" mech=SIMPLE ssf=0
Jan 7 16:59:36 ldap4 slapd[1236]: conn=32059 op=0 RESULT tag=97 err=0 text=
Jan 7 16:59:36 ldap4 slapd[1236]: conn=32059 op=1 SRCH base="uid=test,ou=people,dc=exemple,dc=fr" scope=0 deref=0 filter="(objectClass=*)"
Jan 7 16:59:36 ldap4 slapd[1236]: conn=32059 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
===== redeploiement cas =====
On reconstruit a nouveau Cas
[disi@cas4 simple-cas4-overlay-template]$ mvn -Dmaven.test.skip\=true package
puis on fait un RAZ du war dans l'arborescence tomcat
[root@cas4 cas-server-webapp]# systemctl stop tomcat.service
[root@cas4 cas-server-webapp]# rm -rf /var/lib/tomcat/webapps/cas
[root@cas4 cas-server-webapp]# rm -rf /var/lib/tomcat/webapps/cas.war
[root@cas4 cas-server-webapp]# systemctl start tomcat.service ; tail -f /var/log/cas/cas.log