Hi Paul,
You might find the page at https://gabriel.lse.ac.uk/twiki/bin/view/Projects/WebFormAuth helpful if you tried setting this up using the Internet2 instructions, which I found confusing. Various things need to match between the server.xml realm and the IdP's web.xml configuration, and these are detailed on the page.
Cheers
Simon
Paul Cheyne wrote:
> Hi all
>
>
>
> Well I have now got my authentication page up and running on the SSO
> (https://localhost/shibboleth-idp/SSO) but when I try and authenticate
> any users to it throws up the error Incorrect Username and password. I
> have tried it with a few different user accounts and made sure the
> passwords was correct
>
>
>
> I have had a look through the tomcat , idp and Event logs and can’t see
> any errors appear. I have configured the ldap Realm in tomcat’s
> server.xml file. Here the realms config part of the server.xml file
>
>
>
> <!--
>
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>
> resourceName="UserDatabase"/> -->
>
>
>
> *<Realm className="org.apache.catalina.realm.JNDIRealm"*
>
> * connectionURL="ldap://**.abcol.ac.uk:389"*
>
> * connectionName="cn=***,cn=Users,dc=abcol,dc=ac,dc=uk"*
>
> * connectionPassword="***"*
>
> * userBase="cn=Users,dc=abcol,dc=ac,dc=uk"*
>
> * userSubtree="true"*
>
> * userSearch="(uid={0})"*
>
> * userRoleName="objectclass"*
>
> * />*
>
>
>
>
>
>
>
> I have taken out server names , user names and passwords for security.
>
>
>
> Here is a copy of the tomcat log file
>
>
>
> 01-May-2009 11:00:06 org.apache.catalina.core.AprLifecycleListener init
>
> INFO: The APR based Apache Tomcat Native library which allows optimal
> performance in production environments was not found on the
> java.library.path:
> C:\tomcat\bin;.;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\OpenSSL\bin
>
> 01-May-2009 11:00:06 org.apache.coyote.http11.Http11Protocol init
>
> INFO: Initializing Coyote HTTP/1.1 on http-8080
>
> 01-May-2009 11:00:06 org.apache.catalina.startup.Catalina load
>
> INFO: Initialization processed in 405 ms
>
> 01-May-2009 11:00:06 org.apache.catalina.core.StandardService start
>
> INFO: Starting service Catalina
>
> 01-May-2009 11:00:06 org.apache.catalina.core.StandardEngine start
>
> INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
>
> 01-May-2009 11:00:06 org.apache.catalina.startup.HostConfig deployWAR
>
> INFO: Deploying web application archive shibboleth-idp.war
>
> 01-May-2009 11:00:07 org.apache.coyote.http11.Http11Protocol start
>
> INFO: Starting Coyote HTTP/1.1 on http-8080
>
> 01-May-2009 11:00:07 org.apache.jk.common.ChannelSocket init
>
> INFO: JK: ajp13 listening on /127.0.0.1:8009
>
> 01-May-2009 11:00:07 org.apache.jk.server.JkMain start
>
> INFO: Jk running ID=0 time=0/16 config=null
>
> 01-May-2009 11:00:07 org.apache.catalina.startup.Catalina start
>
> INFO: Server startup in 771 ms
>
>
>
> Any ideas on what could be causing the problem
>
>
>
> Thanks in advance
>
>
>
> *Paul Cheyne*
>
> *Support Consultant*
>
> RM (Aberdeen College)
>
> Tel: 01224 (61)2550
>
> Email: [log in to unmask] <mailto:[log in to unmask]>
>
>
>
>
>
>
>
> __________________________________________________________________
>
> You might be interested in this...
>
> *RM ICT Tour 2009*
> With all the pressures placed on teaching staff today, it's increasingly
> difficult to justify a full day out to research developments for the
> classroom. So you don't miss out, we've teamed up with schools and local
> authorities to bring the latest in ICT to a venue near you.
>
> Click here
> <http://www.rm.com/Events/EvtDetail.asp?cref=EVT1391360&srcurl=ICS010409>
> for more information and a full list of venues.
>
> __________________________________________________________________
>
> P.S. Think Green - don't print this email unless you really need to.
>
> This message is confidential, so please treat it appropriately and for
> its intended purpose only. In particular, if it refers to any technical
> data, terms or prices not generally available or known, such items are
> "commercially sensitive information" within the terms of the Freedom of
> Information Act 2000 and related laws. As it would be prejudicial to
> RM's commercial interests if these were disclosed, please refrain from
> doing so.
>
> As Internet communications are not secure, please be aware that RM
> cannot accept responsibility for its contents. Any views or opinions
> presented are those of the author only and not of RM. If you are not the
> intended recipient of this e-mail, please accept our apologies and
> arrange for copies of it to be deleted. For your information, RM may
> intercept incoming and outgoing email communications.
>
> RM Education plc
> Registered Office: New Mill House, 183 Milton Park, Abingdon,
> Oxfordshire, OX14 4SE, England
> Registered Number: 1148594
>
Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
|