I’m pretty sure it is the mis-configuration.. Try to follow the documentation for your correct version in use: https://apereo.github.io/cas/4.0.x/installation/Whitelist-Authentication.html <https://apereo.github.io/cas/4.0.x/installation/Whitelist-Authentication.html>
Cheers, D. > On Jul 11, 2016, at 11:25 AM, Josep Manel Andrés <[email protected]> wrote: > > It doesn't seem to even try to open the user's file..... > > > 2016-07-11 17:22:31,928 DEBUG [org.ldaptive.auth.FormatDnResolver] - > <Formatting DN for root with uid=%s,ou=people,ou=my-server,dc=es> > 2016-07-11 17:22:31,929 DEBUG [org.ldaptive.auth.Authenticator] - > <authenticate dn=uid=root,ou=people,ou=my-server,dc=es with > request=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root, > retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber, > givenName, displayName, groups]]> > 2016-07-11 17:22:31,930 DEBUG > [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate > criteria=[org.ldaptive.auth.AuthenticationCriteria@1986614006::dn=uid=root,ou=people,ou=my-server,dc=es, > > authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root, > retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber, > givenName, displayName, groups]]]> > 2016-07-11 17:22:31,931 DEBUG [org.ldaptive.BindOperation] - <execute > request=[org.ldaptive.BindRequest@2093338933::bindDn=uid=root,ou=people,ou=my-server,dc=es, > saslConfig=null, controls=null] with > connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1777898063::config=[org.ldaptive.ConnectionConfig@163509196::ldapUrl=ldap://opsld02.my-server.es > ldap://opsld01.my-server.es, connectTimeout=3000, responseTimeout=-1, > sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem, > authenticationCertificate=null, authenticationKey=null], trustManagers=null, > enabledCipherSuites=null, enabledProtocols=null, > handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, > connectionInitializer=null], > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1406736210::metadata=[ldapUrl=ldap://opsld02.my-server.es > ldap://opsld01.my-server.es, count=1], > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1368011647::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4017ed7e, > controlProcessor=org.ldaptive.provider.ControlProcessor@7a57cb96, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, > PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], > sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1093902922::factory=sun.security.ssl.SSLSocketFactoryImpl@24e3c9b7, > > sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem, > authenticationCertificate=null, authenticationKey=null], trustManagers=null, > enabledCipherSuites=null, enabledProtocols=null, > handshakeCompletedListeners=null]], hostnameVerifier=null], > providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab]> > 2016-07-11 17:22:31,933 DEBUG > [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate > response=[org.ldaptive.auth.AuthenticationHandlerResponse@1677061395::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1777898063::config=[org.ldaptive.ConnectionConfig@163509196::ldapUrl=ldap://opsld02.my-server.es > ldap://opsld01.my-server.es, connectTimeout=3000, responseTimeout=-1, > sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem, > authenticationCertificate=null, authenticationKey=null], trustManagers=null, > enabledCipherSuites=null, enabledProtocols=null, > handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, > connectionInitializer=null], > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1406736210::metadata=[ldapUrl=ldap://opsld02.my-server.es > ldap://opsld01.my-server.es, count=1], > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1368011647::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4017ed7e, > controlProcessor=org.ldaptive.provider.ControlProcessor@7a57cb96, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, > PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], > sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1093902922::factory=sun.security.ssl.SSLSocketFactoryImpl@24e3c9b7, > > sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem, > authenticationCertificate=null, authenticationKey=null], trustManagers=null, > enabledCipherSuites=null, enabledProtocols=null, > handshakeCompletedListeners=null]], hostnameVerifier=null], > providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab], > result=false, resultCode=INVALID_CREDENTIALS, > message=javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid > Credentials], controls=null] for > criteria=[org.ldaptive.auth.AuthenticationCriteria@1986614006::dn=uid=root,ou=people,ou=my-server,dc=es, > > authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root, > retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber, > givenName, displayName, groups]]]> > 2016-07-11 17:22:31,934 INFO [org.ldaptive.auth.Authenticator] - > <Authentication failed for dn: uid=root,ou=people,ou=my-server,dc=es> > 2016-07-11 17:22:31,935 DEBUG [org.ldaptive.auth.Authenticator] - > <authenticate > response=[org.ldaptive.auth.AuthenticationHandlerResponse@1677061395::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1777898063::config=[org.ldaptive.ConnectionConfig@163509196::ldapUrl=ldap://opsld02.my-server.es > ldap://opsld01.my-server.es, connectTimeout=3000, responseTimeout=-1, > sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem, > authenticationCertificate=null, authenticationKey=null], trustManagers=null, > enabledCipherSuites=null, enabledProtocols=null, > handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, > connectionInitializer=null], > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1406736210::metadata=[ldapUrl=ldap://opsld02.my-server.es > ldap://opsld01.my-server.es, count=1], > environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, > com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1368011647::operationExceptionResultCodes=[PROTOCOL_ERROR, > SERVER_DOWN], properties={}, > connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4017ed7e, > controlProcessor=org.ldaptive.provider.ControlProcessor@7a57cb96, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, > PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], > sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1093902922::factory=sun.security.ssl.SSLSocketFactoryImpl@24e3c9b7, > > sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem, > authenticationCertificate=null, authenticationKey=null], trustManagers=null, > enabledCipherSuites=null, enabledProtocols=null, > handshakeCompletedListeners=null]], hostnameVerifier=null], > providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab], > result=false, resultCode=INVALID_CREDENTIALS, > message=javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid > Credentials], controls=null] for dn=uid=root,ou=people,ou=my-server,dc=es > with request=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root, > retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber, > givenName, displayName, groups]]> > 2016-07-11 17:22:31,935 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler failed authenticating root> > 2016-07-11 17:22:31,936 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: root > WHAT: supplied credentials: [root] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Mon Jul 11 17:22:31 CEST 2016 > > > On 11/07/16 17:15, Dmitriy Kopylenko wrote: >> Add it after ldap handler >> >>> On Jul 11, 2016, at 11:08 AM, Josep Manel Andrés <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Right , that seems to be what I need, but for 4.0.x, that is the >>> version I am running. >>> But now I have a problem, if I add FileAuthenticationHandler just >>> right before ldapauthenticationhandler it can be deployed to the >>> server but not authenticating with the username defined in the file. >>> (I've added cas-server-support-generic support) >>> >>> On the logs I never see the app going to look for users defined on the >>> file. >>> >>> >>> I have tried both: AcceptUsersAuthenticationHandler too, but it never >>> compiles.... >>> >>> Thank you. >>> >>> >>> >>> On 11/07/16 16:16, Dmitriy Kopylenko wrote: >>>> You haven’t specified the version of CAS that you use, so I’ll assume >>>> the latest. This might solve your use case: >>>> https://apereo.github.io/cas/4.2.x/installation/Whitelist-Authentication.html >>>> >>>> Cheers, >>>> D. >>>> >>>>> On Jul 11, 2016, at 9:59 AM, Josep Manel Andrés <[email protected] >>>>> <mailto:[email protected]> >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> Hi, >>>>> I am using CAS to login to our webapps as a normal users, but when we >>>>> want to do admin task, we need to login as a root (to our webapps ) >>>>> and since we only have one authenticationHandler, which is >>>>> ldapAuthenticationHandler, so I could not find a way to define a >>>>> static root user with an static password, so the behavour wold be >>>>> something like. >>>>> >>>>> Try to log in using ldapAuthenticationHandler, and if this doesn't >>>>> work, then try to login with root account defined statically, and if >>>>> it doesn't, then do nothing. >>>>> >>>>> Best regards. >>>>> >>>>> -- >>>>> Josep Manel Andrés ([email protected] >>>>> <mailto:[email protected]><mailto:[email protected]>) >>>>> Operations - Barcelona Supercomputing Center >>>>> C/ Jordi Girona, 31http://www.bsc.es <http://www.bsc.es/> >>>>> 08034 Barcelona, Spain Tel: +34-93-405 42 14 >>>>> e-mail:[email protected] <mailto:[email protected]><mailto:[email protected]> >>>>> Fax: +34-93-413 77 21 >>>>> ----------------------------------------------- >>>>> >>>>> WARNING / LEGAL TEXT: This message is intended only for the use of the >>>>> individual or entity to which it is addressed and may contain >>>>> information which is privileged, confidential, proprietary, or exempt >>>>> from disclosure under applicable law. If you are not the intended >>>>> recipient or the person responsible for delivering the message to the >>>>> intended recipient, you are strictly prohibited from disclosing, >>>>> distributing, copying, or in any way using this message. If you have >>>>> received this communication in error, please notify the sender and >>>>> destroy and delete any copies you may have received. >>>>> >>>>> http://www.bsc.es/disclaimer >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> Visit this group at >>>>> https://groups.google.com/a/apereo.org/group/cas-user/. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5783A634.50605%40bsc.es. >>>>> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >>>> >>> >>> -- >>> Josep Manel Andrés ([email protected] <mailto:[email protected]>) >>> Operations - Barcelona Supercomputing Center >>> C/ Jordi Girona, 31 http://www.bsc.es <http://www.bsc.es/> >>> 08034 Barcelona, Spain Tel: +34-93-405 42 14 >>> e-mail:[email protected] <mailto:[email protected]>Fax: +34-93-413 77 21 >>> ----------------------------------------------- >>> >>> WARNING / LEGAL TEXT: This message is intended only for the use of the >>> individual or entity to which it is addressed and may contain >>> information which is privileged, confidential, proprietary, or exempt >>> from disclosure under applicable law. If you are not the intended >>> recipient or the person responsible for delivering the message to the >>> intended recipient, you are strictly prohibited from disclosing, >>> distributing, copying, or in any way using this message. If you have >>> received this communication in error, please notify the sender and >>> destroy and delete any copies you may have received. >>> >>> http://www.bsc.es/disclaimer >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email [email protected] >>> <mailto:[email protected]>. >>> To post to this group, send email [email protected] >>> <mailto:[email protected]>. >>> Visit this group athttps://groups.google.com/a/apereo.org/group/cas-user/. >>> To view this discussion on the web >>> visithttps://groups.google.com/a/apereo.org/d/msgid/cas-user/5783B652.8060606%40bsc.es. >>> For more options, visithttps://groups.google.com/a/apereo.org/d/optout. >> >> -- >> You received this message because you are subscribed to the Google >> Groups "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected] >> <mailto:[email protected]>. >> To post to this group, send email to [email protected] >> <mailto:[email protected]>. >> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7891FCF2-D6A7-443B-9E7E-66F07399A75C%40unicon.net >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7891FCF2-D6A7-443B-9E7E-66F07399A75C%40unicon.net?utm_medium=email&utm_source=footer>. >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > Josep Manel Andrés ([email protected]) > Operations - Barcelona Supercomputing Center > C/ Jordi Girona, 31 http://www.bsc.es > 08034 Barcelona, Spain Tel: +34-93-405 42 14 > e-mail: [email protected] Fax: +34-93-413 77 21 > ----------------------------------------------- > > WARNING / LEGAL TEXT: This message is intended only for the use of the > individual or entity to which it is addressed and may contain > information which is privileged, confidential, proprietary, or exempt > from disclosure under applicable law. If you are not the intended > recipient or the person responsible for delivering the message to the > intended recipient, you are strictly prohibited from disclosing, > distributing, copying, or in any way using this message. If you have > received this communication in error, please notify the sender and > destroy and delete any copies you may have received. > > http://www.bsc.es/disclaimer > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/5783BA5C.8080109%40bsc.es. > For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0F1EED20-142E-4407-923E-79D42759C4F4%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
