Hi all,
I'm try to configure CAS 4.2.x with spnego and Ldap authentication.
I want some service use spnego as authentication and the others use ldap
auth. For that I configure a ldapAuthneticationHandler in
deployerConfigContext.xml
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="sAMAccountName"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<entry key="displayName" value="displayName" />
<entry key="mail" value="mail" />
<entry key="memberOf" value="memberOf" />
</map>
</property>
</bean>
<util:map id="authenticationHandlersResolvers">
<entry key-ref="proxyAuthenticationHandler"
value-ref="proxyPrincipalResolver" />
<entry key-ref="ldapAuthenticationHandler" value="#{null}" />
</util:map>
<ldaptive:ad-authenticator id="authenticator"
ldapUrl="${ldap.url}"
userFilter="${ldap.authn.searchFilter}"
bindDn="${ldap.managerDn}"
bindCredential="${ldap.managerPassword}"
allowMultipleDns="${ldap.allowMultipleDns:false}"
connectTimeout="${ldap.connectTimeout}"
validateOnCheckOut="${ldap.pool.validateOnCheckout}"
failFastInitialize="true"
blockWaitTime="${ldap.pool.blockWaitTime}"
idleTime="${ldap.pool.idleTime}"
baseDn="${ldap.baseDn}"
maxPoolSize="${ldap.pool.maxSize}"
minPoolSize="${ldap.pool.minSize}"
validatePeriodically="${ldap.pool.validatePeriodically}"
validatePeriod="${ldap.pool.validatePeriod}"
prunePeriod="${ldap.pool.prunePeriod}"
useSSL="${ldap.use.ssl:false}"
subtreeSearch="${ldap.subtree.search:true}"
useStartTLS="${ldap.useStartTLS}" />
then I declare in the same file authenticationPolicy and
authenticationPolicyFactory like that
<alias name="requiredHandlerAuthenticationPolicy"
alias="authenticationPolicy" />
<alias name="requiredHandlerAuthenticationPolicyFactory"
alias="authenticationPolicyFactory" />
For the spnego part, login-webflow.xml is modified as described in the
documentation and dependencies were added in the pom.xml
I add a service .where I add the requiredHandlers property like that:
"requiredHandlers" : ["java.util.HashSet", ["ldapAuthenticationHandler"]]
Then when I access the service, I'm forwarded to CAS and login form appears
but i unable to authenticate thru CAS server (invalid credentials as error
message on the UI) But I can see in log file that spnega and ldap
authenticate me correctly.
Any idea?
and the log
<Dec 8, 2016 6:21:45 PM CET> <Info> <org.ldaptive.auth.Authenticator>
<dkrint01> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '6' for queue:
'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
<1481217705732> <BEA-000000> <Authentication succeeded for dn:
CN=usertest,OU=IN,OU=EXAMPLE_USERS,OU=IN,DC=AD,DC=EXAMPLE,DC=CORP,DC=EU>
####<Dec 8, 2016 6:21:45 PM CET> <Info>
<org.jasig.cas.authentication.PolicyBasedAuthenticationManager> <dkrint01>
<MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '6' for queue:
'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
<1481217705733> <BEA-000000> <LdapAuthenticationHandler successfully
authenticated usertest>
####<Dec 8, 2016 6:21:45 PM CET> <Info>
<org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager> <dkrint01>
<MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '6' for queue:
'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
<1481217705734> <BEA-000000> <Audit trail record BEGIN
=============================================================
WHO: usertest
WHAT: Supplied credentials: [usertest]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Dec 08 18:21:45 CET 2016
CLIENT IP ADDRESS: 172.22.60.101
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
####<Dec 8, 2016 6:21:45 PM CET> <Warning>
<org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction> <dkrint01>
<MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '6' for queue:
'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
<1481217705735> <BEA-000000> <SPNEGO Authorization header not found under
Authorization or it does not begin with the prefix Negotiate >
####<Dec 8, 2016 6:21:45 PM CET> <Info> <org.ldaptive.auth.Authenticator>
<dkrint01> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
<1481217705802> <BEA-000000> <Authentication succeeded for dn:
CN=usertest,OU=IN,OU=EXAMPLE_USERS,OU=IN,DC=AD,DC=EXAMPLE,DC=CORP,DC=EU>
####<Dec 8, 2016 6:21:45 PM CET> <Info>
<org.jasig.cas.authentication.PolicyBasedAuthenticationManager> <dkrint01>
<MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
<1481217705802> <BEA-000000> <LdapAuthenticationHandler successfully
authenticated usertest>
####<Dec 8, 2016 6:21:45 PM CET> <Info>
<org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager> <dkrint01>
<MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
<1481217705803> <BEA-000000> <Audit trail record BEGIN
=============================================================
WHO: usertest
WHAT: Supplied credentials: [usertest]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Dec 08 18:21:45 CET 2016
CLIENT IP ADDRESS: 172.22.60.101
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
####<Dec 8, 2016 6:21:45 PM CET> <Info>
<org.jasig.cas.authentication.PolicyBasedAuthenticationManager> <dkrint01>
<MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
<1481217705843> <BEA-000000> <JcifsSpnegoAuthenticationHandler successfully
authenticated usertest>
####<Dec 8, 2016 6:21:45 PM CET> <Info>
<org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager> <dkrint01>
<MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
<1481217705844> <BEA-000000> <Audit trail record BEGIN
=============================================================
WHO: usertest
WHAT: Supplied credentials: [usertest]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Dec 08 18:21:45 CET 2016
CLIENT IP ADDRESS: 172.22.60.101
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
####<Dec 8, 2016 6:21:45 PM CET> <Warning>
<org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction> <dkrint01>
<MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
<1481217705845> <BEA-000000> <0 errors, 1 successes
org.jasig.cas.authentication.AuthenticationException: 0 errors, 1 successes
at
org.jasig.cas.authentication.PolicyBasedAuthenticationManager.evaluateProducedAuthenticationContext(PolicyBasedAuthenticationManager.java:260)
at
org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:242)
at
org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:131)
at sun.reflect.GeneratedMethodAccessor404.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85)
at
org.jasig.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:128)
at sun.reflect.GeneratedMethodAccessor402.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:620)
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:609)
at
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:68)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:45)
at
com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:32)
at
com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:48)
at
com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:34)
at
com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:46)
at
com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:32)
at
com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)
at com.sun.proxy.$Proxy295.authenticate(Unknown Source)
at
org.jasig.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:29)
at
org.jasig.cas.web.flow.AbstractNonInteractiveCredentialsAction.doExecute(AbstractNonInteractiveCredentialsAction.java:117)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:228)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
at
org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:228)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
at
org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:228)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
at
org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:228)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
at
org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
at org.springframework.webflow.engine.State.enter(State.java:194)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:228)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
at
org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
at
org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:231)
at
org.springframework.webflow.engine.ViewState.resume(ViewState.java:195)
at org.springframework.webflow.engine.Flow.resume(Flow.java:537)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:259)
at
org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:228)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:961)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:895)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:869)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:751)
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
at
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
at
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
at
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
at
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:346)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3436)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3402)
at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at
weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at
weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
at
weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2285)
at
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2201)
at
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1572)
at
weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:255)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/829ced80-4417-47dd-81b8-889e3b69e710%40apereo.org.
