Dne čtvrtek 8. prosince 2016 18:29:34 UTC+1 Houlala napsal(a):
>
> Hi all,
>
> I'm try to configure CAS 4.2.x with spnego and Ldap authentication.
>
> I want some service use spnego as authentication and the others use ldap
> auth. For that I configure a ldapAuthneticationHandler in
> deployerConfigContext.xml
>
>
> <bean id="ldapAuthenticationHandler"
> class="org.jasig.cas.authentication.LdapAuthenticationHandler"
> p:principalIdAttribute="sAMAccountName"
> c:authenticator-ref="authenticator">
> <property name="principalAttributeMap">
> <map>
> <entry key="displayName" value="displayName" />
> <entry key="mail" value="mail" />
> <entry key="memberOf" value="memberOf" />
> </map>
> </property>
> </bean>
>
> <util:map id="authenticationHandlersResolvers">
>
> <entry key-ref="proxyAuthenticationHandler"
> value-ref="proxyPrincipalResolver" />
> <entry key-ref="ldapAuthenticationHandler" value="#{null}" />
> </util:map>
>
> <ldaptive:ad-authenticator id="authenticator"
> ldapUrl="${ldap.url}"
> userFilter="${ldap.authn.searchFilter}"
> bindDn="${ldap.managerDn}"
> bindCredential="${ldap.managerPassword}"
>
> allowMultipleDns="${ldap.allowMultipleDns:false}"
> connectTimeout="${ldap.connectTimeout}"
>
> validateOnCheckOut="${ldap.pool.validateOnCheckout}"
> failFastInitialize="true"
> blockWaitTime="${ldap.pool.blockWaitTime}"
> idleTime="${ldap.pool.idleTime}"
> baseDn="${ldap.baseDn}"
> maxPoolSize="${ldap.pool.maxSize}"
> minPoolSize="${ldap.pool.minSize}"
>
> validatePeriodically="${ldap.pool.validatePeriodically}"
> validatePeriod="${ldap.pool.validatePeriod}"
> prunePeriod="${ldap.pool.prunePeriod}"
> useSSL="${ldap.use.ssl:false}"
> subtreeSearch="${ldap.subtree.search:true}"
> useStartTLS="${ldap.useStartTLS}" />
>
> then I declare in the same file authenticationPolicy and
> authenticationPolicyFactory like that
>
> <alias name="requiredHandlerAuthenticationPolicy"
> alias="authenticationPolicy" />
> <alias name="requiredHandlerAuthenticationPolicyFactory"
> alias="authenticationPolicyFactory" />
>
> For the spnego part, login-webflow.xml is modified as described in the
> documentation and dependencies were added in the pom.xml
>
> I add a service .where I add the requiredHandlers property like that:
>
> "requiredHandlers" : ["java.util.HashSet", ["ldapAuthenticationHandler"]]
>
> Then when I access the service, I'm forwarded to CAS and login form
> appears but i unable to authenticate thru CAS server (invalid credentials
> as error message on the UI) But I can see in log file that spnega and ldap
> authenticate me correctly.
> Any idea?
>
> and the log
>
> <Dec 8, 2016 6:21:45 PM CET> <Info> <org.ldaptive.auth.Authenticator>
> <dkrint01> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '6' for queue:
> 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
> <1481217705732> <BEA-000000> <Authentication succeeded for dn:
> CN=usertest,OU=IN,OU=EXAMPLE_USERS,OU=IN,DC=AD,DC=EXAMPLE,DC=CORP,DC=EU>
> ####<Dec 8, 2016 6:21:45 PM CET> <Info>
> <org.jasig.cas.authentication.PolicyBasedAuthenticationManager> <dkrint01>
> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '6' for queue:
> 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
> <1481217705733> <BEA-000000> <LdapAuthenticationHandler successfully
> authenticated usertest>
> ####<Dec 8, 2016 6:21:45 PM CET> <Info>
> <org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager> <dkrint01>
> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '6' for queue:
> 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
> <1481217705734> <BEA-000000> <Audit trail record BEGIN
> =============================================================
> WHO: usertest
> WHAT: Supplied credentials: [usertest]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Thu Dec 08 18:21:45 CET 2016
> CLIENT IP ADDRESS: 172.22.60.101
> SERVER IP ADDRESS: 127.0.0.1
> =============================================================
>
> >
> ####<Dec 8, 2016 6:21:45 PM CET> <Warning>
> <org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction> <dkrint01>
> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '6' for queue:
> 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
> <1481217705735> <BEA-000000> <SPNEGO Authorization header not found under
> Authorization or it does not begin with the prefix Negotiate >
> ####<Dec 8, 2016 6:21:45 PM CET> <Info> <org.ldaptive.auth.Authenticator>
> <dkrint01> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
> 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
> <1481217705802> <BEA-000000> <Authentication succeeded for dn:
> CN=usertest,OU=IN,OU=EXAMPLE_USERS,OU=IN,DC=AD,DC=EXAMPLE,DC=CORP,DC=EU>
> ####<Dec 8, 2016 6:21:45 PM CET> <Info>
> <org.jasig.cas.authentication.PolicyBasedAuthenticationManager> <dkrint01>
> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
> 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
> <1481217705802> <BEA-000000> <LdapAuthenticationHandler successfully
> authenticated usertest>
> ####<Dec 8, 2016 6:21:45 PM CET> <Info>
> <org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager> <dkrint01>
> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
> 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
> <1481217705803> <BEA-000000> <Audit trail record BEGIN
> =============================================================
> WHO: usertest
> WHAT: Supplied credentials: [usertest]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Thu Dec 08 18:21:45 CET 2016
> CLIENT IP ADDRESS: 172.22.60.101
> SERVER IP ADDRESS: 127.0.0.1
> =============================================================
>
> >
> ####<Dec 8, 2016 6:21:45 PM CET> <Info>
> <org.jasig.cas.authentication.PolicyBasedAuthenticationManager> <dkrint01>
> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
> 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
> <1481217705843> <BEA-000000> <JcifsSpnegoAuthenticationHandler successfully
> authenticated usertest>
> ####<Dec 8, 2016 6:21:45 PM CET> <Info>
> <org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager> <dkrint01>
> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
> 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
> <1481217705844> <BEA-000000> <Audit trail record BEGIN
> =============================================================
> WHO: usertest
> WHAT: Supplied credentials: [usertest]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Thu Dec 08 18:21:45 CET 2016
> CLIENT IP ADDRESS: 172.22.60.101
> SERVER IP ADDRESS: 127.0.0.1
> =============================================================
>
> >
> ####<Dec 8, 2016 6:21:45 PM CET> <Warning>
> <org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction> <dkrint01>
> <MngdClusteredSrv1> <[ACTIVE] ExecuteThread: '2' for queue:
> 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <>
> <1481217705845> <BEA-000000> <0 errors, 1 successes
> org.jasig.cas.authentication.AuthenticationException: 0 errors, 1 successes
> at
> org.jasig.cas.authentication.PolicyBasedAuthenticationManager.evaluateProducedAuthenticationContext(PolicyBasedAuthenticationManager.java:260)
> at
> org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:242)
> at
> org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:131)
> at sun.reflect.GeneratedMethodAccessor404.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
> at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85)
> at
> org.jasig.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:128)
> at sun.reflect.GeneratedMethodAccessor402.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:620)
> at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:609)
> at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:68)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168)
> at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at
> com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:45)
> at
> com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:32)
> at
> com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at
> com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:48)
> at
> com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:34)
> at
> com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at
> com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:46)
> at
> com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:32)
> at
> com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)
> at com.sun.proxy.$Proxy295.authenticate(Unknown Source)
> at
> org.jasig.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:29)
> at
> org.jasig.cas.web.flow.AbstractNonInteractiveCredentialsAction.doExecute(AbstractNonInteractiveCredentialsAction.java:117)
> at
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
> at
> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
> at
> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
> at
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
> at
> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
> at
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:228)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
> at
> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
> at
> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
> at
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:228)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
> at
> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
> at
> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
> at
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:228)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
> at
> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
> at
> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
> at
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:228)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
> at
> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
> at
> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
> at
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
> at org.springframework.webflow.engine.State.enter(State.java:194)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:228)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
> at
> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
> at
> org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
> at
> org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:231)
> at
> org.springframework.webflow.engine.ViewState.resume(ViewState.java:195)
> at org.springframework.webflow.engine.Flow.resume(Flow.java:537)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:259)
> at
> org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:169)
> at
> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:228)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:961)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:895)
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967)
> at
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:869)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:751)
> at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
> at
> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
> at
> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
> at
> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
> at
> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:346)
> at
> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
> at
> org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
> at
> org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
> at
> org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
> at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3436)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3402)
> at
> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
> at
> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
> at
> weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
> at
> weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2285)
> at
> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2201)
> at
> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
> at
> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1572)
> at
> weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:255)
> at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
> at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
> >
>
>
>
> Hi , i have simple problem it was connected with dependencies . There was
a issue too.
Result was added to overlay was this dependency
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-saml</artifactId>
<version>${cas.version}</version>
</dependency>
Let me know if it was help to you .
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6e3076b7-33d1-4a91-890a-b802af9f7c0e%40apereo.org.
