I got authentication working against Active Directory and used type=AD.
Below is the config I used in yaml format. I can't say that all the
configuration is necessary and I am not doing much at this point beyond
logging in to cas (using sAMAccountName as username).
I couldn't get spring-boot:run to work with any support dependencies (ldap,
x509, etc) until I made one maven project that builds a war using the stock
overlay plus dependencies like cas-server-support-ldap, etc and I use
another maven module that overlays config and let's me run "mvn
spring-boot:run" using the war built in the first project. I was having
classloading issues trying to do it in one project.
cas:
authn:
accept.users:
ldap:
- type: AD
ldapUrl: ldap://10.123.123.123:389
useSsl: false
useStartTls: false
baseDn: cn=Users,dc=somedomain,dc=org
dnFormat: '%[email protected]'
userFilter: sAMAccountName={user}
subtreeSearch: true
usePasswordPolicy: false
bindDn: [email protected]
bindCredential: someusersP@ssw0rd
principalAttributeId: sAMAccountName
principalAttributePassword: unicodePwd
principalAttributeList: sn, cn, givenName, sAMAccountName
allowMultiplePrincipalAttributeValues: true
additionalAttributes: memberOf
minPoolSize: 0
maxPoolSize: 10
validateOnCheckout: true
validatePeriodically: true
validatePeriod: 600
principalTransformation.caseConversion: LOWERCASE
failFast: false
On Tuesday, December 13, 2016 at 2:51:16 PM UTC-5, mohammad almodallal
wrote:
>
> Hello Richard,
>
> Yes, and many thanks for the greet efforts done.
>
> Regards.
>
> On Tuesday, December 13, 2016 at 5:17:36 PM UTC+3, richard.frovarp wrote:
>>
>> +1
>>
>> I know that documentation is a work in progress, and that patches are
>> welcome. Right now the most difficult part of setting it up is figuring out
>> what each configuration value is used for and how it works. In general this
>> new configuration method is less painful than the XML method, but it does
>> hide some of the details, which did help in figuring things out.
>>
>> On Dec 13, 2016 05:00, mohammad almodallal <[email protected]> wrote:
>>
>> Thank you, but I think it needs to be documented.
>>
>> On Tuesday, December 13, 2016 at 1:51:46 PM UTC+3, [email protected]
>> wrote:
>>
>> Basically different ldaptive Authenticator implementation is instantiated
>> under the hood, based on the value.
>>
>> If you want to learn the details there are two options: a) Dive deep into
>> the CAS server code and learn yourself b) higher some CAS experts to do the
>> training and explain all of this to you.
>>
>> Best,
>> D.
>>
>> On Dec 13, 2016, 05:46 -0500, mohammad almodallal <[email protected]>,
>> wrote:
>>
>> Hell,
>>
>> it works with cas.authn.ldap[0].type=AUTHENTICATED not with AD
>> what is the difference between them?
>>
>> Thanks.
>>
>> On Tuesday, December 13, 2016 at 1:40:46 PM UTC+3, mohammad almodallal
>> wrote:
>>
>> already set
>> cas.authn.ldap[0].type=AD
>>
>> On Tuesday, December 13, 2016 at 1:38:08 PM UTC+3, [email protected]
>> wrote:
>>
>> You want to make sure that the following property is set:
>> cas.authn.ldap[0].type
>> with either one of these values: AD, AUTHENTICATED, DIRECT, ANONYMOUS,
>> SASL
>>
>> Best,
>> D.
>>
>> On Dec 13, 2016, 04:20 -0500, mohammad almodallal <[email protected]>,
>> wrote:
>>
>> Hello Philippe,
>>
>> the cas.properties was containing cas.authn.attributeRepository instead
>> of cas.authn.ldap[0]
>> anyway I'm using Active Directory does this make diffrence?
>> for the cas-server-support-ldap yes it is already included
>>
>> but I still get errors like
>>
>> 2016-12-13 12:14:20,367 INFO
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <AcceptUsersAuthenticationHandler failed authenticating testuser>
>> 2016-12-13 12:14:20,368 WARN
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>> authentication handler that supports [testuser] of type
>> [UsernamePasswordCredential], which suggests a configuration problem.>
>>
>>
>> have you any idea could help?
>>
>> Thanks.
>>
>> 2016-12-13 12:14:20,367 INFO
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <AcceptUsersAuthenticationHandler failed authenticating testuser>
>> 2016-12-13 12:14:20,368 WARN
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>> authentication handler that supports [testuser] of type
>> [UsernamePasswordCredential], which suggests a configuration problem.>
>>
>> On Monday, December 12, 2016 at 2:11:50 PM UTC+3, Philippe MARASSE wrote:
>>
>> Hello,
>>
>> The reference documentation is
>> https://apereo.github.io/cas/development/installation/Configuration-Properties.html#ldap
>>
>> cas.authn.ldap[0].ldapUrl=ldap://ldap1.mydomain.com ldap://
>> ldap2.mydomain.com
>> cas.authn.ldap[0].useSsl=false
>> cas.authn.ldap[0].useStartTls=false
>>
>> cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
>>
>> Others parameters depend upon your AD configuration.
>>
>> According to your log, it seems that LDAP support is not configured. Do
>> you use maven overlay method ? If so, do you have a dependency section like
>> :
>>
>> <dependency>
>> <groupId>org.apereo.cas</groupId>
>> <artifactId>cas-server-support-ldap</artifactId>
>> <version>${cas.version}</version>
>> </dependency>
>>
>> Regards.
>>
>> Le 12/12/2016 à 11:10, mohammad almodallal a écrit :
>>
>> Hello Philippe,
>>
>> also, please I've already configure the cas.properties and still getting
>> the following logs for authentication
>>
>> er.support.HttpBasedServiceCredentialsAuthenticationHandler@6537e53c,
>> org.apereo.cas.authentication.AcceptUsersAuthenticationHandler@594da5db]>
>> 2016-12-12 13:01:13,716 DEBUG
>> [org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] -
>> <testuser was not found in the map.>
>> 2016-12-12 13:01:13,718 INFO
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <AcceptUsersAuthenticationHandler failed authenticating testuser>
>> 2016-12-12 13:01:13,719 DEBUG
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <AcceptUsersAuthenticationHandler exception details: testuser not found in
>> backing map.>
>> 2016-12-12 13:01:13,721 WARN
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>> authentication handler that supports [testuser] of type
>> [UsernamePasswordCredential], which suggests a configuration problem.>
>> 2016-12-12 13:01:13,722 DEBUG
>> [org.apereo.cas.audit.spi.ThreadLocalPrincipalResolver] - <Resolving
>> principal at audit point [execution(Authentication
>> org.apereo.cas.authentication.AbstractAuthenticationManager.authenticate(AuthenticationTransaction))]
>>
>> with thrown exception
>> [org.apereo.cas.authentication.AuthenticationException: 1 errors, 0
>> successes]>
>>
>> Thanks.
>>
>> On Monday, December 12, 2016 at 12:58:08 PM UTC+3, mohammad almodallal
>> wrote:
>>
>> Hell Philippe,
>>
>> So how to we can configure the LDAP authentication handler?
>>
>> Thanks.
>>
>>
>>
>> On Monday, December 12, 2016 at 12:01:20 PM UTC+3, Philippe MARASSE
>> wrote:
>>
>> Hello,
>>
>> No, it's neither required nor recommended with this version of CAS.
>>
>> Regards
>>
>> Le 12/12/2016 à 08:19, mohammad almodallal a écrit :
>>
>> Hello,
>>
>> should we use the deployerConfigContext.xml in CAS-5.0.0 to integrate
>> with Active Directory?
>>
>> Thanks.
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b613c270-c10a-44c5-ba96-de42a546f57f%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b613c270-c10a-44c5-ba96-de42a546f57f%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>>
>> --
>> Philippe MARASSE
>>
>> Responsable pôle Infrastructures - DSIO
>> Centre Hospitalier Henri Laborit
>> CS 10587 - 370 avenue Jacques Cœur
>> 86021 Poitiers Cedex
>> Tel : 05.49.44.57.19
>>
>>
>> --
>> Philippe MARASSE
>>
>> Responsable pôle Infrastructures - DSIO
>> Centre Hospitalier Henri Laborit
>> CS 10587 - 370 avenue Jacques Cœur
>> 86021 Poitiers Cedex
>> Tel : 05.49.44.57.19
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9cb14d4b-cc9c-4ec6-a8cf-b1afd37e1e7c%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9cb14d4b-cc9c-4ec6-a8cf-b1afd37e1e7c%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0216a7db-bad2-4d5f-bed1-d34288c5dfdc%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0216a7db-bad2-4d5f-bed1-d34288c5dfdc%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>>
>>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0fccf08-ef69-43a2-a756-3666cad80f36%40apereo.org.
