Hello All,
I am working through setting up a CAS server and came across this post
since I was here I figured I would give some background for anyone else
trying to figure out how the authenticators are selected. See the class:
LdapAuthenticationConfiguration.ldapAuthenticationHandlers() this processes
the cas properties and sets the authenticator.
private static Authenticator getAuthenticator(final
LdapAuthenticationProperties l) {
if (l.getType() == LdapAuthenticationProperties.AuthenticationTypes.AD) {
LOGGER.debug("Creating active directory authenticator for {}",
l.getLdapUrl());
return getActiveDirectoryAuthenticator(l);
}
if (l.getType() == LdapAuthenticationProperties.AuthenticationTypes.DIRECT)
{
LOGGER.debug("Creating direct-bind authenticator for {}",
l.getLdapUrl());
return getDirectBindAuthenticator(l);
}
if (l.getType() == LdapAuthenticationProperties.AuthenticationTypes.SASL) {
LOGGER.debug("Creating SASL authenticator for {}", l.getLdapUrl());
return getSaslAuthenticator(l);
}
if (l.getType() ==
LdapAuthenticationProperties.AuthenticationTypes.AUTHENTICATED) {
LOGGER.debug("Creating authenticated authenticator for {}",
l.getLdapUrl());
return getAuthenticatedOrAnonSearchAuthenticator(l);
}
LOGGER.debug("Creating anonymous authenticator for {}", l.getLdapUrl());
return getAuthenticatedOrAnonSearchAuthenticator(l);
}
On Tuesday, December 13, 2016 at 5:51:46 AM UTC-5, [email protected]
wrote:
>
> Basically different ldaptive Authenticator implementation is instantiated
> under the hood, based on the value.
>
> If you want to learn the details there are two options: a) Dive deep into
> the CAS server code and learn yourself b) higher some CAS experts to do the
> training and explain all of this to you.
>
> Best,
> D.
>
> On Dec 13, 2016, 05:46 -0500, mohammad almodallal <[email protected]
> <javascript:>>, wrote:
>
> Hell,
>
> it works with cas.authn.ldap[0].type=AUTHENTICATED not with AD
> what is the difference between them?
>
> Thanks.
>
> On Tuesday, December 13, 2016 at 1:40:46 PM UTC+3, mohammad almodallal
> wrote:
>>
>> already set
>> cas.authn.ldap[0].type=AD
>>
>> On Tuesday, December 13, 2016 at 1:38:08 PM UTC+3, [email protected]
>> wrote:
>>>
>>> You want to make sure that the following property is set:
>>> cas.authn.ldap[0].type
>>> with either one of these values: AD, AUTHENTICATED, DIRECT, ANONYMOUS,
>>> SASL
>>>
>>> Best,
>>> D.
>>>
>>> On Dec 13, 2016, 04:20 -0500, mohammad almodallal <[email protected]>,
>>> wrote:
>>>
>>> Hello Philippe,
>>>
>>> the cas.properties was containing cas.authn.attributeRepository instead
>>> of cas.authn.ldap[0]
>>> anyway I'm using Active Directory does this make diffrence?
>>> for the cas-server-support-ldap yes it is already included
>>>
>>> but I still get errors like
>>>
>>> 2016-12-13 12:14:20,367 INFO
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <AcceptUsersAuthenticationHandler failed authenticating testuser>
>>> 2016-12-13 12:14:20,368 WARN
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>>> authentication handler that supports [testuser] of type
>>> [UsernamePasswordCredential], which suggests a configuration problem.>
>>>
>>>
>>> have you any idea could help?
>>>
>>> Thanks.
>>>
>>> 2016-12-13 12:14:20,367 INFO
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <AcceptUsersAuthenticationHandler failed authenticating testuser>
>>> 2016-12-13 12:14:20,368 WARN
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>>> authentication handler that supports [testuser] of type
>>> [UsernamePasswordCredential], which suggests a configuration problem.>
>>>
>>> On Monday, December 12, 2016 at 2:11:50 PM UTC+3, Philippe MARASSE
>>> wrote:
>>>>
>>>> Hello,
>>>>
>>>> The reference documentation is
>>>> https://apereo.github.io/cas/development/installation/Configuration-Properties.html#ldap
>>>>
>>>> cas.authn.ldap[0].ldapUrl=ldap://ldap1.mydomain.com
>>>> ldap://ldap2.mydomain.com
>>>> cas.authn.ldap[0].useSsl=false
>>>> cas.authn.ldap[0].useStartTls=false
>>>>
>>>> cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
>>>>
>>>> Others parameters depend upon your AD configuration.
>>>>
>>>> According to your log, it seems that LDAP support is not configured. Do
>>>> you use maven overlay method ? If so, do you have a dependency section
>>>> like
>>>> :
>>>>
>>>> <dependency>
>>>> <groupId>org.apereo.cas</groupId>
>>>> <artifactId>cas-server-support-ldap</artifactId>
>>>> <version>${cas.version}</version>
>>>> </dependency>
>>>>
>>>> Regards.
>>>>
>>>> Le 12/12/2016 à 11:10, mohammad almodallal a écrit :
>>>>
>>>> Hello Philippe,
>>>>
>>>> also, please I've already configure the cas.properties and still
>>>> getting the following logs for authentication
>>>>
>>>> er.support.HttpBasedServiceCredentialsAuthenticationHandler@6537e53c,
>>>> org.apereo.cas.authentication.AcceptUsersAuthenticationHandler@594da5db]>
>>>> 2016-12-12 13:01:13,716 DEBUG
>>>> [org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] -
>>>> <testuser was not found in the map.>
>>>> 2016-12-12 13:01:13,718 INFO
>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>>> <AcceptUsersAuthenticationHandler failed authenticating testuser>
>>>> 2016-12-12 13:01:13,719 DEBUG
>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>>> <AcceptUsersAuthenticationHandler exception details: testuser not found in
>>>> backing map.>
>>>> 2016-12-12 13:01:13,721 WARN
>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>>> <Authentication has failed. Credentials may be incorrect or CAS cannot
>>>> find
>>>> authentication handler that supports [testuser] of type
>>>> [UsernamePasswordCredential], which suggests a configuration problem.>
>>>> 2016-12-12 13:01:13,722 DEBUG
>>>> [org.apereo.cas.audit.spi.ThreadLocalPrincipalResolver] - <Resolving
>>>> principal at audit point [execution(Authentication
>>>> org.apereo.cas.authentication.AbstractAuthenticationManager.authenticate(AuthenticationTransaction))]
>>>>
>>>> with thrown exception
>>>> [org.apereo.cas.authentication.AuthenticationException: 1 errors, 0
>>>> successes]>
>>>>
>>>> Thanks.
>>>>
>>>> On Monday, December 12, 2016 at 12:58:08 PM UTC+3, mohammad almodallal
>>>> wrote:
>>>>>
>>>>> Hell Philippe,
>>>>>
>>>>> So how to we can configure the LDAP authentication handler?
>>>>>
>>>>> Thanks.
>>>>>
>>>>>
>>>>>
>>>>> On Monday, December 12, 2016 at 12:01:20 PM UTC+3, Philippe MARASSE
>>>>> wrote:
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> No, it's neither required nor recommended with this version of CAS.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Le 12/12/2016 à 08:19, mohammad almodallal a écrit :
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> should we use the deployerConfigContext.xml in CAS-5.0.0 to integrate
>>>>>> with Active Directory?
>>>>>>
>>>>>> Thanks.
>>>>>> --
>>>>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>>>>> - CAS mailing list guidelines:
>>>>>> https://apereo.github.io/cas/Mailing-Lists.html
>>>>>> - CAS documentation website: https://apereo.github.io/cas
>>>>>> - CAS project website: https://github.com/apereo/cas
>>>>>> ---
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "CAS Community" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to [email protected].
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b613c270-c10a-44c5-ba96-de42a546f57f%40apereo.org
>>>>>>
>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b613c270-c10a-44c5-ba96-de42a546f57f%40apereo.org?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Philippe MARASSE
>>>>>>
>>>>>> Responsable pôle Infrastructures - DSIO
>>>>>> Centre Hospitalier Henri Laborit
>>>>>> CS 10587 - 370 avenue Jacques Cœur
>>>>>> 86021 Poitiers Cedex
>>>>>> Tel : 05.49.44.57.19
>>>>>>
>>>>>>
>>>> --
>>>> Philippe MARASSE
>>>>
>>>> Responsable pôle Infrastructures - DSIO
>>>> Centre Hospitalier Henri Laborit
>>>> CS 10587 - 370 avenue Jacques Cœur
>>>> 86021 Poitiers Cedex
>>>> Tel : 05.49.44.57.19
>>>>
>>>> --
>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>> - CAS mailing list guidelines:
>>> https://apereo.github.io/cas/Mailing-Lists.html
>>> - CAS documentation website: https://apereo.github.io/cas
>>> - CAS project website: https://github.com/apereo/cas
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9cb14d4b-cc9c-4ec6-a8cf-b1afd37e1e7c%40apereo.org
>>>
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9cb14d4b-cc9c-4ec6-a8cf-b1afd37e1e7c%40apereo.org?utm_medium=email&utm_source=footer>
>>> .
>>>
>>>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1c0118bf-5c56-443f-9a31-a8d9e314b44a%40apereo.org.
