I removed all my changes including LDAP and use used CAS default Static 
Authentication.  I am still seeing the error when user input incorrect 
user/password.  

2018-02-13 15:58:22,120 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Authentication has failed. Credentials may be incorrect or CAS cannot find 
authentication handler that
 supports [casuser] of type [UsernamePasswordCredential].>



CAS file only has following setting

 

#Identify the CAS server. name and prefix are always required settings.
# A CAS host is automatically appended to the ticket ids generated by CAS. 
If none is specified, one is automatically detected and used by CAS.
cas.server.name=https://localhost:8443
cas.server.prefix=${cas.server.name}
cas.host.name=localhost:8443
  
#Control the location and other settings of the CAS logging configuration
logging.config=C:/Projects/PASS5.2test/trunk/test/apache-tomcat/cat_base/conf/log4j2.xml
server.contextParameters.isLog4jAutoInitializationDisabled=true
# Control log levels via properties
#logging.level.org.apereo=ERROR
 
 

 

On Tuesday, February 13, 2018 at 8:17:28 AM UTC-8, Chris Cheltenham wrote:
>
> Something it doesn’t like in your cas.properties section I would guess.
>
> I am not familiar with your ldap so its difficult for me to say exactly 
> what you need.
>
>  
>
> Start out very simple and connect to one LDAP.
>
> I don’t use AD so I don’t know what that require either.
>
>  
>
> Start off with something simple and build on it from there.
>
>  
>
> # LDAP connector (for single instance)
>
> #      cas.authn.ldap[0].type=Authenticated
>
> #      cas.authn.ldap[0].ldapUrl=ldaps://
>
> #      cas.authn.ldap[0].useSsl=true
>
>  
>
> I saw ssl false in your configuration
>
>  
>
> #      cas.authn.ldap[0].baseDn=dc=philasd,dc=org
>
> #      cas.authn.ldap[0].userFilter=uid={user}
>
> #      cas.authn.ldap[0].bindDn=uid=cuth,dc=philasd,dc=org
>
> #      cas.authn.ldap[0].bindCredential=
>
>  
>
> ===========================
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571 
>
> *From:* cas-...@apereo.org <javascript:> [mailto:cas-...@apereo.org 
> <javascript:>] *On Behalf Of *Satnam Sarai
> *Sent:* Tuesday, February 13, 2018 10:45 AM
> *To:* CAS Community <cas-...@apereo.org <javascript:>>
> *Subject:* Re: [cas-user] 
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager thow an 
> error in log when user input Invalid credentials.
>
>  
>
> thanks,Chris
>
> we have two handlers, LDAP and jdbc.  I have disabled JDBC to see if error 
> goes away. The error still show up when user input Invalid credentials.  It 
> works perfectly when user input correct credentials.  We can ignore this 
> error but we are afraid that we will get too many notifications about 
> invalid credentials.
>
> ==
>  in pom.xml i have included 
>
> <dependency>
>
>      <groupId>org.apereo.cas</groupId>
>
>      <artifactId>cas-server-support-ldap</artifactId>
>
>      <version>${cas.version}</version>
>
> </dependency>
>
> and cas.properties file -->
>
>
>
> #========================================
> #  LDAP 
> #========================================
> #AD|AUTHENTICATED|DIRECT|ANONYMOUS 
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=xxxx
> cas.authn.ldap[0].useSsl=false
> cas.authn.ldap[0].name = POST_Employee-LDAP
> # BaseDn used to start the LDAP search looking for accounts
> cas.authn.ldap[0].baseDn=xxxx
> # The search filter to use while looking for accounts.
>
> cas.authn.ldap[0].userFilter=(|(sAMAccountName={user})(proxyAddresses=smtp:{user}))
> #
> # Bind credentials used to connect to the LDAP instance
> #
> cas.authn.ldap[0].bindDn=xxx
> cas.authn.ldap[0].bindCredential=xx
> cas.authn.ldap[0].principalAttributeId=objectGUID
> cas.authn.ldap[0].connectTimeout=5000
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].enhanceWithEntryResolver=true
> cas.authn.ldap[0].searchEntryHandlers[0].type=OBJECT_GUID
>
> #
> # Define attributes to be retrieved from LDAP as part of the same 
> authentication transaction
> # The left-hand size notes the source while the right-hand size indicate 
> an optional renaming/remapping
> # of the attribute definition. The same attribute name is allowed to be 
> mapped multiple times to
> # different attribute names.
> #
> # 
> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,eduPersonTargettedId:SOME_IDENTIFIER
> cas.authn.ldap[0].principalAttributeList=objectGUID
>
> # cas.authn.ldap[0].collectDnAttribute=false
> # cas.authn.ldap[0].principalDnAttributeName=principalLdapDn
> # cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
> # cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
> # cas.authn.ldap[0].credentialCriteria=
> cas.authn.ldap[0].validatePeriod=  270
>
> On Tuesday, February 13, 2018 at 7:25:49 AM UTC-8, Chris Cheltenham wrote:
>
> Hello,
>
>  
>
> I had that exact error.
>
>  
>
> When you build your cas.war file make sure the ldap dependency embedded 
> inside pom.xml.
>
> If you don’t 
>
>  
>
> After that, the cas.properties file must be formatted correctly.
>
> This is what stumped me the most.
>
>  
>
> *Thanks to David Curry for helping me out on this*.
>
>  
>
>  
>
> Mine LDAP inside of cas.properties looks like this.
>
> Pay attention to the numbers in scheme zero and one and so forth if you 
> have multiple authentication handlers.
>
>  
>
>  
>
> # Employee LDAP
>
> cas.authn.ldap[0].useSsl:               true
>
> cas.authn.ldap[0].order:                0
>
> cas.authn.ldap[0].name:                 Employee-LDAP
>
> cas.authn.ldap[0].type:                 AUTHENTICATED
>
> cas.authn.ldap[0].ldapUrl:              ldaps://devm.philasd.net
>
> cas.authn.ldap[0].validatePeriod:       270
>
> cas.authn.ldap[0].userFilter:           uid={user}
>
> cas.authn.ldap[0].baseDn:               dc=philasd,dc=org
>
> cas.authn.ldap[0].bindDn:               
> uid=cauth,ou=svc_accts,dc=philasd,dc=org
>
> cas.authn.ldap[0].bindCredential:     xxxxx
>
> #
>
> #LDAP for SG (Student Guardian)
>
> cas.authn.ldap[1].useSsl:               true
>
> cas.authn.ldap[1].order:                1
>
> cas.authn.ldap[1].name:                 SG-LDAP
>
> cas.authn.ldap[1].type:                 AUTHENTICATED
>
> cas.authn.ldap[1].ldapUrl:              ldaps://devsgm.philasd.net
>
> cas.authn.ldap[1].validatePeriod:       270
>
> cas.authn.ldap[1].userFilter:           uid={user}
>
> cas.authn.ldap[1].baseDn:               dc=philasd,dc=org
>
> cas.authn.ldap[1].bindDn:               
> uid=casauth,ou=svc_accts,dc=philasd,dc=org
>
> cas.authn.ldap[1].bindCredential:      xxxxx
>
>  
>
> ===========================
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571 
>
> *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of *Satnam 
> Sarai
> *Sent:* Tuesday, February 13, 2018 10:04 AM
> *To:* CAS Community <cas-...@apereo.org>
> *Subject:* [cas-user] 
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager thow an 
> error in log when user input Invalid credentials.
>
>  
>
> Hello,
>
> we are upgrade cas to 5.2.x, we noticed that cas throw an error in 
> log/email when user input Invalid credentials. In this case we don't want 
> to receive notification when user inputs Invalid credentials as long cas 
> blocks the  (log will grow exponentially and email notifications will not 
> be useful).
>
> Is anybody else see these errors in the log as well?  Did we set up 
> something incorrectly? 
>
>
> Here is part of CAS log
>
>     __   ____      _      ____   __
>   / /  / ___|    / \    / ___|  \ \
>  | |  | |       / _ \   \___ \   | |
>  | |  | |___   / ___ \   ___) |  | |
>  | |   \____| /_/   \_\ |____/   | |
>   \_\                           /_/
>
> CAS Version: 5.2.2
> CAS Commit Id: eefb26e6ea0f3f0505ea7dcfc7e11c4ebcb44b7d
> CAS Build Date/Time: 1970-01-01T00:00Z
> Spring Boot Version: 1.5.8.RELEASE
> ------------------------------------------------------------
> Java Home: C:\Program Files\Java\jre8U152
> Java Vendor: Oracle Corporation
> Java Version: 1.8.0_152
> JVM Free Memory: 1 GB
> JVM Maximum Memory: 7 GB
> JVM Total Memory: 2 GB
> JCE Installed: No
> ------------------------------------------------------------
> OS Architecture: amd64
> OS Name: Windows 7
> OS Version: 6.1
> OS Date/Time: 2018-02-13T06:47:54.498
> OS Temp Directory: 
> C:\Projects\PASS5.2\trunk\test\apache-tomcat\cat_base\temp
> ------------------------------------------------------------
>
> ←[0m
> 2018-02-13 06:48:10,827 WARN 
> [org.apereo.cas.web.report.util.ControllerUtils] - <Logging configuration 
> cannot be found in the environment settings>
> 2018-02-13 06:48:21,362 WARN 
> [org.apereo.cas.web.report.util.ControllerUtils] - <Logging configuration 
> cannot be found in the environment settings>
> 2018-02-13 06:48:25,942 WARN 
> [org.apereo.cas.config.CasCoreServicesConfiguration] - <Runtime memory is 
> used as the persistence storage for retrieving and persisting service 
> definitions. Changes that a
> re made to service definitions during runtime WILL be LOST upon container 
> restarts. Ideally for production, you need to choose a storage option 
> (JDBC, etc) to store and track service definitions.>
> 13-Feb-2018 06:48:27.111 INFO [localhost-startStop-1] 
> org.apache.catalina.startup.HostConfig.deployWAR Deployment of web 
> application archive 
> [C:\Projects\PASS5.2\trunk\test\apache-tomcat\cat_base\weba
> pps\ROOT##0014.war] has finished in [46,788] ms
> 13-Feb-2018 06:48:27.114 INFO [main] 
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["http-nio-8080"]
> 13-Feb-2018 06:48:27.127 INFO [main] 
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["https-openssl-nio-8443"]
> 13-Feb-2018 06:48:27.132 INFO [main] 
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["ajp-nio-8009"]
> 13-Feb-2018 06:48:27.137 INFO [main] 
> org.apache.catalina.startup.Catalina.start Server startup in 47459 ms
> 2018-02-13 06:50:35,302 WARN 
> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <DN resolution 
> failed. [DN cannot be null]>
>
>
>
>
> *2018-02-13 06:50:35,303 ERROR 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
> <Authentication has failed. Credentials may be incorrect or CAS cannot find 
> authentication handler that supports [te...@test.com] of type 
> [UsernamePasswordCredential].>*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1adc9541-9f73-49bf-9904-3abb2e3e7c55%40apereo.org
>  
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1adc9541-9f73-49bf-9904-3abb2e3e7c55%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org <javascript:>.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6e9599ed-469d-4657-8628-363a2fa04774%40apereo.org
>  
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6e9599ed-469d-4657-8628-363a2fa04774%40apereo.org?utm_medium=email&utm_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f238c300-10bc-4f28-98b4-f8412f8b9026%40apereo.org.

Reply via email to