I want CAS should resolve the principal as *Soumya_Tripathy *instead of *CN=Soumya Ranjan Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com.,* How can I achieve the same in 5.2.2 version of CAS with Jaas LDAP?
On Thursday, February 15, 2018 at 7:59:54 PM UTC+5:30, Soumya Tripathy wrote: > > Hi, > Recently we upgraded CAS from 5.1.0 to 5.2.2. > With CAS 5.1.0 when I was using JAAS with LDAP it was returning the > correct principal. > But when with CAS 5.2.0 now I'm getting the principal as > > Log In Successful > > You, *CN=Soumya Ranjan > Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com * have > successfully logged into the Central Authentication Service > > (XXX are masked due to company internal policy) > > Where as earlier(With CAS-5.1.0) I was getting > Log In Successful > > You, Soumya_Tripathy have successfully logged into the Central > Authentication Service > > > I compared the logs of both the version, here is the findings: > > > *CAS-5.1.0 Logs* > > > 2018-02-15 19:28:04,673 DEBUG > [org.apereo.cas.authentication.handler.support.JaasAuthenticationHandler] - > <Attempting authentication for: [Soumya_Tripathy]> [LdapLoginModule] > authentication-first mode; SSL disabled [LdapLoginModule] user provider: > ldap://ad.xxx.com/DC=ad,DC=XXX,DC=com [LdapLoginModule] attempting to > authenticate user: Soumya_Tripathy [LdapLoginModule] searching for entry > belonging to user: Soumya_Tripathy [LdapLoginModule] found entry: CN=Soumya > Ranjan Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com > [LdapLoginModule] authentication succeeded [LdapLoginModule] added > LdapPrincipal "CN=Soumya Ranjan > Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com" to > Subject [LdapLoginModule] added UserPrincipal "Soumya_Tripathy" to Subject > [LdapLoginModule] logged out Subject 2018-02-15 19:28:04,770 DEBUG > [org.apereo.cas.authentication.AbstractAuthenticationManager] - > <Authentication handler [JaasAuthenticationHandler] successfully > authenticated [Soumya_Tripathy]> 2018-02-15 19:28:04,773 DEBUG > [org.apereo.cas.authentication.principal.resolvers. > *PersonDirectoryPrincipalResolver*] - <Attempting to resolve a > principal...> 2018-02-15 19:28:04,775 DEBUG > [org.apereo.cas.authentication.principal.resolvers. > *PersonDirectoryPrincipalResolver*] - <Creating principal for > [Soumya_Tripathy]> > > > *CAS-5.2.2 Logs* > > 2018-02-15 18:51:19,449 DEBUG > [org.apereo.cas.authentication.handler.support.JaasAuthenticationHandler] - > <Attempting authentication for: [soumya_tripathy]> [LdapLoginModule] > authentication-first mode; SSL disabled [LdapLoginModule] user provider: > ldap://ad.xxx.com/DC=ad,DC=XXX,DC=com [LdapLoginModule] attempting to > authenticate user: soumya_tripathy [LdapLoginModule] searching for entry > belonging to user: soumya_tripathy [LdapLoginModule] found entry: CN=Soumya > Ranjan Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com > [LdapLoginModule] authentication succeeded [LdapLoginModule] added > LdapPrincipal "CN=Soumya Ranjan > Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com" to > Subject [LdapLoginModule] added UserPrincipal "soumya_tripathy" to Subject > [LdapLoginModule] logged out Subject 2018-02-15 18:51:19,523 DEBUG > [org.apereo.cas.authentication.*PolicyBasedAuthenticationManager*] - > <Authentication handler [JaasAuthenticationHandler] successfully > authenticated [soumya_tripathy]> 2018-02-15 18:51:19,524 DEBUG > [org.apereo.cas.authentication.principal.resolvers. > *ChainingPrincipalResolver*] - <Invoking principal resolver > [org.apereo.cas.authentication.principal.resolvers.EchoingPrincipalResolver@6920d398[]]> > > 2018-02-15 18:51:19,525 DEBUG > [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] > - <Resolved principal [CN=Soumya Ranjan > Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com]> > 2018-02-15 18:51:19,527 DEBUG > [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] > - <Final principal constructed by the chain of resolvers is [CN=Soumya > Ranjan Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com]> > 2018-02-15 18:51:19,528 DEBUG > [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - > <[org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver@1a6ac3e7[chain=[org.apereo.cas.authentication.principal.resolvers.EchoingPrincipalResolver@6920d398[]]]] > > resolved [CN=CN=Soumya Ranjan > Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com] from > [soumya_tripathy]> 2018-02-15 18:51:19,529 DEBUG > [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Final > principal resolved for this authentication event is [CN=CN=Soumya Ranjan > Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com]> > > > > > What I observe earlier version(5.1.0) CAS was delegating the request to > *PersonDirectoryPrincipalResolver > *but now with 5.2.2 version it is delegating to > *PolicyBasedAuthenticationManager > *and *ChainingPrincipalResolver.* > > > *HTTPSandIMAPS-10000001.json:* > > { > > "@class": "org.apereo.cas.services.RegexRegisteredService", > > "serviceId": "^(http|https|imaps)://.*", > > "name": "HTTPS and IMAPS", > > "id": 10000001, > > "description": "This service definition authorizes all application urls > that support HTTPS and IMAPS protocols.", > > "proxyPolicy": > > { > > "@class": "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy" > > }, > > "evaluationOrder": 10000, > > "usernameAttributeProvider": > > { > > "@class": > "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", > > "canonicalizationMode": "NONE", > > "encryptUsername": false > > }, > > "logoutType" : "BACK_CHANNEL", > > "attributeReleasePolicy": > > { > > "@class": > "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", > > "authorizedToReleaseCredentialPassword": false, > > "authorizedToReleaseProxyGrantingTicket": false, > > "excludeDefaultAttributes": false > > }, > > "accessStrategy": > > { > > "@class": > "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", > > "enabled": true, > > "ssoEnabled": true, > > "requireAllAttributes": true, > > "caseInsensitive": false > > } > > } > > > *JAAS.conf:* > > > LDAP { com.sun.security.auth.module.LdapLoginModule REQUIRED > userProvider="ldap://xxx"; authIdentity="{USERNAME}@xxxdomain" > userFilter="(&(|(samAccountName={USERNAME})(userPrincipalName={USERNAME})(cn={USERNAME}))(objectClass=user))" > > useSSL=false debug=true; }; > > > > Is there any configuration I'm missing with respect to cas 5.2.2? > > > > Thanks > > Soumya Ranjna Tripathy > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/39b83ccc-1deb-4985-995d-08a413dee103%40apereo.org.
