I want CAS should resolve the principal as *Soumya_Tripathy *instead of *CN=Soumya Ranjan Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com.,* How can I achieve the same in 5.2.2 version of CAS with Jaas LDAP?
On Thursday, February 15, 2018 at 11:19:39 PM UTC+5:30, Manfredo Hopp wrote: > > What would your question be > > 2018-02-15 11:29 GMT-03:00 Soumya Tripathy <[email protected] > <javascript:>>: > >> Hi, >> Recently we upgraded CAS from 5.1.0 to 5.2.2. >> With CAS 5.1.0 when I was using JAAS with LDAP it was returning the >> correct principal. >> But when with CAS 5.2.0 now I'm getting the principal as >> >> Log In Successful >> >> You, *CN=Soumya Ranjan >> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com * have >> successfully logged into the Central Authentication Service >> >> (XXX are masked due to company internal policy) >> >> Where as earlier(With CAS-5.1.0) I was getting >> Log In Successful >> >> You, Soumya_Tripathy have successfully logged into the Central >> Authentication Service >> >> >> I compared the logs of both the version, here is the findings: >> >> >> *CAS-5.1.0 Logs* >> >> >> 2018-02-15 19:28:04,673 DEBUG >> [org.apereo.cas.authentication.handler.support.JaasAuthenticationHandler] - >> <Attempting authentication for: [Soumya_Tripathy]> [LdapLoginModule] >> authentication-first mode; SSL disabled [LdapLoginModule] user provider: >> ldap://ad.xxx.com/DC=ad,DC=XXX,DC=com [LdapLoginModule] attempting to >> authenticate user: Soumya_Tripathy [LdapLoginModule] searching for entry >> belonging to user: Soumya_Tripathy [LdapLoginModule] found entry: CN=Soumya >> Ranjan Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com >> [LdapLoginModule] authentication succeeded [LdapLoginModule] added >> LdapPrincipal "CN=Soumya Ranjan >> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com" to >> Subject [LdapLoginModule] added UserPrincipal "Soumya_Tripathy" to Subject >> [LdapLoginModule] logged out Subject 2018-02-15 19:28:04,770 DEBUG >> [org.apereo.cas.authentication.AbstractAuthenticationManager] - >> <Authentication handler [JaasAuthenticationHandler] successfully >> authenticated [Soumya_Tripathy]> 2018-02-15 19:28:04,773 DEBUG >> [org.apereo.cas.authentication.principal.resolvers. >> *PersonDirectoryPrincipalResolver*] - <Attempting to resolve a >> principal...> 2018-02-15 19:28:04,775 DEBUG >> [org.apereo.cas.authentication.principal.resolvers. >> *PersonDirectoryPrincipalResolver*] - <Creating principal for >> [Soumya_Tripathy]> >> >> >> *CAS-5.2.2 Logs* >> >> 2018-02-15 18:51:19,449 DEBUG >> [org.apereo.cas.authentication.handler.support.JaasAuthenticationHandler] - >> <Attempting authentication for: [soumya_tripathy]> [LdapLoginModule] >> authentication-first mode; SSL disabled [LdapLoginModule] user provider: >> ldap://ad.xxx.com/DC=ad,DC=XXX,DC=com [LdapLoginModule] attempting to >> authenticate user: soumya_tripathy [LdapLoginModule] searching for entry >> belonging to user: soumya_tripathy [LdapLoginModule] found entry: CN=Soumya >> Ranjan Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com >> [LdapLoginModule] authentication succeeded [LdapLoginModule] added >> LdapPrincipal "CN=Soumya Ranjan >> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com" to >> Subject [LdapLoginModule] added UserPrincipal "soumya_tripathy" to Subject >> [LdapLoginModule] logged out Subject 2018-02-15 18:51:19,523 DEBUG >> [org.apereo.cas.authentication.*PolicyBasedAuthenticationManager*] - >> <Authentication handler [JaasAuthenticationHandler] successfully >> authenticated [soumya_tripathy]> 2018-02-15 18:51:19,524 DEBUG >> [org.apereo.cas.authentication.principal.resolvers. >> *ChainingPrincipalResolver*] - <Invoking principal resolver >> [org.apereo.cas.authentication.principal.resolvers.EchoingPrincipalResolver@6920d398[]]> >> >> 2018-02-15 18:51:19,525 DEBUG >> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] >> >> - <Resolved principal [CN=Soumya Ranjan >> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com]> >> 2018-02-15 18:51:19,527 DEBUG >> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] >> >> - <Final principal constructed by the chain of resolvers is [CN=Soumya >> Ranjan Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com]> >> 2018-02-15 18:51:19,528 DEBUG >> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> <[org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver@1a6ac3e7[chain=[org.apereo.cas.authentication.principal.resolvers.EchoingPrincipalResolver@6920d398[]]]] >> >> resolved [CN=CN=Soumya Ranjan >> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com] from >> [soumya_tripathy]> 2018-02-15 18:51:19,529 DEBUG >> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Final >> principal resolved for this authentication event is [CN=CN=Soumya Ranjan >> Tripathy,OU=GEN,OU=Users,OU=XXX,OU=XXX,OU=XXX,DC=ad,DC=XXX,DC=com]> >> >> >> >> >> What I observe earlier version(5.1.0) CAS was delegating the request to >> *PersonDirectoryPrincipalResolver >> *but now with 5.2.2 version it is delegating to >> *PolicyBasedAuthenticationManager >> *and *ChainingPrincipalResolver.* >> >> >> *HTTPSandIMAPS-10000001.json:* >> >> { >> >> "@class": "org.apereo.cas.services.RegexRegisteredService", >> >> "serviceId": "^(http|https|imaps)://.*", >> >> "name": "HTTPS and IMAPS", >> >> "id": 10000001, >> >> "description": "This service definition authorizes all application urls >> that support HTTPS and IMAPS protocols.", >> >> "proxyPolicy": >> >> { >> >> "@class": "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy" >> >> }, >> >> "evaluationOrder": 10000, >> >> "usernameAttributeProvider": >> >> { >> >> "@class": >> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", >> >> "canonicalizationMode": "NONE", >> >> "encryptUsername": false >> >> }, >> >> "logoutType" : "BACK_CHANNEL", >> >> "attributeReleasePolicy": >> >> { >> >> "@class": >> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", >> >> "authorizedToReleaseCredentialPassword": false, >> >> "authorizedToReleaseProxyGrantingTicket": false, >> >> "excludeDefaultAttributes": false >> >> }, >> >> "accessStrategy": >> >> { >> >> "@class": >> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >> >> "enabled": true, >> >> "ssoEnabled": true, >> >> "requireAllAttributes": true, >> >> "caseInsensitive": false >> >> } >> >> } >> >> >> *JAAS.conf:* >> >> >> LDAP { com.sun.security.auth.module.LdapLoginModule REQUIRED >> userProvider="ldap://xxx"; authIdentity="{USERNAME}@xxxdomain" >> userFilter="(&(|(samAccountName={USERNAME})(userPrincipalName={USERNAME})(cn={USERNAME}))(objectClass=user))" >> >> useSSL=false debug=true; }; >> >> >> >> Is there any configuration I'm missing with respect to cas 5.2.2? >> >> >> >> Thanks >> >> Soumya Ranjna Tripathy >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/96b08cf1-c3b4-4768-af75-df0dc5cbbec6%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/96b08cf1-c3b4-4768-af75-df0dc5cbbec6%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/711253db-6726-476c-bf23-564e9de24b10%40apereo.org.
