Hi,

Lucas, you are right, it works as expected, if no additional principal 
resolver is configured. As soon as I add  an attributeRepoitory via e.g. 
cas.authn.attrributeRepository.ldap[0] properties, I get the error.
In cas-4.2.7 I have:
    <util:map id="authenticationHandlersResolvers"> 
       <entry key-ref="proxyAuthenticationHandler" 
  value-ref="proxyPrincipalResolver" /> 
       <entry key-ref="ldapAuthenticationHandler"    value="#{null}" /> 
       <entry key-ref="x509AuthenticationHandler" 
   value-ref="x509PrincipalResolver" /> 
   </util:map> 
So my question is, how to configure this in cas-5.2?

Thanks,

   K-D
Am Freitag, 23. Februar 2018 15:26:04 UTC+1 schrieb Klaus-Dieter Krannich:
>
> Hi,
>
> I'm trying to implement authentication with uid+pass or mail+pass against 
> ldap
> in cas-5.2.2.
> Basically it is
> authn.ldap[0].userFilter=(|(uid={user})(mail={user})),
> authn.ldap[0].principalAttribute=uid
> authn.ldap[0].principalAttributeList: uid,  mail.
> This works fine with uid+pass. If I try mail+pass, I get:
>
> ------
> 2018-02-23 14:18:53,539 DEBUG 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
> <Authentication handler [LdapAuthenticationHandler] successfully 
> authenticated [x...@yy.de]>
>
> 2018-02-23 14:18:53,541 DEBUG 
> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] 
> - <Invoking principal resolver 
> [org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver@389a9ff6[returnNullIfNoAttributes=false,principalAttributeName=uid,principalNameTransformer=org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver$$Lambda$73/906424041@6f071d0c,principalFactory=org.apereo.cas.authentication.principal.DefaultPrincipalFactory@d]]>
>
> 2018-02-23 14:18:53,587 DEBUG 
> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] 
> - <Resolved principal [xx]>
> 2018-02-23 14:18:53,587 DEBUG 
> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] 
> - <Adding attributes [{REMOVED}] for the final principal>
>
> 2018-02-23 14:18:53,586 DEBUG 
> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] 
> - <Invoking principal resolver 
> [org.apereo.cas.authentication.principal.resolvers.EchoingPrincipalResolver@15af06f[]]>
> 2018-02-23 14:18:53,587 DEBUG 
> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] 
> - <Resolved principal [x...@yy.de]>
> 2018-02-23 14:18:53,587 DEBUG 
> [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] 
> - <Adding attributes [{REMOVED}] for the final principal>
>
> 2018-02-23 14:18:53,591 ERROR 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
> <[org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver@28532753[chain=[org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver@389a9ff6[returnNullIfNoAttributes=false,principalAttributeName=uid,principalNameTransformer=org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver$$Lambda$73/906424041@6f071d0c,principalFactory=org.apereo.cas.authentication.principal.DefaultPrincipalFactory@d],
>  
> org.apereo.cas.authentication.principal.resolvers.EchoingPrincipalResolver@15af06f[]]]]
>  
> failed to resolve principal from [x...@yy.de]>
>
> org.apereo.cas.authentication.PrincipalException: Resolved principals by 
> the chain are not unique because principal resolvers have produced CAS 
> principals with different identifiers which typically is the result of a 
> configuration issue.
> ------
>
> How this configuration issue can be fixed?
>
> Thanks,
>
>    K-D
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7fc9c130-500c-44a1-8b6c-d6a6a6926d20%40apereo.org.

Reply via email to