Glad you figured it out.
David A. Curry, CISSP Director of Information Security The New School - Information Technology 71 Fifth Ave., 9th Fl. ~ New York, NY 10003 +1 212 229-5300 x4728 ~ [email protected] Sent from my phone; please excuse typos and inane auto-corrections. On Sat, May 12, 2018, 22:19 Lionel Samuel <[email protected]> wrote: > Thanks David! > > Your guidance helped tremendously --- I had inadvertently commented out > the ' cas.authn.ldap[0].type' line. > > have a great weekend. > > On Saturday, May 12, 2018 at 5:03:25 PM UTC-7, David Curry wrote: >> >> Since you have bind credentials specified, I'm thinking maybe you want >> AUTHENTICATED rather than DIRECT. That's just a guess, though. You might >> want to check the definitions of the types here: >> >> https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1 >> >> Otherwise nothing jumps out at me as wrong, but I'm reading this in a >> phone. :-) If it still doesn't work I would suggest setting debug level >> logging and see if that helps. >> >> David A. Curry, CISSP >> Director of Information Security >> The New School - Information Technology >> 71 Fifth Ave., 9th Fl. ~ New York, NY 10003 >> +1 212 229-5300 x4728 ~ [email protected] >> Sent from my phone; please excuse typos and inane auto-corrections. >> >> >> On Sat, May 12, 2018, 19:51 Lionel Samuel <[email protected]> wrote: >> >>> Yes --- here is my 'cas.properties' configuration. >>> >>> The ldap connection URL and DNs are correct (validated via ldapsearch >>> from command line). >>> >>> Do you notice anything else missing? >>> >>> cas.properties: >>> >>> cas.server.name: http://localhost:8080/ >>> cas.server.prefix: http://localhost:8080/edu-cas >>> >>> cas.adminPagesSecurity.ip=127\.0\.0\.1 >>> >>> logging.config: file:/etc/cas/config/log4j2.xml >>> # cas.serviceRegistry.config.location: classpath:/services >>> >>> >>> # Encrypt Cookies >>> cas.tgc.secure: true >>> cas.tgc.crypto.signing.key: snip >>> cas.tgc.crypto.encryption.key: snip >>> >>> # Encrypt Spring Workflow >>> cas.webflow.crypto.signing.key: snip >>> cas.webflow.crypto.encryption.key: snip >>> >>> >>> >>> # cas.authn.ldap[0].type= DIRECT >>> cas.authn.ldap[0].ldapUrl=ldaps://ldap.snip >>> # cas.authn.ldap[0].connectionStrategy= >>> cas.authn.ldap[0].useSsl=true >>> cas.authn.ldap[0].connectTimeout=5000 >>> cas.authn.ldap[0].subtreeSearch=true >>> # BaseDn used to start the LDAP search looking for accounts >>> cas.authn.ldap[0].baseDn=ou=PEOPLE,ou=edu >>> # The search filter to use while looking for accounts. >>> cas.authn.ldap[0].userFilter=uid={user} >>> cas.authn.ldap[0].subtreeSearch=true >>> cas.authn.ldap[0].usePasswordPolicy=false >>> >>> >>> cas.authn.ldap[0].dnFormat=uid=%s,ou=PEOPLE,ou=edu >>> cas.authn.ldap[0].principalAttributeId=uid >>> cas.authn.ldap[0].principalAttributePassword= >>> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >>> >>> >>> >>> # Bind credentials used to connect to the LDAP instance >>> # >>> cas.authn.ldap[0].bindDn=uid=foo,ou=edu >>> cas.authn.ldap[0].bindCredential=snip >>> >>> cas.authn.accept.users: >>> >>> >>> On Saturday, May 12, 2018 at 4:43:24 PM UTC-7, David Curry wrote: >>>> >>>> Assuming you added all the LDAP properties.... Did you disable the use >>>> of the built-in credentials (casuser/Mellon)? >>>> >>>> cas.authn.accept.users: >>>> >>>> It should be set to an empty value, as shown above. >>>> >>>> David A. Curry, CISSP >>>> Director of Information Security >>>> The New School - Information Technology >>>> 71 Fifth Ave., 9th Fl. ~ New York, NY 10003 >>>> +1 212 229-5300 x4728 ~ [email protected] >>>> Sent from my phone; please excuse typos and inane auto-corrections. >>>> >>>> >>>> On Sat, May 12, 2018, 19:34 Lionel Samuel <[email protected]> wrote: >>>> >>>>> Hi David: >>>>> >>>>> It's a honor. I read your guide when googling this issue. >>>>> >>>>> I had added the following to the pom.xml and had rebuilt the war via >>>>> './build.sh package' --- and deployed the new WAR to the Tomcat. >>>>> >>>>> Did I miss anything? >>>>> >>>>> I can't see the CAS server making a call to our LDAP server --- so it >>>>> must somehow be skipping LDAP altogether. >>>>> >>>>> <dependency> >>>>> < <groupId>org.apereo.cas</groupId> >>>>> < <artifactId>cas-server-support-ldap</artifactId> >>>>> < <version>${cas.version}</version> >>>>> < </dependency> >>>>> >>>>> On Saturday, May 12, 2018 at 4:30:06 PM UTC-7, David Curry wrote: >>>>>> >>>>>> Did you add the LDAP dependency to pom.xml and rebuild the WAR? >>>>>> >>>>>> >>>>>> David A. Curry, CISSP >>>>>> Director of Information Security >>>>>> The New School - Information Technology >>>>>> 71 Fifth Ave., 9th Fl. ~ New York, NY 10003 >>>>>> +1 212 229-5300 x4728 ~ [email protected] >>>>>> Sent from my phone; please excuse typos and inane auto-corrections. >>>>>> >>>>>> >>>>>> On Sat, May 12, 2018, 19:16 Lionel Samuel <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi List: >>>>>>> >>>>>>> I have a shiny new deployment of CAS5.2.4. I am setting up for LDAP >>>>>>> authentication ---- however, >>>>>>> HttpBasedServiceCredentialsAuthenticationHandler appears to be leveraged >>>>>>> and not LdapAuthenticationHandler.....how do I toggle LDAP >>>>>>> authentication? >>>>>>> I have followed Any's setting for cas.properties on >>>>>>> https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/QtzfZI1gnA4 >>>>>>> >>>>>>> >>>>>>> <Authentication handlers used for this transaction are >>>>>>> [HttpBasedServiceCredentialsAuthenticationHandler]> >>>>>>> 2018-05-12 16:11:24,362 ERROR >>>>>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>>>>>> <Authentication has failed. Credentials may be incorrect or CAS cannot >>>>>>> find >>>>>>> authentication handler that supports [lionel101] of type >>>>>>> [UsernamePasswordCredential]. Examine the configuration to ensure a >>>>>>> method >>>>>>> of authentication is defined and analyze CAS logs at DEBUG level to >>>>>>> trace >>>>>>> the authentication event.> >>>>>>> 2018-05-12 16:11:24,363 INFO >>>>>>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >>>>>>> <Audit >>>>>>> trail record BEGIN >>>>>>> ============================================================= >>>>>>> WHO: lionel101 >>>>>>> WHAT: Supplied credentials: [lionel101] >>>>>>> ACTION: AUTHENTICATION_FAILED >>>>>>> APPLICATION: CAS >>>>>>> WHEN: Sat May 12 16:11:24 PDT 2018 >>>>>>> CLIENT IP ADDRESS: snip >>>>>>> SERVER IP ADDRESS: snip >>>>>>> ============================================================= >>>>>>> >>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c2597a8-0ebd-45b8-953d-341a05204095%40apereo.org >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c2597a8-0ebd-45b8-953d-341a05204095%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/49673811-d684-4b8a-a9d7-e7b3cbe34077%40apereo.org >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/49673811-d684-4b8a-a9d7-e7b3cbe34077%40apereo.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/067236f8-b2d3-4bb9-b4fa-8ad1d5f7057d%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/067236f8-b2d3-4bb9-b4fa-8ad1d5f7057d%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/20a622bb-1e0e-454c-8ed0-047863fb70bb%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/20a622bb-1e0e-454c-8ed0-047863fb70bb%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPXXs-yJoBw72dhqV61NWxD0rZc4mfU%3DJeamWRYOc_nhA%40mail.gmail.com.
