Hello Everyone I am trying to get CAS to work with AD. I am getting the following error and authentication fails. I already have the OS bound to AD for OS login, so I know there is not firewall issue or anything. I am wondering if I have the right libraries and jar files? I did update my pom.xml and run maven again to (i hope) install the ldap stuff.
Here is my cas.properties (some fields masked) cas.server.name: https://cas3-dev.campus.bridgew.edu cas.server.prefix: ${cas.server.name}/cas cas.adminPagesSecurity.ip=127\.0\.0\.1 cas.tgc.secure: true cas.tgc.crypto.signing.key: xxx cas.tgc.crypto.encryption.key: xxx cas.webflow.crypto.signing.key: xxx cas.webflow.crypto.encryption.key: xxx logging.config: file:/etc/cas/config/log4j2.xml cas.serviceRegistry.json.config.location: file:/etc/cas/services cas.authn.accept.users: cas.authn.ldap[0].order: 0 cas.authn.ldap[0].name: Active Directory cas.authn.ldap[0].type: AD cas.authn.ldap[0].ldapUrl: ldap://boydendc-prd.campus.bridgew.edu:389 cas.authn.ldap[0].validatePeriod: 270 cas.authn.ldap[0].poolPassivator: NONE cas.authn.ldap[0].userFilter: sAMAccountName={user} cas.authn.ldap[0].baseDn: dc=campus,dc=bridgew,dc=edu cas.authn.ldap[0].bindDn: "cn=cassrch,ou=BEIS-CAS,ou=IT Admin,dc=campus,dc=bridgew,dc=edu" cas.authn.ldap[1].bindCredential: xxxxxx cas.authn.ldap[0].dnFormat: uid=%s,dc=campus,dc=bridgew,dc=edu This is a tail of my catalina.out 15-May-2018 08:53:40.825 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/apache/webapps/cas] has finished in [32,744] ms 15-May-2018 08:53:40.830 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-8443"] 15-May-2018 08:53:40.841 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"] 15-May-2018 08:53:40.843 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 33115 ms 2018-05-15 08:54:00,803 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [InMemoryServiceRegistry]> 2018-05-15 08:54:00,804 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].> 2018-05-15 08:54:10,807 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating new transaction with name [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'> 2018-05-15 08:54:10,812 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Attempting to acquire ticket cleanup lock.> 2018-05-15 08:54:10,812 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Acquired lock. Proceeding with cleanup.> 2018-05-15 08:54:10,815 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.> 2018-05-15 08:54:10,815 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Releasing ticket cleanup lock.> 2018-05-15 08:54:10,815 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.> 2018-05-15 08:54:10,816 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Initiating transaction commit> 2018-05-15 08:55:00,804 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [InMemoryServiceRegistry]> 2018-05-15 08:55:00,805 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].> 2018-05-15 08:55:42,520 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: [/cas/] > 2018-05-15 08:55:42,526 DEBUG [org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - <No service is specified in the request. Skipping service creation> 2018-05-15 08:55:42,527 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <No service could be extracted based on the given request> 2018-05-15 08:55:42,527 DEBUG [org.apereo.cas.web.support.AbstractArgumentExtractor] - <Extractor did not generate service.> 2018-05-15 08:55:42,550 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2018-05-15 08:55:42,553 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [event=success,timestamp=Tue May 15 08:55:42 EDT 2018,source=RankedAuthenticationProviderWebflowEventResolver] ACTION: AUTHENTICATION_EVENT_TRIGGERED APPLICATION: CAS WHEN: Tue May 15 08:55:42 EDT 2018 CLIENT IP ADDRESS: 10.28.51.56 SERVER IP ADDRESS: 10.20.32.131 ============================================================= > 2018-05-15 08:55:42,884 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]> 2018-05-15 08:55:42,885 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]> 2018-05-15 08:55:42,885 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]> 2018-05-15 08:55:42,886 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]> 2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]> 2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]> 2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}> 2018-05-15 08:55:43,864 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML> 2018-05-15 08:55:43,865 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML> 2018-05-15 08:55:43,866 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en] - neither plain properties nor XML> 2018-05-15 08:55:43,868 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Loading properties [messages.properties] with encoding 'UTF-8'> 2018-05-15 08:55:44,024 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]> 2018-05-15 08:55:44,025 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]> 2018-05-15 08:55:44,025 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]> 2018-05-15 08:55:44,026 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]> 2018-05-15 08:55:44,026 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]> 2018-05-15 08:55:44,026 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]> 2018-05-15 08:55:44,027 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}> 2018-05-15 08:55:50,612 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]> 2018-05-15 08:55:50,613 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]> 2018-05-15 08:55:50,613 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]> 2018-05-15 08:55:50,614 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]> 2018-05-15 08:55:50,614 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]> 2018-05-15 08:55:50,615 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]> 2018-05-15 08:55:50,615 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}> 2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Located client IP address as [10.28.51.56]> 2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <User agent [Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36] is authorized to proceed> 2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Adaptive authentication policy has authorized client [10.28.51.56] to proceed.> 2018-05-15 08:55:50,630 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2018-05-15 08:55:50,630 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2018-05-15 08:55:50,653 DEBUG [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] - <Authentication handlers used for this transaction are [HttpBasedServiceCredentialsAuthenticationHandler]> 2018-05-15 08:55:50,657 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [jennifer.lavoie_da] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.> 2018-05-15 08:55:50,659 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: jennifer.lavoie_da WHAT: Supplied credentials: [jennifer.lavoie_da] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Tue May 15 08:55:50 EDT 2018 CLIENT IP ADDRESS: 10.28.51.56 SERVER IP ADDRESS: 10.20.32.131 ============================================================= > 2018-05-15 08:55:50,671 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]> 2018-05-15 08:55:50,671 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]> 2018-05-15 08:55:50,671 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]> 2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]> 2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]> 2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]> 2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}> 2018-05-15 08:55:50,689 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]> 2018-05-15 08:55:50,690 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]> 2018-05-15 08:55:50,690 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]> 2018-05-15 08:55:50,690 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]> 2018-05-15 08:55:50,691 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]> 2018-05-15 08:55:50,691 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]> 2018-05-15 08:55:50,691 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}> 2018-05-15 08:56:00,805 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [InMemoryServiceRegistry]> 2018-05-15 08:56:00,806 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].> [root@cas3-dev bin]# netstat -anop |grep java tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 1799/java off (0.00/0/0) tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 1799/java off (0.00/0/0) tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 1799/java off (0.00/0/0) unix 2 [ ] STREAM CONNECTED 31447 1799/java unix 3 [ ] STREAM CONNECTED 31552 1799/java unix 3 [ ] STREAM CONNECTED 31551 1799/java unix 2 [ ] STREAM CONNECTED 33610 1799/java [root@cas3-dev bin]# netstat -anop |grep 389 tcp 0 0 10.20.32.131:33050 10.20.16.65:389 ESTABLISHED 1244/winbindd keepalive (6472.16/0/0) [root@cas3-dev bin]# Any insight would be useful Thanks so much Jen -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3bb4e351-dc1a-442b-a3e8-1bc0d0d8d21c%40apereo.org.
