If you're using ldap.type=AD, you should not be using a bind credential. If you want to use a bind credential, you should use ldap.type=AUTHENTICATED.
See https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1 for more info on ldap.type. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • [email protected] [image: The New School] On Tue, May 15, 2018 at 9:04 AM, Jennifer LaVoie <[email protected]> wrote: > Hello Everyone > > I am trying to get CAS to work with AD. I am getting the following error > and authentication fails. I already have the OS bound to AD for OS login, > so I know there is not firewall issue or anything. I am wondering if I > have the right libraries and jar files? I did update my pom.xml and run > maven again to (i hope) install the ldap stuff. > > Here is my cas.properties (some fields masked) > > cas.server.name: https://cas3-dev.campus.bridgew.edu > cas.server.prefix: ${cas.server.name}/cas > > cas.adminPagesSecurity.ip=127\.0\.0\.1 > > cas.tgc.secure: true > cas.tgc.crypto.signing.key: xxx > cas.tgc.crypto.encryption.key: xxx > cas.webflow.crypto.signing.key: xxx > cas.webflow.crypto.encryption.key: xxx > > > logging.config: file:/etc/cas/config/log4j2.xml > cas.serviceRegistry.json.config.location: file:/etc/cas/services > > cas.authn.accept.users: > > cas.authn.ldap[0].order: 0 > cas.authn.ldap[0].name: Active Directory > cas.authn.ldap[0].type: AD > cas.authn.ldap[0].ldapUrl: ldap://boydendc-prd.campus. > bridgew.edu:389 > cas.authn.ldap[0].validatePeriod: 270 > cas.authn.ldap[0].poolPassivator: NONE > cas.authn.ldap[0].userFilter: sAMAccountName={user} > cas.authn.ldap[0].baseDn: dc=campus,dc=bridgew,dc=edu > cas.authn.ldap[0].bindDn: "cn=cassrch,ou=BEIS-CAS,ou=IT > Admin,dc=campus,dc=bridgew,dc=edu" > cas.authn.ldap[1].bindCredential: xxxxxx > cas.authn.ldap[0].dnFormat: uid=%s,dc=campus,dc=bridgew,dc=edu > > This is a tail of my catalina.out > > 15-May-2018 08:53:40.825 INFO [main] > org.apache.catalina.startup.HostConfig.deployDirectory > Deployment of web application directory [/opt/apache/webapps/cas] has > finished in [32,744] ms > 15-May-2018 08:53:40.830 INFO [main] org.apache.coyote.AbstractProtocol.start > Starting ProtocolHandler ["https-jsse-nio-8443"] > 15-May-2018 08:53:40.841 INFO [main] org.apache.coyote.AbstractProtocol.start > Starting ProtocolHandler ["ajp-nio-8009"] > 15-May-2018 08:53:40.843 INFO [main] > org.apache.catalina.startup.Catalina.start > Server startup in 33115 ms > 2018-05-15 08:54:00,803 DEBUG > [org.apereo.cas.services.AbstractServicesManager] > - <Loading services from [InMemoryServiceRegistry]> > 2018-05-15 08:54:00,804 INFO [org.apereo.cas.services.AbstractServicesManager] > - <Loaded [0] service(s) from [InMemoryServiceRegistry].> > 2018-05-15 08:54:10,807 DEBUG [org.apereo.cas.authentication. > PseudoPlatformTransactionManager] - <Creating new transaction with name > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean]: > PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'> > 2018-05-15 08:54:10,812 DEBUG > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] > - <Attempting to acquire ticket cleanup lock.> > 2018-05-15 08:54:10,812 DEBUG > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] > - <Acquired lock. Proceeding with cleanup.> > 2018-05-15 08:54:10,815 INFO > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] > - <[0] expired tickets removed.> > 2018-05-15 08:54:10,815 DEBUG > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] > - <Releasing ticket cleanup lock.> > 2018-05-15 08:54:10,815 DEBUG > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] > - <Finished ticket cleanup.> > 2018-05-15 08:54:10,816 DEBUG [org.apereo.cas.authentication. > PseudoPlatformTransactionManager] - <Initiating transaction commit> > 2018-05-15 08:55:00,804 DEBUG > [org.apereo.cas.services.AbstractServicesManager] > - <Loading services from [InMemoryServiceRegistry]> > 2018-05-15 08:55:00,805 INFO [org.apereo.cas.services.AbstractServicesManager] > - <Loaded [0] service(s) from [InMemoryServiceRegistry].> > 2018-05-15 08:55:42,520 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] > - <Setting path for cookies for warn cookie generator to: [/cas/] > > 2018-05-15 08:55:42,526 DEBUG > [org.apereo.cas.authentication.principal.WebApplicationServiceFactory] > - <No service is specified in the request. Skipping service creation> > 2018-05-15 08:55:42,527 DEBUG > [org.apereo.cas.web.support.DefaultArgumentExtractor] > - <No service could be extracted based on the given request> > 2018-05-15 08:55:42,527 DEBUG > [org.apereo.cas.web.support.AbstractArgumentExtractor] > - <Extractor did not generate service.> > 2018-05-15 08:55:42,550 DEBUG [org.apereo.cas.web.support.WebUtils] - > <Evaluating request to determine if warning cookie should be generated> > 2018-05-15 08:55:42,553 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > - <Audit trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: [event=success,timestamp=Tue May 15 08:55:42 EDT 2018,source= > RankedAuthenticationProviderWebflowEventResolver] > ACTION: AUTHENTICATION_EVENT_TRIGGERED > APPLICATION: CAS > WHEN: Tue May 15 08:55:42 EDT 2018 > CLIENT IP ADDRESS: 10.28.51.56 > SERVER IP ADDRESS: 10.20.32.131 > ============================================================= > > > > 2018-05-15 08:55:42,884 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [CookieThemeResolver]> > 2018-05-15 08:55:42,885 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [SessionThemeResolver]> > 2018-05-15 08:55:42,885 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [RequestHeaderThemeResolver]> > 2018-05-15 08:55:42,886 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [ServiceThemeResolver]> > 2018-05-15 08:55:42,887 DEBUG > [org.apereo.cas.services.web.ServiceThemeResolver] > - <No service is found in the request context. Falling back to the default > theme [cas-theme-default]> > 2018-05-15 08:55:42,887 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [FixedThemeResolver]> > 2018-05-15 08:55:42,887 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <No specific theme could be found. Using default theme > [cas-theme-default}> > 2018-05-15 08:55:43,864 DEBUG > [org.apereo.cas.web.view.CasReloadableMessageBundle] > - <No properties file found for [classpath:custom_messages_en] - neither > plain properties nor XML> > 2018-05-15 08:55:43,865 DEBUG > [org.apereo.cas.web.view.CasReloadableMessageBundle] > - <No properties file found for [classpath:custom_messages] - neither plain > properties nor XML> > 2018-05-15 08:55:43,866 DEBUG > [org.apereo.cas.web.view.CasReloadableMessageBundle] > - <No properties file found for [classpath:messages_en] - neither plain > properties nor XML> > 2018-05-15 08:55:43,868 DEBUG > [org.apereo.cas.web.view.CasReloadableMessageBundle] > - <Loading properties [messages.properties] with encoding 'UTF-8'> > 2018-05-15 08:55:44,024 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [CookieThemeResolver]> > 2018-05-15 08:55:44,025 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [SessionThemeResolver]> > 2018-05-15 08:55:44,025 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [RequestHeaderThemeResolver]> > 2018-05-15 08:55:44,026 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [ServiceThemeResolver]> > 2018-05-15 08:55:44,026 DEBUG > [org.apereo.cas.services.web.ServiceThemeResolver] > - <No service is found in the request context. Falling back to the default > theme [cas-theme-default]> > 2018-05-15 08:55:44,026 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [FixedThemeResolver]> > 2018-05-15 08:55:44,027 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <No specific theme could be found. Using default theme > [cas-theme-default}> > 2018-05-15 08:55:50,612 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [CookieThemeResolver]> > 2018-05-15 08:55:50,613 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [SessionThemeResolver]> > 2018-05-15 08:55:50,613 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [RequestHeaderThemeResolver]> > 2018-05-15 08:55:50,614 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [ServiceThemeResolver]> > 2018-05-15 08:55:50,614 DEBUG > [org.apereo.cas.services.web.ServiceThemeResolver] > - <No service is found in the request context. Falling back to the default > theme [cas-theme-default]> > 2018-05-15 08:55:50,615 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [FixedThemeResolver]> > 2018-05-15 08:55:50,615 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <No specific theme could be found. Using default theme > [cas-theme-default}> > 2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive. > DefaultAdaptiveAuthenticationPolicy] - <Located client IP address as > [10.28.51.56]> > 2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive. > DefaultAdaptiveAuthenticationPolicy] - <User agent [Mozilla/5.0 (X11; > Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 > Safari/537.36] is authorized to proceed> > 2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive. > DefaultAdaptiveAuthenticationPolicy] - <Adaptive authentication policy > has authorized client [10.28.51.56] to proceed.> > 2018-05-15 08:55:50,630 DEBUG [org.apereo.cas.web.support.WebUtils] - > <Evaluating request to determine if warning cookie should be generated> > 2018-05-15 08:55:50,630 DEBUG [org.apereo.cas.web.support.WebUtils] - > <Evaluating request to determine if warning cookie should be generated> > 2018-05-15 08:55:50,653 DEBUG [org.apereo.cas.authentication. > RegisteredServiceAuthenticationHandlerResolver] - <Authentication > handlers used for this transaction are [HttpBasedServiceCredentialsAut > henticationHandler]> > 2018-05-15 08:55:50,657 ERROR [org.apereo.cas.authentication. > PolicyBasedAuthenticationManager] - <Authentication has failed. > Credentials may be incorrect or CAS cannot find authentication handler that > supports [jennifer.lavoie_da] of type [UsernamePasswordCredential]. Examine > the configuration to ensure a method of authentication is defined and > analyze CAS logs at DEBUG level to trace the authentication event.> > 2018-05-15 08:55:50,659 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > - <Audit trail record BEGIN > ============================================================= > WHO: jennifer.lavoie_da > WHAT: Supplied credentials: [jennifer.lavoie_da] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Tue May 15 08:55:50 EDT 2018 > CLIENT IP ADDRESS: 10.28.51.56 > SERVER IP ADDRESS: 10.20.32.131 > ============================================================= > > > > 2018-05-15 08:55:50,671 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [CookieThemeResolver]> > 2018-05-15 08:55:50,671 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [SessionThemeResolver]> > 2018-05-15 08:55:50,671 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [RequestHeaderThemeResolver]> > 2018-05-15 08:55:50,672 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [ServiceThemeResolver]> > 2018-05-15 08:55:50,672 DEBUG > [org.apereo.cas.services.web.ServiceThemeResolver] > - <No service is found in the request context. Falling back to the default > theme [cas-theme-default]> > 2018-05-15 08:55:50,672 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [FixedThemeResolver]> > 2018-05-15 08:55:50,672 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <No specific theme could be found. Using default theme > [cas-theme-default}> > 2018-05-15 08:55:50,689 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [CookieThemeResolver]> > 2018-05-15 08:55:50,690 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [SessionThemeResolver]> > 2018-05-15 08:55:50,690 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [RequestHeaderThemeResolver]> > 2018-05-15 08:55:50,690 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [ServiceThemeResolver]> > 2018-05-15 08:55:50,691 DEBUG > [org.apereo.cas.services.web.ServiceThemeResolver] > - <No service is found in the request context. Falling back to the default > theme [cas-theme-default]> > 2018-05-15 08:55:50,691 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <Attempting to resolve theme via [FixedThemeResolver]> > 2018-05-15 08:55:50,691 DEBUG > [org.apereo.cas.services.web.ChainingThemeResolver] > - <No specific theme could be found. Using default theme > [cas-theme-default}> > 2018-05-15 08:56:00,805 DEBUG > [org.apereo.cas.services.AbstractServicesManager] > - <Loading services from [InMemoryServiceRegistry]> > 2018-05-15 08:56:00,806 INFO [org.apereo.cas.services.AbstractServicesManager] > - <Loaded [0] service(s) from [InMemoryServiceRegistry].> > > > [root@cas3-dev bin]# netstat -anop |grep java > tcp 0 0 127.0.0.1:8005 0.0.0.0:* > LISTEN 1799/java off (0.00/0/0) > tcp 0 0 0.0.0.0:8009 0.0.0.0:* > LISTEN 1799/java off (0.00/0/0) > tcp 0 0 0.0.0.0:8443 0.0.0.0:* > LISTEN 1799/java off (0.00/0/0) > unix 2 [ ] STREAM CONNECTED 31447 1799/java > > unix 3 [ ] STREAM CONNECTED 31552 1799/java > > unix 3 [ ] STREAM CONNECTED 31551 1799/java > > unix 2 [ ] STREAM CONNECTED 33610 1799/java > > [root@cas3-dev bin]# netstat -anop |grep 389 > tcp 0 0 10.20.32.131:33050 10.20.16.65:389 > ESTABLISHED 1244/winbindd keepalive (6472.16/0/0) > [root@cas3-dev bin]# > > > > Any insight would be useful > > Thanks so much > Jen > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/3bb4e351-dc1a-442b-a3e8- > 1bc0d0d8d21c%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3bb4e351-dc1a-442b-a3e8-1bc0d0d8d21c%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPt%2BPHgO1%2BSQig4HcOALfm7thWSE%3D6%3Dm9MgV9YJjXWrvA%40mail.gmail.com.
