Carlos, In your cas config you have OU=VDI. But this does not show anywhere in your ldapsearch. Your ldapsearch also has 'filter: uid=*' instead of cn or sAMAccountName.
I am not an LDAP expert, but get these items the same to eliminate unknowns. Ray On Thu, 2018-11-29 at 05:45 -0800, Carlos Morales wrote: Hi Ray, LDAP SEARCH Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=test,dc=local> with scope subtree # filter: uid=* # requesting: ALL # # search reference ref: ldap://ForestDnsZones.TEST.LOCAL/DC=ForestDnsZones,DC=TEST,DC=LOCAL # search reference ref: ldap://DomainDnsZones.TEST.LOCAL/DC=DomainDnsZones,DC=TEST,DC=LOCAL # search reference ref: ldap://TEST.LOCAL/CN=Configuration,DC=TEST,DC=LOCAL # search result search: 2 result: 0 Success # numResponses: 4 # numReferences: 3 Active Directory: The registry does not show us any type of error with the LDAP. Any suggestion? El miércoles, 28 de noviembre de 2018, 17:52:30 (UTC+1), rbon escribió: Carlos, Do you have access to your AD/LDAP logs? Sanitize and post here (both successful ldapsearch and failed SSO). They may give a reason for the failure. Ray On Wed, 2018-11-28 at 08:03 -0800, Carlos Morales wrote: I follow this guide, but this seems impossible.... SSO with LDAP dosn't work but my ldapsearch it's working anb binding all users. Any suggestion? Thank in advantage. El miércoles, 28 de noviembre de 2018, 16:06:23 (UTC+1), João Henriques escribió: Check this thread: https://groups.google.com/a/apereo.org/d/topic/cas-user/LBfDaRPQ5Ds/discussion Maybe it helps. quarta-feira, 28 de Novembro de 2018 às 14:07:25 UTC, Dirk Tepe escreveu: Have you included LDAP support in your POM dependencies when you built the WAR file? https://apereo.github.io/cas/5.3.x/installation/LDAP-Authentication.html That error seems to indicate your CAS instance is not even capable of using LDAP. -dirk On Wed, Nov 28, 2018 at 7:26 AM Carlos Morales <cmor...@nexica.com> wrote: Hello, Here mi AD: [https://groups.google.com/a/apereo.org/group/cas-user/attach/a8acdc53dd9d9/Auto%20Generated%20Inline%20Image%201?part=0.1&view=1&authuser=0] My ldapsearch works correctly and bind OK, but my CAS dosn't connect with AD and give me the following error: 2018-11-28 13:22:47,186 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] does not support the credential type [UsernamePasswordCredential(username=asdf)]. Trying next...> My application.properties: cas.authn.ldap[0].type= AD cas.authn.ldap[0].ldapUrl= ldap://IP:389 cas.authn.ldap[0].useSsl= false cas.authn.ldap[0].useStartTls= false cas.authn.ldap[0].connectTimeout= 3000 cas.authn.ldap[0].baseDn= OU=VDI,DC=domain,DC=local cas.authn.ldap[0].searchFilter= sAMAaccountName={user} cas.authn.ldap[0].subtreeSearch= true cas.authn.ldap[0].dnFormat= %s@domain cas.authn.ldap[0].principalAttributeId= asdf cas.authn.ldap[0].principalAttributePassword=nPASS cas.authn.ldap[0].bindCredential=PASS logging.level.org.apereo= DEBUG cas.authn.ldap[0].allowMultipleDns= false # Thank you so much Any option? El miércoles, 28 de noviembre de 2018, 11:49:10 (UTC+1), casuser escribió: Do you have a user called "test" in the Active Directory? [HttpBasedServiceCredentialsAuthenticationHandler] does not support the credential type [UsernamePasswordCredential (username = Test)]. And try this cas.authn.ldap[0].searchFilter=sAMAccountName={user} On Wed, Nov 28, 2018 at 6:14 PM Carlos Morales <cmor...@nexica.com> wrote: I have tried more options like: cas.authn.ldap[0].searchFilter= cn={user} cas.authn.ldap[0].userFilter=uid={user} sAMAccountName But all of them same error: <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] does not support the credential type [UsernamePasswordCredential (username = Test)]. Trying next ...> Any option? Thank you so much. El martes, 27 de noviembre de 2018, 18:15:20 (UTC+1), casuser escribió: Check your active directory field to verify the username, we had the same problem then we switched it back to sAMAccountName from cn On Wed, 28 Nov 2018, 12:34 am Carlos Morales <cmor...@nexica.com wrote: Sorry, the syntax is correct as you said it is n and not m, but it still does not work showing the same error: <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] does not support the credential type [UsernamePasswordCredential (username = Test)]. Trying next ...> Any other option? El martes, 27 de noviembre de 2018, 17:07:25 (UTC+1), casuser escribió: Aren't that supposed to be cn instead of cm in the searchfilter value field On Tue, 27 Nov 2018, 11:18 pm Carlos Morales <cmor...@nexica.com wrote: Good afternoon, I have installed CAS in the new version 5.3.0, once modified the application.properties and indicated that the default credentials stop working I have tried to add the follow cas.authn.ldap[0].type= AD cas.authn.ldap[0].ldapUrl= ldap://IP:389 cas.authn.ldap[0].useSsl= false cas.authn.ldap[0].useStartTls= false cas.authn.ldap[0].connectTimeout= 3000 cas.authn.ldap[0].baseDn= OU=VDI,DC=domain,DC=local cas.authn.ldap[0].searchFilter= cm={user} cas.authn.ldap[0].subtreeSearch= true cas.authn.ldap[0].dnFormat= %s@domain cas.authn.ldap[0].principalAttributeId= Admin cas.authn.ldap[0].principalAttributePassword=Password cas.authn.ldap[0].bindCredential=Password logging.level.org.apereo= DEBUG When I try to log in with the credentials, the LOG shows the following error: 2018-11-27 12:57:24,594 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] does not support the credential type [UsernamePasswordCredential(username=Test)]. Trying next...> 2018-11-27 12:57:24,629 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: Test WHAT: Supplied credentials: [UsernamePasswordCredential(username=Test)] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Tue Nov 27 12:57:24 CET 2018 >From the server of cas with ldapsearch I can show all the information. Can you help me in this matter? It is an environment that needs to be authenticated with AD and I do not get it. Thank you so much. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57d36eab-e109-42c8-9514-9476e9dcef8e%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/57d36eab-e109-42c8-9514-9476e9dcef8e%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/de868633-b559-43a0-8489-73a0a0efe219%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/de868633-b559-43a0-8489-73a0a0efe219%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8378915f-d57a-411c-a8fd-08ce55eb255c%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/8378915f-d57a-411c-a8fd-08ce55eb255c%40apereo.org?utm_medium=email&utm_source=footer>. -- -Fazla. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/adbf480d-ad7e-42a0-9226-880dc4310843%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/adbf480d-ad7e-42a0-9226-880dc4310843%40apereo.org?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca<javascript:> -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1543527227.2846.88.camel%40uvic.ca.
