I have delete JAAS config and I put LDAP config.
My pom.xml
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
My cas.properties
cas.authn.ldap[0].name=LDAP
cas.authn.ldap[0].order=0
cas.authn.ldap[0].ldapUrl=ldap://ad1.my.domain ldap://ad2.my.domain
cas.authn.ldap[0].bindDn="cn=user-apereo-cas"
cas.authn.ldap[0].baseDn="ou=application,dc=my,dc=domain"
cas.authn.ldap[0].searchFilter="sAMAccountName={user}"
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].dnFormat="%[email protected]"
cas.authn.ldap[0].principalAttributeList="sAMAccountName"
cas.authn.ldap[0].useSsl=false
I have this error :
2019-10-11 16:22:04,823 DEBUG
[org.apereo.cas.authentication.support.DefaultLdapAccountStateHandler] -
<Attempting to handle LDAP account state for
[[org.ldaptive.auth.AuthenticationResponse@690116111::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
resolvedDn="[email protected]",
ldapEntry=[dn="[email protected]"[]], accountState=null,
result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null]]>
Very strange...
Le jeudi 10 octobre 2019 16:12:36 UTC+2, Kevin Imbrechts a écrit :
>
> In my /etc/cas/config/jaas.config file, I've this config :
> MY.DOMAIN <http://SIDEN.INT> {
> com.sun.security.auth.module.Krb5LoginModule sufficient
> refreshKrb5Config=TRUE
> useTicketCache=TRUE
> renewTGT=TRUE
> useKeyTab=TRUE
> doNotPrompt=FALSE
> keyTab=/etc/cas/config/cas.HTTP.keytab
> storeKey=FALSE
> principal="uid=usr-docker,dc=my,dc=domain"
> debug=TRUE;
> };
>
> My run-cas.sh script execute cas.war like this :
> exec java -Djava.security.auth.login.config=/etc/cas/config/jaas.config
> -jar /cas-overlay/target/cas.war
>
> And my JAAS config from /etc/cas/config/cas.properties :
> # JAAS Config
> cas.authn.jaas[0].realm=MY.REALM
> cas.authn.jaas[0].kerberosKdcSystemProperty=ad1.my.domain
> cas.authn.jaas[0].kerberosRealmSystemProperty=MY.REALM
> cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/jaas.config
>
> Thanks
>
>
>
> Le jeudi 10 octobre 2019 16:03:51 UTC+2, Kevin Imbrechts a écrit :
>>
>> Ok I think I found the error :
>> 2019-10-10 15:56:38,737 DEBUG
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
>> for MY.REALM].>
>> 2019-10-10 15:56:38,737 DEBUG
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
>> for MY.REALM].>
>> 2019-10-10 15:56:38,738 DEBUG
>> [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording
>> authentication handler failure under key [JaasAuthenticationHandler]>
>>
>> How to configure a LoginModule ?
>>
>> Le jeudi 10 octobre 2019 15:37:25 UTC+2, Kevin Imbrechts a écrit :
>>>
>>> I tried, but I can't do it. Nobody can help me ? :(
>>>
>>> Le mercredi 9 octobre 2019 19:10:43 UTC+2, Kevin Imbrechts a écrit :
>>>>
>>>> JAAS is a Java standard authentication and authorization API. JAAS is
>>>> configured via externalized plain text configuration file.
>>>>
>>>> https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html
>>>>
>>>> I think CAS attempts to use another authentication support but I don't
>>>> know why...
>>>>
>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e4515ab-d562-4fb4-9fc9-fa0058c9f9f2%40apereo.org.
