It's ok, it works with this cas.properties config :
cas.authn.ldap[0].name=LDAP
cas.authn.ldap[0].order=0
cas.authn.ldap[0].ldapUrl=ldap://ad1.my.domain ldap://ad2.my.domain
cas.authn.ldap[0].bindDn=cn=users,ou=application,dc=my,dc=domain
cas.authn.ldap[0].baseDn="ou=application,dc=my,dc=domain"
cas.authn.ldap[0].searchFilter="sAMAccountName={user}"
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].dnFormat="%[email protected]"
cas.authn.ldap[0].principalAttributeList="sAMAccountName"
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].subtreeSearch=true
Le vendredi 11 octobre 2019 16:38:53 UTC+2, Kevin Imbrechts a écrit :
>
> I have delete JAAS config and I put LDAP config.
> My pom.xml
> <dependency>
> <groupId>org.apereo.cas</groupId>
> <artifactId>cas-server-support-ldap</artifactId>
> <version>${cas.version}</version>
> </dependency>
>
> My cas.properties
> cas.authn.ldap[0].name=LDAP
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].ldapUrl=ldap://ad1.my.domain ldap://ad2.my.domain
> cas.authn.ldap[0].bindDn="cn=user-apereo-cas"
> cas.authn.ldap[0].baseDn="ou=application,dc=my,dc=domain"
> cas.authn.ldap[0].searchFilter="sAMAccountName={user}"
> cas.authn.ldap[0].type=AD
> cas.authn.ldap[0].dnFormat="%[email protected]"
> cas.authn.ldap[0].principalAttributeList="sAMAccountName"
> cas.authn.ldap[0].useSsl=false
>
> I have this error :
> 2019-10-11 16:22:04,823 DEBUG
> [org.apereo.cas.authentication.support.DefaultLdapAccountStateHandler] -
> <Attempting to handle LDAP account state for
> [[org.ldaptive.auth.AuthenticationResponse@690116111::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
>
> resolvedDn="[email protected]",
> ldapEntry=[dn="[email protected]"[]], accountState=null,
> result=false, resultCode=INVALID_CREDENTIALS,
> message=javax.naming.AuthenticationException: [LDAP: error code 49 -
> 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
> data 52e, v2580], controls=null]]>
>
> Very strange...
>
> Le jeudi 10 octobre 2019 16:12:36 UTC+2, Kevin Imbrechts a écrit :
>>
>> In my /etc/cas/config/jaas.config file, I've this config :
>> MY.DOMAIN <http://SIDEN.INT> {
>> com.sun.security.auth.module.Krb5LoginModule sufficient
>> refreshKrb5Config=TRUE
>> useTicketCache=TRUE
>> renewTGT=TRUE
>> useKeyTab=TRUE
>> doNotPrompt=FALSE
>> keyTab=/etc/cas/config/cas.HTTP.keytab
>> storeKey=FALSE
>> principal="uid=usr-docker,dc=my,dc=domain"
>> debug=TRUE;
>> };
>>
>> My run-cas.sh script execute cas.war like this :
>> exec java -Djava.security.auth.login.config=/etc/cas/config/jaas.config
>> -jar /cas-overlay/target/cas.war
>>
>> And my JAAS config from /etc/cas/config/cas.properties :
>> # JAAS Config
>> cas.authn.jaas[0].realm=MY.REALM
>> cas.authn.jaas[0].kerberosKdcSystemProperty=ad1.my.domain
>> cas.authn.jaas[0].kerberosRealmSystemProperty=MY.REALM
>> cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/jaas.config
>>
>> Thanks
>>
>>
>>
>> Le jeudi 10 octobre 2019 16:03:51 UTC+2, Kevin Imbrechts a écrit :
>>>
>>> Ok I think I found the error :
>>> 2019-10-10 15:56:38,737 DEBUG
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
>>> for MY.REALM].>
>>> 2019-10-10 15:56:38,737 DEBUG
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
>>> for MY.REALM].>
>>> 2019-10-10 15:56:38,738 DEBUG
>>> [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording
>>> authentication handler failure under key [JaasAuthenticationHandler]>
>>>
>>> How to configure a LoginModule ?
>>>
>>> Le jeudi 10 octobre 2019 15:37:25 UTC+2, Kevin Imbrechts a écrit :
>>>>
>>>> I tried, but I can't do it. Nobody can help me ? :(
>>>>
>>>> Le mercredi 9 octobre 2019 19:10:43 UTC+2, Kevin Imbrechts a écrit :
>>>>>
>>>>> JAAS is a Java standard authentication and authorization API. JAAS is
>>>>> configured via externalized plain text configuration file.
>>>>>
>>>>>
>>>>> https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html
>>>>>
>>>>> I think CAS attempts to use another authentication support but I don't
>>>>> know why...
>>>>>
>>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ff1e195e-0dfe-4d89-8a74-bee653a98cf7%40apereo.org.
