Bartosz Nitkiewicz
I am using AJP connection between Apache2 and tomcat9.
Apache 2 is the front with TLS connetion.
Le lundi 22 mars 2021 à 17:09:55 UTC+1, Bartosz Nitkiewicz a écrit :
> Shouldn't you add keystore for SSL/TLS authentication?
> like:
>
> cas.authn.ldap[0].keystore=file:/etc/cas/config/keystore.jks
> cas.authn.ldap[0].keystorePassword=password
> cas.authn.ldap[0].keystoreType=PKCS12
>
> You should add your signed certificate to main JAVA keystore
> poniedziałek, 22 marca 2021 o 16:57:38 UTC+1 Jérémie Pilette napisał(a):
>
>> Yes I am using Start-tls
>> cas.authn.ldap[0].use-start-tls=true
>>
>> Le lundi 22 mars 2021 à 16:53:36 UTC+1, Bartosz Nitkiewicz a écrit :
>>
>>> Maybe your LDAP server have to be authenticated through SSL/TLS (LDAPS)?
>>>
>>> poniedziałek, 22 marca 2021 o 16:25:41 UTC+1 Jérémie Pilette napisał(a):
>>>
>>>> It seems to be Invalid Credential for the user.. I don't know why..
>>>> Le lundi 22 mars 2021 à 16:21:48 UTC+1, Jérémie Pilette a écrit :
>>>>
>>>>> It doesn't change anything with this two lines added ... :o(
>>>>>
>>>>> Le lundi 22 mars 2021 à 16:17:58 UTC+1, Bartosz Nitkiewicz a écrit :
>>>>>
>>>>>> implementation is ok
>>>>>>
>>>>>> Try to add
>>>>>> cas.authn.ldap[0].name=adYourName
>>>>>> cas.authn.ldap[0].order=0
>>>>>>
>>>>>> poniedziałek, 22 marca 2021 o 16:13:17 UTC+1 Jérémie Pilette
>>>>>> napisał(a):
>>>>>>
>>>>>>>
>>>>>>> Yes I have :
>>>>>>> compile
>>>>>>> "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>>>>>>>
>>>>>>> But i have seen that instead of "compile" we can put
>>>>>>> "implementation".
>>>>>>> I do not know which one we have to use
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Le lundi 22 mars 2021 à 16:07:48 UTC+1, Bartosz Nitkiewicz a écrit :
>>>>>>>
>>>>>>>> Hi,
>>>>>>>> Did you build ldap dependency into your CAS server?
>>>>>>>> You should add
>>>>>>>> org.apereo.cas:cas-server-support-ldap:${casServerVersion} in
>>>>>>>> build.graddle
>>>>>>>> and rebuild CAS app.
>>>>>>>> Regards,
>>>>>>>> BN
>>>>>>>>
>>>>>>>> poniedziałek, 22 marca 2021 o 15:50:04 UTC+1 Jérémie Pilette
>>>>>>>> napisał(a):
>>>>>>>>
>>>>>>>>> Here my cas.properties
>>>>>>>>>
>>>>>>>>> ***********
>>>>>>>>> cas.server.name=https://xxxxx.xxxxx.fr
>>>>>>>>> cas.server.prefix=${cas.server.name}/cas
>>>>>>>>>
>>>>>>>>> logging.config=file:/etc/cas/config/log4j2.xml
>>>>>>>>>
>>>>>>>>> cas.service-registry.json.location=file:/etc/cas/services
>>>>>>>>>
>>>>>>>>> cas.authn.ldap[0].principal-attribute-list=cn,givenName,sn
>>>>>>>>>
>>>>>>>>> # cas.authn.ldap[0].collect-dn-attribute=false
>>>>>>>>> # cas.authn.ldap[0].principal-dn-attribute-name=
>>>>>>>>> # cas.authn.ldap[0].allow-multiple-principal-attribute-values=true
>>>>>>>>> # cas.authn.ldap[0].allow-missing-principal-attribute-value=true
>>>>>>>>> # cas.authn.ldap[0].credential-criteria=
>>>>>>>>>
>>>>>>>>> cas.authn.ldap[0].ldap-url=ldap://xxx.yyyy.com
>>>>>>>>> cas.authn.ldap[0].bind-dn=userdn
>>>>>>>>> cas.authn.ldap[0].bind-credential=pwd
>>>>>>>>>
>>>>>>>>> cas.authn.ldap[0].base-dn=my_base_dn
>>>>>>>>> cas.authn.ldap[0].subtree-search=true
>>>>>>>>> cas.authn.ldap[0].search-filter=my_filter
>>>>>>>>> cas.authn.ldap[0].page-size=0
>>>>>>>>>
>>>>>>>>> cas.authn.ldap[0].principal-attribute-password=userPassword
>>>>>>>>>
>>>>>>>>> cas.authn.ldap[0].min-pool-size=3
>>>>>>>>> cas.authn.ldap[0].max-pool-size=10
>>>>>>>>> cas.authn.ldap[0].validate-on-checkout=true
>>>>>>>>> cas.authn.ldap[0].validate-periodically=true
>>>>>>>>> cas.authn.ldap[0].validate-period=PT5M
>>>>>>>>> cas.authn.ldap[0].validate-timeout=PT5S
>>>>>>>>> cas.authn.ldap[0].fail-fast=false
>>>>>>>>> cas.authn.ldap[0].idle-time=PT10M
>>>>>>>>> cas.authn.ldap[0].prune-period=PT2H
>>>>>>>>> cas.authn.ldap[0].block-wait-time=PT3S
>>>>>>>>> cas.authn.ldap[0].use-start-tls=true
>>>>>>>>> cas.authn.ldap[0].response-timeout=PT5S
>>>>>>>>> *******************
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Le lundi 22 mars 2021 à 15:37:56 UTC+1, Jérémie Pilette a écrit :
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>> I have just install the CAS server version 6.4 and made my LDAP
>>>>>>>>>> configuration.
>>>>>>>>>> Impossible for users to authenticate.
>>>>>>>>>> Maybe I forget something... I do not know what...
>>>>>>>>>>
>>>>>>>>>> Do you have an idea please ?
>>>>>>>>>>
>>>>>>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bdd7fe49-2af2-4fea-8161-d4806bc086dbn%40apereo.org.
