Re: [cas-user] LDAP config: stuck with DefaultAuthenticationManager

[Ray Bon]

Stef,

cas.authn.ldap[0].trust-store
should be a path (or is that a typo?).

Ray

On Tue, 2022-11-29 at 08:42 -0800, ITT Arisse wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi all,

it seems I cant login with my LDAP Authentication Manager since it seems  
DefaultAuthenticationManager is the only Authentication Manager configured...

WHO: myuser
WHAT: [UsernamePasswordCredential(username=myuser, source=null, 
customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Nov 29 17:34:46 CET 2022
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=============================================================

>
2022-11-29 17:34:46,726 DEBUG 
[org.springframework.boot.actuate.audit.listener.AuditListener] - <AuditEvent 
[timestamp=2022-11-29T16:34:46.726185500Z, principal=myuser, 
type=AUTHENTICATION_FAILED, data={CAS=null, Tue Nov 29 17:34:46 CET 2022=null, 
0:0:0:0:0:0:0:1=null, [UsernamePasswordCredential(username=myuser, source=null, 
customFields={})]}]>
2022-11-29 17:34:46,726 DEBUG 
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
 - <0 errors, 0 successes>
org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes
    at 
org.apereo.cas.authentication.DefaultAuthenticationManager.evaluateFinalAuthentication(DefaultAuthenticationManager.java:339)
 ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
    at 
org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateInternal(DefaultAuthenticationManager.java:317)
 ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
    at 
org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:69)
 ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:?]
    at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 ~[?:?]
    at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 ~[?:?]
    at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
    at 
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
 ~[spring-aop-5.3.24.jar:5.3.24]
    at 
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
 ~[spring-aop-5.3.24.jar:5.3.24]
    at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
 ~[spring-aop-5.3.24.jar:5.3.24]
    at 
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
 ~[spring-aop-5.3.24.jar:5.3.24]
    at 
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:178)
 ~[inspektr-audit-1.8.20.GA.jar:?]
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:?]


My config is the following:

##
# my Config
#
cas.log.level=trace
spring.security.log.level=trace
spring.webflow.log.level=trace
ldap.log.level=trace
pac4j.log.level=trace
opensaml.log.level=trace
hazelcast.log.level=trace
log.include.location=trace

#cas.authn.accept.enabled=false

cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldap-url=ldap://mydomain
cas.authn.ldap[0].base-dn=OU=dom1,DC=dom2,DC=lan
cas.authn.ldap[0].search-filter=(sAMAccountName={user})
cas.authn.ldap[0].bind-dn=myuser@mydomain
cas.authn.ldap[0].bind-credential=mypassword
cas.authn.ldap[0].max-pool-size=5
cas.authn.ldap[0].min-pool-size=0
cas.authn.ldap[0].subtree-search=true
cas.authn.ldap[0].use-start-tls=false
cas.authn.ldap[0].trust-store=JKS
cas.authn.ldap[0].trust-store-password=changeit
cas.authn.ldap[0].trust-store-type=JKS
cas.authn.ldap[0].hostname-verifier=ANY

logging.level.org.springframework.boot.autoconfigure=ERROR
cas.standalone.configuration-directory=../../etc/cas/config
cas.service-registry.ldap.ldap-url=ldap://mydomain
cas.webflow.crypto.encryption.key=key1
cas.tgc.crypto.encryption.key=key2
cas.tgc.crypto.signing.key=key3

#cas.authn.attribute-repository.ldap[0].order=1
cas.authn.attribute-repository.ldap[0].base-dn=OU=dom1,DC=dom2,DC=lan
cas.authn.attribute-repository.ldap[0].bind-dn=myuser@mydomain
cas.authn.attribute-repository.ldap[0].bind-credential=mypassword
cas.authn.attribute-repository.ldap[0].ldap-url=ldap://mydomain:389
cas.authn.attribute-repository.ldap[0].search-filter=(sAMAccountName={user})
#cas.authn.attribute-repository.ldap[0].type=AUTHENTICATED
cas.authn.attribute-repository.ldap[0].hostname-verifier=ANY
cas.authn.attribute-repository.ldap[0].pool-passivator=NONE
#cas.authn.attribute-repository.ldap[0].allow-multiple-principal-attribute-values=true
#cas.authn.attribute-repository.ldap[0].enhance-with-entry-resolver=true
#cas.authn.attribute-repository.ldap[0].principal-attribute-list=displayName,mail:email,memberOf
#cas.authn.attribute-repository.ldap[0].principal-dn-attribute-name=sAMAccountName
#cas.authn.attribute-repository.ldap[0].use-start-tls=false
#cas.authn.attribute-repository.ldap[0].password-encoder.type=NONE
#cas.authn.ldap[0].bind-dn=blahblahblah


cas.person-directory.attribute-resolution-enabled=true
cas.person-directory.active-attribute-repository-ids=ADAUTH
cas.person-directory.principal-attribute=sAMAccountName
cas.person-directory.return-null=false
cas.person-directory.principal-resolution-failure-fatal=true
cas.person-directory.use-existing-principal-id=false

cas.authn.attribute-repository.core.aggregation=CASCADE
cas.authn.attribute-repository.core.merger=MULTIVALUED
cas.authn.attribute-repository.core.default-attributes-to-release=ldap-dn
cas.authn.attribute-repository.ldap[0].id=ADAUTH
cas.authn.attribute-repository.ldap[0].order=0
cas.authn.attribute-repository.ldap[0].attributes.sAMAccountName=uid
cas.authn.attribute-repository.ldap[0].attributes.userAccountControl=user-account-control
cas.authn.attribute-repository.ldap[0].attributes.distinguishedName=ldap-dn

logging.level.org.apereo.cas=debug
logging.level.org.apereo.services.persondir=trace
logging.level.org.apereo.cas.persondir=trace
logging.level.org.apereo.cas.authentication.principal.cache=trace

I'm completely stuck, any help would be highly appreciated,

thanks a lot!

Stef

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7b9b12dca3b05ae04d89ccc358a2335999ab2e75.camel%40uvic.ca.