Re: [cas-user] LDAP config: stuck with DefaultAuthenticationManager

Wed, 30 Nov 2022 02:05:22 -0800 

Hi Ray,

thanks a lot I configured this property to a folder, however it does not 
fix the issue

Thanks,
Stephane

Le mardi 29 novembre 2022 à 19:03:30 UTC+1, Ray Bon a écrit :

> Stef,
>
> cas.authn.ldap[0].trust-store
> should be a path (or is that a typo?).
>
> Ray
>
> On Tue, 2022-11-29 at 08:42 -0800, ITT Arisse wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information.
>
>
> Hi all, 
>
> it seems I cant login with my LDAP Authentication Manager since it seems  
> DefaultAuthenticationManager is the only Authentication Manager 
> configured...
>
> WHO: myuser
> WHAT: [UsernamePasswordCredential(username=myuser, source=null, 
> customFields={})]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Tue Nov 29 17:34:46 CET 2022
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
> =============================================================
>
> >
> 2022-11-29 17:34:46,726 DEBUG 
> [org.springframework.boot.actuate.audit.listener.AuditListener] - 
> <AuditEvent [timestamp=2022-11-29T16:34:46.726185500Z, principal=myuser, 
> type=AUTHENTICATION_FAILED, data={CAS=null, Tue Nov 29 17:34:46 CET 
> 2022=null, 0:0:0:0:0:0:0:1=null, 
> [UsernamePasswordCredential(username=myuser, source=null, 
> customFields={})]}]>
> 2022-11-29 17:34:46,726 DEBUG 
> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>  
> - <0 errors, 0 successes>
> org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 
> successes
>     at 
> org.apereo.cas.authentication.DefaultAuthenticationManager.evaluateFinalAuthentication(DefaultAuthenticationManager.java:339)
>  
> ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>     at 
> org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateInternal(DefaultAuthenticationManager.java:317)
>  
> ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>     at 
> org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:69)
>  
> ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
>     at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
> Method) ~[?:?]
>     at 
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
>  
> ~[?:?]
>     at 
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  
> ~[?:?]
>     at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
>     at 
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
>  
> ~[spring-aop-5.3.24.jar:5.3.24]
>     at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
>  
> ~[spring-aop-5.3.24.jar:5.3.24]
>     at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
>  
> ~[spring-aop-5.3.24.jar:5.3.24]
>     at 
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
>  
> ~[spring-aop-5.3.24.jar:5.3.24]
>     at 
> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:178)
>  
> ~[inspektr-audit-1.8.20.GA.jar:?]
>     at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
> Method) ~[?:?]
>
>
> My config is the following:
>
> ##
> # my Config
> #
> cas.log.level=trace
> spring.security.log.level=trace
> spring.webflow.log.level=trace
> ldap.log.level=trace
> pac4j.log.level=trace
> opensaml.log.level=trace
> hazelcast.log.level=trace
> log.include.location=trace
>
> #cas.authn.accept.enabled=false
>
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldap-url=ldap://mydomain
> cas.authn.ldap[0].base-dn=OU=dom1,DC=dom2,DC=lan
> cas.authn.ldap[0].search-filter=(sAMAccountName={user})
> cas.authn.ldap[0].bind-dn=myuser@mydomain
> cas.authn.ldap[0].bind-credential=mypassword
> cas.authn.ldap[0].max-pool-size=5
> cas.authn.ldap[0].min-pool-size=0
> cas.authn.ldap[0].subtree-search=true
> cas.authn.ldap[0].use-start-tls=false
> cas.authn.ldap[0].trust-store=JKS
> cas.authn.ldap[0].trust-store-password=changeit
> cas.authn.ldap[0].trust-store-type=JKS
> cas.authn.ldap[0].hostname-verifier=ANY
>
> logging.level.org.springframework.boot.autoconfigure=ERROR
> cas.standalone.configuration-directory=../../etc/cas/config
> cas.service-registry.ldap.ldap-url=ldap://mydomain
> cas.webflow.crypto.encryption.key=key1
> cas.tgc.crypto.encryption.key=key2
> cas.tgc.crypto.signing.key=key3
>
> #cas.authn.attribute-repository.ldap[0].order=1
> cas.authn.attribute-repository.ldap[0].base-dn=OU=dom1,DC=dom2,DC=lan
> cas.authn.attribute-repository.ldap[0].bind-dn=myuser@mydomain
> cas.authn.attribute-repository.ldap[0].bind-credential=mypassword
> cas.authn.attribute-repository.ldap[0].ldap-url=ldap://mydomain:389
>
> cas.authn.attribute-repository.ldap[0].search-filter=(sAMAccountName={user})
> #cas.authn.attribute-repository.ldap[0].type=AUTHENTICATED
> cas.authn.attribute-repository.ldap[0].hostname-verifier=ANY
> cas.authn.attribute-repository.ldap[0].pool-passivator=NONE
>
> #cas.authn.attribute-repository.ldap[0].allow-multiple-principal-attribute-values=true
> #cas.authn.attribute-repository.ldap[0].enhance-with-entry-resolver=true
>
> #cas.authn.attribute-repository.ldap[0].principal-attribute-list=displayName,mail:email,memberOf
>
> #cas.authn.attribute-repository.ldap[0].principal-dn-attribute-name=sAMAccountName
> #cas.authn.attribute-repository.ldap[0].use-start-tls=false
> #cas.authn.attribute-repository.ldap[0].password-encoder.type=NONE
> #cas.authn.ldap[0].bind-dn=blahblahblah
>
>
> cas.person-directory.attribute-resolution-enabled=true
> cas.person-directory.active-attribute-repository-ids=ADAUTH
> cas.person-directory.principal-attribute=sAMAccountName
> cas.person-directory.return-null=false
> cas.person-directory.principal-resolution-failure-fatal=true
> cas.person-directory.use-existing-principal-id=false
>
> cas.authn.attribute-repository.core.aggregation=CASCADE
> cas.authn.attribute-repository.core.merger=MULTIVALUED
> cas.authn.attribute-repository.core.default-attributes-to-release=ldap-dn
> cas.authn.attribute-repository.ldap[0].id=ADAUTH
> cas.authn.attribute-repository.ldap[0].order=0
> cas.authn.attribute-repository.ldap[0].attributes.sAMAccountName=uid
>
> cas.authn.attribute-repository.ldap[0].attributes.userAccountControl=user-account-control
> cas.authn.attribute-repository.ldap[0].attributes.distinguishedName=ldap-dn
>
> logging.level.org.apereo.cas=debug
> logging.level.org.apereo.services.persondir=trace
> logging.level.org.apereo.cas.persondir=trace
> logging.level.org.apereo.cas.authentication.principal.cache=trace
>
> I'm completely stuck, any help would be highly appreciated,
>
> thanks a lot!
>
> Stef
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3c034de1-ee64-494b-880f-38189e7637a9n%40apereo.org.

Reply via email to