Hi Marvin,
Sorry this took so long. I reverted logging to default and bumped
org.jasig.services.persondir up to DEBUG, restarted Tomcat and got these logs
on logging in. MY_IP_ADDR is the IP of my computer, SERVICE_IP_ADDR is the IP
address of the server with mod_auth_cas protecting resources.
==> /var/log/tomcat6/cas.log <==
2012-02-07 09:27:06,312 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] -
Setting path for cookies to: /cas
==> /var/log/httpd/ssl_access_log <==
MY_IP_ADDR - - [07/Feb/2012:09:27:06 -0400] "GET
/cas/login?service=https%3a%2f%2fwebtest.its.unb.ca%2fcas-dev%2findex.cgi
HTTP/1.1" 200 6348 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0)
Gecko/20100101 Firefox/11.0"
==> /var/log/tomcat6/cas.log <==
2012-02-07 09:27:14,481 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler: org.jasig.cas.adaptors.generic.FileAuthenticationHandler
failed to authenticate the user which provided the following credentials:
[username: jgoguen]
2012-02-07 09:27:15,013 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: [username:
jgoguen]
2012-02-07 09:27:15,068 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created
seed map='{username=[jgoguen]}' for uid='jgoguen'
2012-02-07 09:27:15,068 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding
attribute 'unbCaAlumniUid' with value '[jgoguen]' to query builder 'null'
2012-02-07 09:27:15,071 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Generated
query builder '(unbCaAlumniUid=jgoguen)' from query Map {username=[jgoguen]}.
2012-02-07 09:27:15,138 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
Granted service ticket [ST-1-y5Ww99dOBDUfJWC3TxGd-cas] for service
[https://webtest.its.unb.ca/cas-dev/index.cgi] for user [jgoguen]
==> /var/log/httpd/ssl_access_log <==
MY_IP_ADDR - - [07/Feb/2012:09:27:14 -0400] "POST
/cas/login?service=https%3a%2f%2fwebtest.its.unb.ca%2fcas-dev%2findex.cgi
HTTP/1.1" 302 -
"https://fortran.its.unb.ca/cas/login?service=https%3a%2f%2fwebtest.its.unb.ca%2fcas-dev%2findex.cgi";
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20100101
Firefox/11.0"
SERVICE_IP_ADDR - - [07/Feb/2012:09:27:15 -0400] "POST
/cas/samlValidate?TARGET=https%3a%2f%2fwebtest.its.unb.ca%2fcas-dev%2findex.cgi
HTTP/1.1" 200 1480 "-" "mod_auth_cas 1.0.9.1"
On 2012-02-02, at 10:39, Marvin Addison wrote:
>> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
>> AuthenticationHandler:
>> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
>> authenticated the user which provided the following credentials: [username:
>> jgoguen]
>> 2012-01-25 09:03:01,758 DEBUG
>> [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
>> - Attempting to resolve a principal...
>> 2012-01-25 09:03:01,758 DEBUG
>> [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
>> - Attempting to resolve a principal...
>> 2012-01-25 09:03:01,758 DEBUG
>> [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
>> - Creating SimplePrincipal for [jgoguen]
>> 2012-01-25 09:03:01,759 DEBUG
>> [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
>> - Resolved jgoguen. Trying LDAP resolve now...
>> 2012-01-25 09:03:01,759 DEBUG
>> [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
>> - LDAP search with filter
>> "(&(|(uid=jgoguen)(unbCaAlumniUid=jgoguen))(objectClass=eduPerson))"
>> 2012-01-25 09:03:01,760 DEBUG
>> [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
>> - returning searchcontrols: scope=2; search base=dc=unb,dc=ca;
>> attributes=[uid]; timeout=1000
>> 2012-01-25 09:03:01,807 DEBUG
>> [org.springframework.ldap.core.support.AbstractContextSource] - Got Ldap
>> context on server 'ldaps://ldap.unb.ca'
>> 2012-01-25 09:03:01,810 DEBUG
>> [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
>> - Resolved jgoguen to jgoguen
>> 2012-01-25 09:03:01,810 DEBUG
>> [org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
>> - Creating SimplePrincipal for [jgoguen]
>> 2012-01-25 09:03:01,810 DEBUG
>> [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Created
>> seed map='{username=[jgoguen]}' for uid='jgoguen'
>> 2012-01-25 09:03:01,810 DEBUG
>> [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding
>> attribute 'unbCaAlumniUid' with value '[jgoguen]' to query builder 'null'
>> 2012-01-25 09:03:01,813 DEBUG
>> [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
>> Generated query builder '(unbCaAlumniUid=jgoguen)' from query Map
>> {username=[jgoguen]}.
>> 2012-01-25 09:03:01,862 DEBUG
>> [org.springframework.ldap.core.support.AbstractContextSource] - Got Ldap
>> context on server 'ldaps://ldap.unb.ca'
>
> We ought to see attributes that are resolved following immediately
> after the line above, but we do not. That leads me to believe there's
> a problem with your LDAP attribute query. Let's focus there. Also,
> we need to tweak your logging configuration so we don't have so much
> noise. Revert to the default logging configuration that ships with
> CAS and turn up just the following category to debug:
>
> org.jasig.services.persondir
>
> M
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
Joel Goguen
Developer
Enterprise Solutions
Information Technology Services
University of New Brunswick
E-mail: [email protected]
Phone: (506) 453-4872
Fax: (506) 453-3590
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
