Hello,

I've been working on troubleshooting and passing AD LDAP attributes using
SAML 2.0.  So far, everything that I've found in this group or online has
not fixed my issue.  I know I'm close and if anyone can guide me in the
right direction, I would appreciate it much.

Here is my current mapping configuration:

*...*
*<property name="credentialsToPrincipalResolvers">*
*                        <list>*
*                                <bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
*
*                                        <property
name="attributeRepository" ref="attributeRepository" />*
*                                </bean>*
*                        </list>*
*                </property>*
*...*
*
*
* <bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">*
*                <property name="contextSource" ref="contextSource"/>*
*                <property name="requireAllQueryAttributes" value="false"/>*
*                <property name="queryAttributeMapping">*
*                <map>*
*                        <entry key="username" value="sAMAccountName" />*
*                </map>*
*                </property>*
*                <property name="resultAttributeMapping">*
*                <map>*
*                <entry key="mail" value="Email" />*
*                </map>*
*                </property>*
*</bean>*
*
*
Here is what I am receiving in my log:

*2012-08-11 14:23:23,682 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: [username:
stefan.holodnick]*
*2012-08-11 14:23:23,682 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- Attempting to resolve a principal...*
*2012-08-11 14:23:23,682 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- Creating SimplePrincipal for [stefan.holodnick]*
*2012-08-11 14:23:23,683 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
Created seed map='{username=[stefan.holodnick]}' for uid='stefan.holodnick'*
*2012-08-11 14:23:23,683 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Adding
attribute 'sAMAccountName' with value '[stefan.holodnick]' to query builder
'null'*
*2012-08-11 14:23:23,685 DEBUG
[org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
Generated query builder '(sAMAccountName=stefan.holodnick)' from query Map
{username=[stefan.holodnick]}.*
*2012-08-11 14:23:23,706 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit
trail record BEGIN*
*=============================================================*
*WHO: [username: stefan.holodnick]*
*WHAT: supplied credentials: [username: stefan.holodnick]*
*ACTION: AUTHENTICATION_FAILED*
*APPLICATION: CAS*
*WHEN: Sat Aug 11 14:23:23 EDT 2012*
*CLIENT IP ADDRESS: 192.168.11.143*
*SERVER IP ADDRESS: auth.kirtland.edu*
*=============================================================*
*
*
*
*
*2012-08-11 14:23:23,706 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit
trail record BEGIN*
*=============================================================*
*WHO: [username: stefan.holodnick]*
*WHAT: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001BF, problem
2001 (NO_OBJECT), data 0, best match of:*
*        ''*
*^@]; nested exception is javax.naming.NameNotFoundException: [LDAP: error
code 32 - 0000208D: NameErr: DSID-031001BF, problem 2001 (NO_OBJECT), data
0, best match of:*
*        ''*
*^@]; remaining name ''*
*ACTION: TICKET_GRANTING_TICKET_NOT_CREATED*
*APPLICATION: CAS*
*WHEN: Sat Aug 11 14:23:23 EDT 2012*
*CLIENT IP ADDRESS: 192.168.11.143*
*SERVER IP ADDRESS: auth.kirtland.edu*
*=============================================================*
*
*
*
*
*2012-08-11 14:23:23,718 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated
service for:
https://auth.kirtland.edu/cas/services/j_acegi_cas_security_check*



For one thing, would debug properly return the mail attribute?  For
another, why is it having issues with my current config?



---------
Stefan Holodnick
Online Services Developer
Kirtland Community College
989.275.5000 x458
[email protected]

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to