"data 52e", if I remember correctly, should indicate that there's a problem with the account attempting to authenticate. Verify the account's credentials.
> -----Original Message----- > From: Seongheon Lee [mailto:[email protected]] > Sent: Tuesday, July 02, 2013 2:31 PM > To: [email protected] > Subject: [cas-user] LDAPS and FastBindLdapAuthenticationHandler > > I got a failed authentication error (as follows). It looks like that CAS > cannot communicate with LDAPS server (FastBindLdapAuthenticationHandler). > I > list both error log and DeployerConfigContext.xml setup. I will > appreciate > your feedback. > > > --------------------------- > Error Log > -------------------------- > > 2013-07-02 12:19:25,574 INFO > [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] - Failed > to > authenticate user seong.lee with error [LDAP: error code 49 - 80090308: > LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, > v1db1 > > 2013-07-02 12:19:25,574 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler failed > authenticating [username: seong.lee] > 2013-07-02 12:19:25,575 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: [username: seong.lee] > WHAT: supplied credentials: [username: seong.lee] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Tue Jul 02 12:19:25 PDT 2013 > CLIENT IP ADDRESS: 69.16.75.242 > SERVER IP ADDRESS: 197.20.48.8 > ============================================================= > > > 2013-07-02 12:19:25,575 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: [username: seong.lee] > WHAT: error.authentication.credentials.bad > ACTION: TICKET_GRANTING_TICKET_NOT_CREATED > APPLICATION: CAS > WHEN: Tue Jul 02 12:19:25 PDT 2013 > CLIENT IP ADDRESS: 69.16.75.242 > SERVER IP ADDRESS: 197.20.48.8 > ============================================================= > > -------------------------- > DeployerConfigContext > -------------------------- > <bean id="authenticationManager" > class="org.jasig.cas.authentication.AuthenticationManagerImpl"> > > <property name="credentialsToPrincipalResolvers"> > <list> > <bean > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPr > incipalResolver" > > <property name="attributeRepository" > ref="attributeRepository" /> > </bean> > <bean > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPr > incipalResolver" /> > </list> > </property> > > <property name="authenticationHandlers"> > <list> > <bean > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentia > lsAuthenticationHandler" > p:httpClient-ref="httpClient" /> > <bean > class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > p:filter="sAMAccountName=%u,ou=Student" > p:contextSource-ref="contextSource" > p:ignorePartialResultException="true"/> > </list> > </property> > </bean> > > > <sec:user-service id="userDetailsService"> > <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" > authorities="ROLE_ADMIN" /> > </sec:user-service> > > > <bean id="attributeRepository" > class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> > <property name="baseDN" value="ou=Student,dc=TCLD,dc=local"/> > <property name="contextSource" ref="contextSource"/> <property > name="requireAllQueryAttributes" value="true"/> <property > name="queryAttributeMapping"> <map> <entry key="username" > value="sAMAccountName"/> </map> </property> <property > name="resultAttributeMapping"> <map> <entry key="cn" value="Name"/> </map> > </property> > </bean> > > <bean id="contextSource" > class="org.springframework.ldap.core.support.LdapContextSource"> > <property name="pooled" value="false"/> > > > <property name="url" value="ldaps://69.164.175.242:636" /> > > <property name="baseEnvironmentProperties"> <map> <entry > key="com.sun.jndi.ldap.connect.timeout" value="3000" /> <entry > key="com.sun.jndi.ldap.read.timeout" value="3000" /> <entry > key="java.naming.security.authentication" value="simple" /> </map> > </property> </bean> > > > <bean > id="serviceRegistryDao" > class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> > <property name="registeredServices"> > <list> > <bean > class="org.jasig.cas.services.RegexRegisteredService"> > <property name="id" value="0" /> > <property name="name" value="HTTP and IMAP" /> > <property name="description" value="Allows HTTP(S) > and IMAP(S) protocols" /> > <property name="serviceId" > value="^(https?|imaps?)://.*" /> > <property name="evaluationOrder" value="10000001" > /> > </bean> > </list> > </property> > </bean> > > <bean id="auditTrailManager" > class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> > > <bean id="healthCheckMonitor" > class="org.jasig.cas.monitor.HealthCheckMonitor"> > <property name="monitors"> > <list> > <bean class="org.jasig.cas.monitor.MemoryMonitor" > p:freeMemoryWarnThreshold="10" /> > <!-- > NOTE > The following ticket registries support SessionMonitor: > * DefaultTicketRegistry > * JpaTicketRegistry > Remove this monitor if you use an unsupported registry. > --> > <bean class="org.jasig.cas.monitor.SessionMonitor" > p:ticketRegistry-ref="ticketRegistry" > p:serviceTicketCountWarnThreshold="5000" > p:sessionCountWarnThreshold="100000" /> > </list> > </property> > </bean> > </beans> > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
