There is a typo in the documentation. <bean id="accountStateHandler" class="org.jasig.cas.authentication.support.DefaultAccountStateHander" /> should be
<bean id="accountStateHandler" class="org.jasig.cas.authentication.support.DefaultAccountStateHandler" /> There is a missing 'l' in handler. On Wednesday, July 9, 2014 10:52:39 PM UTC+5, Daniel Fisher wrote: > > Marvin offered to update the documentation once you confirmed the fix. > Thank you for closing the loop on this. > > --Daniel Fisher > > On Wed, Jul 9, 2014 at 1:36 PM, wa <[email protected] <javascript:>> > wrote: > > BTW this should be updated in the documentation at > > http://jasig.github.io/cas/4.0.0/installation/LDAP-Authentication.html > > > > > > On Wednesday, July 9, 2014 10:34:15 PM UTC+5, wa wrote: > >> > >> Figured it out. Had to add the > >> ActiveDirectoryAuthenticationResponseHandler as below to be able to > parse AD > >> response. > >> > >> > >> <bean id="authenticator" class="org.ldaptive.auth.Authenticator" > >> c:resolver-ref="dnResolver" > >> c:handler-ref="authHandler"> > >> <property name="authenticationResponseHandlers"> > >> <list> > >> <bean > >> > class="org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler" > >> /> > >> </list> > >> </property> > >> </bean> > >> > >> > >> On Monday, July 7, 2014 6:56:40 PM UTC+5, wa wrote: > >>> > >>> Active Directory is running on Windows 2008 Server > >>> > >>> On Monday, July 7, 2014 11:46:53 AM UTC+5, wa wrote: > >>>> > >>>> LPPE configuration is as below > >>>> > >>>> <bean id="ldapAuthenticationHandler" > >>>> class="org.jasig.cas.authentication.LdapAuthenticationHandler" > >>>> p:principalIdAttribute="sAMAccountName" > >>>> c:authenticator-ref="authenticator" > >>>> p:passwordPolicyConfiguration-ref="passwordPolicy"> > >>>> <property name="principalAttributeMap"> > >>>> <map> > >>>> <!-- > >>>> | This map provides a simple attribute resolution > >>>> mechanism. > >>>> | Keys are LDAP attribute names, values are CAS > attribute > >>>> names. > >>>> | Use this facility instead of a PrincipalResolver if > >>>> LDAP is > >>>> | the only attribute source. > >>>> --> > >>>> <entry key="member" value="member" /> > >>>> <entry key="mail" value="mail" /> > >>>> <entry key="displayName" value="displayName" /> > >>>> </map> > >>>> </property> > >>>> </bean> > >>>> > >>>> ***************lppe-configuration.xml*************** > >>>> > >>>> <beans xmlns="http://www.springframework.org/schema/beans"; > >>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > >>>> xmlns:p="http://www.springframework.org/schema/p"; > >>>> xsi:schemaLocation=" > http://www.springframework.org/schema/beans > >>>> http://www.springframework.org/schema/beans/spring-beans.xsd";> > >>>> > >>>> <!-- > >>>> | Sample LDAP password policy configuration. > >>>> | There are notable configuration requirements for LDAP > components > >>>> required for password policy > >>>> | depending on the directory (Active Directory, OpenLDAP, etc). > >>>> | See CAS documentation for more information. > >>>> --> > >>>> <bean id="passwordPolicy" > >>>> > class="org.jasig.cas.authentication.support.LdapPasswordPolicyConfiguration" > > >>>> > >>>> p:alwaysDisplayPasswordExpirationWarning="${password.policy.warnAll}" > >>>> > p:passwordWarningNumberOfDays="${password.policy.warningDays}" > >>>> p:passwordPolicyUrl="${password.policy.url}" > >>>> p:accountStateHandler-ref="accountStateHandler" /> > >>>> > >>>> <!-- This component is suitable for most cases but can be replaced > >>>> with a custom component for special cases. --> > >>>> <bean id="accountStateHandler" > >>>> > class="org.jasig.cas.authentication.support.DefaultAccountStateHander" /> > >>>> > >>>> </beans> > >>>> > >>>> > >>>> I will check and confirm the Windows server version. Thanks. > >>>> > >>>> > >>>> On Saturday, July 5, 2014 9:43:22 AM UTC+5, Daniel Fisher wrote: > >>>>> > >>>>> On Thu, Jun 26, 2014 at 7:59 AM, wa <[email protected]> wrote: > >>>>> > 2014-06-26 16:42:50,134 DEBUG > >>>>> > [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP > >>>>> > response: > >>>>> > > >>>>> > > [org.ldaptive.auth.AuthenticationResponse@1850787950::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, > > > >>>>> > ldapEntry=[dn=CN=test8\, Bpo,OU=agent ou,OU=BPO test > >>>>> > OU,OU=Campaigns,OU=xxxx,OU=Sites,DC=xxxx,DC=com[]], > >>>>> > accountState=null, > >>>>> > result=false, resultCode=INVALID_CREDENTIALS, > >>>>> > message=javax.naming.AuthenticationException: [LDAP: error code 49 > - > >>>>> > 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext > >>>>> > error, data > >>>>> > 775, v1772\00], controls=null] > >>>>> > > >>>>> > >>>>> accountState is null, so either the authentication response handler > >>>>> failed to parse the response or it isn't configured correctly. What > >>>>> does your lppe configuration look like? > >>>>> > >>>>> --Daniel Fisher > >>>>> > >>>>> -- > >>>>> You are currently subscribed to [email protected] as: > >>>>> [email protected] > >>>>> To unsubscribe, change settings or access archives, see > >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >>>> > >>>> -- > >>>> You are currently subscribed to [email protected] <javascript:> > as: > >>>> [email protected] <javascript:> > >>>> To unsubscribe, change settings or access archives, see > >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >>> > >>> -- > >>> You are currently subscribed to [email protected] <javascript:> > as: > >>> [email protected] <javascript:> > >>> To unsubscribe, change settings or access archives, see > >>> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] <javascript:> as: > [email protected] <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
