Yep. It's presently located under the authenticationHandlers property.
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services by means
of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="sAMAccountName=%u"
p:ignorePartialResultException="true"
p:searchBase="DC=ad,DC=georgiasouthern,DC=edu"
p:contextSource-ref="contextSource" />
<!--
| This is the authentication handler declaration that every CAS deployer
will need to change before deploying CAS
| into production. The default
SimpleTestUsernamePasswordAuthenticationHandler authenticates
UsernamePasswordCredentials
| where the username equals the password. You will need to replace this
with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by coding a new
such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the
handlers provided in the adaptors modules.
+-->
<ref
bean="lppeEnabledLdapAuthenticationHandler" />
</list>
</property>
On Tuesday, August 26, 2014 10:43:12 AM UTC-4, Misagh Moayyed wrote:
>
> …and is your LPPE handler referenced in your authentication manager? In
> your deployerContextConfig.xml?
>
>
>
> *From:* Christopher Sterling [mailto:[email protected]
> <javascript:>]
> *Sent:* Tuesday, August 26, 2014 6:58 AM
> *To:* [email protected] <javascript:>
> *Cc:* [email protected] <javascript:>; [email protected]
> <javascript:>; [email protected] <javascript:>
> *Subject:* Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1
>
>
>
> Yep, got DEBUG turned on. What exactly should I be looking for? It's ~4100
> lines. I can put it on pastebin if needed.
>
>
>
> I did find this when looking through the log.
>
>
>
> 2014-08-26 09:32:48,278 DEBUG
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <Performing
> LDAP bind with credential: CN=Christopher Wyatt
> Sterling,OU=Students,DC=ad,DC=georgiasouthern,DC=edu>
>
> 2014-08-26 09:32:48,536 INFO
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <Failed to
> authenticate user cs02357 with error [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773,
> v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP:
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 773, v1db1 ]>
>
> 2014-08-26 09:32:48,536 DEBUG
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <*No error
> definitions are defined*. Throwing error [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773,
> v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP:
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 773, v1db1 ]>
>
>
>
>
> On Tuesday, August 26, 2014 2:31:12 AM UTC-4, Misagh Moayyed wrote:
>
> Would you be able to turn on DEBUG in your logs?
>
>
>
> *From:* Christopher Sterling [mailto:[email protected]]
> *Sent:* Monday, August 25, 2014 2:06 PM
> *To:* [email protected]
> *Subject:* [cas-user] Help configuring LPPE in CAS 3.5.2.1
>
>
>
> So, We need some help trying to configure the LPPE module in CAS 3.5.2.1
> and I'm wondering if I can get some help.
>
>
>
> We followed the directions here:
> https://wiki.jasig.org/pages/viewpage.action?pageId=26149328
>
>
>
> Our pom.xml file: http://ss.chrissterling.me/2014-08-25_1650.png
>
>
>
> In the deployerConfigContext.xml file, we added the ref
> bean="lppeEnabledLdapAuthenticationHandler" />:
> http://ss.chrissterling.me/2014-08-25_1653.png
>
>
>
> For the lppe-configuration file, we took the one in the
> WEB-INF/unused-spring-configuration/lppe-configuration.xml and moved it to
> WEB-INF/spring-configuration/lppe-configuration.xml
>
>
>
> In lppe-configuration.xml, we added the error code block to the following
> code:
>
>
>
> <bean id="lppeEnabledLdapAuthenticationHandler"
> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>
> p:filter="${ldap.authentication.filter}"
>
> p:searchBase="${ldap.authentication.basedn}"
>
> p:contextSource-ref="contextSource"
>
> p:searchContextSource-ref="pooledContextSource"
>
>
>
> p:ignorePartialResultException="${ldap.authentication.ignorePartialResultException}">
>
> <property name="ldapErrorDefinitions">
>
> <list>
>
> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
>
> p:ldapPattern="data 530"
>
> p:type="badHours" />
>
>
>
> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
>
> p:ldapPattern="data 533"
>
> p:type="accountDisabled" />
>
>
>
> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
>
> p:ldapPattern="data 773"
>
> p:type="mustChangePassword" />
>
>
>
> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
>
> p:ldapPattern="data 775"
>
> p:type="accountLocked" />
>
>
>
> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
>
> p:ldapPattern="data 531"
>
> p:type="badWorkstation" />
>
>
>
> <bean class="org.jasig.cas.adaptors.ldap.LdapErrorDefinition"
>
> p:ldapPattern="data (701|532)"
>
> p:type="passwordExpired" />
>
> </list>
>
> </property>
>
> </bean>
>
>
> In the cas.properties we have the following settings:
> http://ss.chrissterling.me/2014-08-25_1655.png
>
>
>
> In the login-webflow.xml we put this in there:
> http://ss.chrissterling.me/2014-08-25_1658.png
>
>
>
> We haven't done the second replace, but will if suggested.
>
>
>
> When a user with an expired password tries to login, they get the
> following message: The credentials you provided cannot be determined to be
> authentic.
>
>
>
> And in the tomcat log, we get the following:
>
>
>
> 2014-08-25 14:14:59,317 INFO
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <Failed to
> authenticate user cs02357 with error [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773,
> v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP:
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 773, v1db1]>
>
> 2014-08-25 14:14:59,317 INFO
> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed
> authenticating [username: cs02357]>
>
> 2014-08-25 14:14:59,318 INFO
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
>
> =============================================================
>
> WHO: [username: cs02357]
>
> WHAT: supplied credentials: [username: cs02357]
>
> ACTION: AUTHENTICATION_FAILED
>
> APPLICATION: CAS
>
> WHEN: Mon Aug 25 14:14:59 EDT 2014
>
> CLIENT IP ADDRESS: 141.165.2.185
>
> SERVER IP ADDRESS: 141.165.6.22
>
> =============================================================
>
>
>
> >
>
>
>
> Now, I did notice, in our log, we do have these NUL values coming back as
> well: http://ss.chrissterling.me/2014-08-25_1704.png (note the arrows)
>
>
>
> Does anybody have any suggestions as to what we can do to see if we can
> get this fixed and working? Do you guys need anything else from me in the
> way of debugging?
>
>
>
>
>
> --
>
> You are currently subscribed to [email protected] as: [email protected]
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
>
> You are currently subscribed to [email protected] as:
> [email protected]
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
>
> --
>
> You are currently subscribed to [email protected] <javascript:> as:
> [email protected] <javascript:>
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to [email protected] <javascript:> as:
> [email protected] <javascript:>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
