In our environment sAMAccountName and CN are the same value. I had changed it from the default to cn for testing because it’s what I’d used in the past for other projects.
I tested with sAMAccountName again and I still get the AUTHENTICATION_HANDLER_SUCCESS, but “authentication handler failed authenticating”. When I changed the dnResolver’s format to just %s, the logs showed that authentication completely failed. Any other thoughts? Geoff From: Jay [mailto:[email protected]] Sent: Wednesday, October 29, 2014 12:23 PM To: [email protected] Subject: Re: [cas-user] AD Auth Handler Success, but failed to authenticate? I use p:principalIdAttribute="sAMAccountName" And I just pass username when login without @xxx.xxx Seems you are trying with cn. <bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" p:principalIdAttribute="sAMAccountName" c:authenticator-ref="authenticator"> https://jasig.github.io/cas/4.0.0/installation/LDAP-Authentication.html Cheers - Jay On Wed, Oct 29, 2014 at 4:10 PM, Whittaker, Geoffrey <[email protected]<mailto:[email protected]>> wrote: I’m trying to configure our AD authentication handler still and when I test it, I see the following in the cas.log. 2014-10-29 11:52:07,025 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - Attempting LDAP authentication for <username>+password 2014-10-29 11:52:07,025 DEBUG [org.jasig.cas.authentication.support.UpnSearchEntryResolver] - resolve criteria=[org.ldaptive.auth.AuthenticationCriteria@175296763::dn=<username>@sub.root.edu<http://sub.root.edu>, authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1982840750::user=<username>, retAttrs=[]]] 2014-10-29 11:52:07,025 DEBUG [org.jasig.cas.authentication.support.UpnSearchEntryResolver] - resolved result=[[]] for criteria=[org.ldaptive.auth.AuthenticationCriteria@175296763::dn=<username>@sub.root.edu<http://sub.root.edu>, authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1982840750::user=<username>, retAttrs=[]]] 2014-10-29 11:52:07,025 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response: [org.ldaptive.auth.AuthenticationResponse@100882638::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, ldapEntry=[dn=<username>@sub.root.edu<http://sub.root.edu>[]], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null] 2014-10-29 11:52:07,025 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - LdapAuthenticationHandler failed authenticating <username>+password 2014-10-29 11:52:07,025 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: supplied credentials: [<username>+password] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Wed Oct 29 11:52:07 EDT 2014 CLIENT IP ADDRESS: myIP SERVER IP ADDRESS: ServerIP I have included my ldap properties and my deployer config. I’m quite certain that I’m missing something simple. Can anyone point it out? Geoff -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
