My cas.log is attached. I turned on debugging and authenticated and just provided the captured information for that process. Also, since it may help. I am attaching my complete deployerConfigContext.xml file too. Hopefully this will help clarify my configuration and what I need to do. Thanks! Doug From: [email protected] Date: Wed, 14 Jan 2015 15:56:03 +0000 Subject: Re: [cas-user] CAS 4.0 w/ OpenLDAP won't return memberOf attribute To: [email protected]
If I use the manager account that is used to search the directory or the
credentials of the use who is logging in with ldapsearch, as long as I
explicitly request the memberOf attribute it gets returned.
Ok, then my hypothesis is apparently wrong. Requesting the additional
attributes at authentication time is still preferable for efficiency, so I
suggest you continue with that approach.
Are you saying that I should put all my attributes that I want returned here:
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
Correct.
When I did this I end up getting back just the values I specify in the stub,
not the values of LDAP.
Can you please put the org.jasig.cas.authentication and org.ldaptive packages
in debug and post the logs?
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
2015-01-14 10:03:31,309 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Attempting LDAP
authentication for roger.rabbit+password
2015-01-14 10:03:31,309 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Attempting LDAP
authentication for roger.rabbit+password
2015-01-14 10:03:31,314 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
resolve user=roger.rabbit
2015-01-14 10:03:31,316 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
searching for DN using userFilter
2015-01-14 10:03:31,329 DEBUG [org.ldaptive.SearchOperation] - execute
request=[org.ldaptive.SearchRequest@-349299973::baseDn=ou=casusers,dc=xyz,dc=net,
searchFilter=[org.ldaptive.SearchFilter@2101991669::filter=uid={user},
parameters={user=roger.rabbit}], returnAttributes=[1.1], searchScope=ONELEVEL,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1059929757::config=[org.ldaptive.ConnectionConfig@783971551::ldapUrl=ldap://vps-internal.xyz.net,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@1397683312::bindDn=cn=CAS,dc=xyz,dc=net,
bindSaslConfig=null, bindControls=null]],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@862574034::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@55894851::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@3a14456a],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1767172188::factory=sun.security.ssl.SSLSocketFactoryImpl@4563260a,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@70567e1c]
2015-01-14 10:03:31,357 DEBUG [org.ldaptive.SearchOperation] - execute
response=[org.ldaptive.Response@1642731964::result=[[[dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net[],
responseControls=null, messageId=-1]]], resultCode=SUCCESS, message=null,
matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for
request=[org.ldaptive.SearchRequest@-349299973::baseDn=ou=casusers,dc=xyz,dc=net,
searchFilter=[org.ldaptive.SearchFilter@2101991669::filter=uid={user},
parameters={user=roger.rabbit}], returnAttributes=[1.1], searchScope=ONELEVEL,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1059929757::config=[org.ldaptive.ConnectionConfig@783971551::ldapUrl=ldap://vps-internal.xyz.net,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@1397683312::bindDn=cn=CAS,dc=xyz,dc=net,
bindSaslConfig=null, bindControls=null]],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@862574034::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@55894851::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@3a14456a],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1767172188::factory=sun.security.ssl.SSLSocketFactoryImpl@4563260a,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@70567e1c]
2015-01-14 10:03:31,362 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
resolved dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net for user=roger.rabbit
2015-01-14 10:03:31,363 DEBUG [org.ldaptive.auth.Authenticator] - authenticate
dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net with
request=[org.ldaptive.auth.AuthenticationRequest@7445208::user=roger.rabbit,
retAttrs=[]]
2015-01-14 10:03:31,365 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - authenticate
criteria=[org.ldaptive.auth.AuthenticationCriteria@577559330::dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@7445208::user=roger.rabbit,
retAttrs=[]]]
2015-01-14 10:03:31,368 DEBUG [org.ldaptive.BindOperation] - execute
request=[org.ldaptive.BindRequest@413574870::bindDn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net,
saslConfig=null, controls=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1959184257::config=[org.ldaptive.ConnectionConfig@1587687223::ldapUrl=ldap://vps-internal.xyz.net,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1695758398::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1355915849::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@72f59012],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1472579764::factory=sun.security.ssl.SSLSocketFactoryImpl@79fbce70,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@2ae59a1]
2015-01-14 10:03:31,386 DEBUG [org.ldaptive.BindOperation] - execute
response=[org.ldaptive.Response@56697471::result=null, resultCode=SUCCESS,
message=null, matchedDn=null, responseControls=null, referralURLs=null,
messageId=-1] for
request=[org.ldaptive.BindRequest@413574870::bindDn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net,
saslConfig=null, controls=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1959184257::config=[org.ldaptive.ConnectionConfig@1587687223::ldapUrl=ldap://vps-internal.xyz.net,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1695758398::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1355915849::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@72f59012],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1472579764::factory=sun.security.ssl.SSLSocketFactoryImpl@79fbce70,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@2ae59a1]
2015-01-14 10:03:31,394 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@1579139476::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1959184257::config=[org.ldaptive.ConnectionConfig@1587687223::ldapUrl=ldap://vps-internal.xyz.net,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1695758398::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1355915849::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@72f59012],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1472579764::factory=sun.security.ssl.SSLSocketFactoryImpl@79fbce70,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@2ae59a1],
result=true, resultCode=SUCCESS, message=null, controls=null] for
criteria=[org.ldaptive.auth.AuthenticationCriteria@577559330::dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@7445208::user=roger.rabbit,
retAttrs=[]]]
2015-01-14 10:03:31,401 DEBUG [org.ldaptive.auth.SearchEntryResolver] - resolve
criteria=[org.ldaptive.auth.AuthenticationCriteria@577559330::dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@7445208::user=roger.rabbit,
retAttrs=[]]]
2015-01-14 10:03:31,404 DEBUG [org.ldaptive.SearchOperation] - execute
request=[org.ldaptive.SearchRequest@174312698::baseDn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net,
searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*),
parameters={}], returnAttributes=[], searchScope=OBJECT, timeLimit=0,
sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null,
sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null,
controls=null, followReferrals=false, intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1959184257::config=[org.ldaptive.ConnectionConfig@1587687223::ldapUrl=ldap://vps-internal.xyz.net,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1695758398::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1355915849::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@72f59012],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1472579764::factory=sun.security.ssl.SSLSocketFactoryImpl@79fbce70,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@2ae59a1]
2015-01-14 10:03:31,418 DEBUG [org.ldaptive.SearchOperation] - execute
response=[org.ldaptive.Response@938529742::result=[[[dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net[[uid[roger.rabbit]],
[sn[Rabbit]], [ssoGUID[4638A469-2789-4AA6-80AD-DB6A3EA82D2D]],
[cn[roger.rabbit]], [givenName[Roger]], [objectClass[casPerson]]],
responseControls=null, messageId=-1]]], resultCode=SUCCESS, message=null,
matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for
request=[org.ldaptive.SearchRequest@174312698::baseDn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net,
searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*),
parameters={}], returnAttributes=[], searchScope=OBJECT, timeLimit=0,
sizeLimit=0, derefAliases=null, typesOnly=false, binaryAttributes=null,
sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null,
controls=null, followReferrals=false, intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1959184257::config=[org.ldaptive.ConnectionConfig@1587687223::ldapUrl=ldap://vps-internal.xyz.net,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1695758398::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1355915849::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@72f59012],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1472579764::factory=sun.security.ssl.SSLSocketFactoryImpl@79fbce70,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@2ae59a1]
2015-01-14 10:03:31,423 DEBUG [org.ldaptive.auth.SearchEntryResolver] -
resolved
result=[[[dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net[[uid[roger.rabbit]],
[sn[Rabbit]], [ssoGUID[4638A469-2789-4AA6-80AD-DB6A3EA82D2D]],
[cn[roger.rabbit]], [givenName[Roger]], [objectClass[casPerson]]],
responseControls=null, messageId=-1]]] for
criteria=[org.ldaptive.auth.AuthenticationCriteria@577559330::dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@7445208::user=roger.rabbit,
retAttrs=[]]]
2015-01-14 10:03:31,423 INFO [org.ldaptive.auth.Authenticator] - Authentication
succeeded for dn: cn=roger.rabbit,ou=casusers,dc=xyz,dc=net
2015-01-14 10:03:31,429 DEBUG [org.ldaptive.auth.Authenticator] - authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@1579139476::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1959184257::config=[org.ldaptive.ConnectionConfig@1587687223::ldapUrl=ldap://vps-internal.xyz.net,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1695758398::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1355915849::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@72f59012],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1472579764::factory=sun.security.ssl.SSLSocketFactoryImpl@79fbce70,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@2ae59a1],
result=true, resultCode=SUCCESS, message=null, controls=null] for
dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net with
request=[org.ldaptive.auth.AuthenticationRequest@7445208::user=roger.rabbit,
retAttrs=[]]
2015-01-14 10:03:31,433 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response:
[org.ldaptive.auth.AuthenticationResponse@1098143506::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
ldapEntry=[dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net[[uid[roger.rabbit]],
[sn[Rabbit]], [ssoGUID[4638A469-2789-4AA6-80AD-DB6A3EA82D2D]],
[cn[roger.rabbit]], [givenName[Roger]], [objectClass[casPerson]]],
responseControls=null, messageId=-1], accountState=null, result=true,
resultCode=SUCCESS, message=null, controls=null]
2015-01-14 10:03:31,433 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - LDAP response:
[org.ldaptive.auth.AuthenticationResponse@1098143506::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
ldapEntry=[dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net[[uid[roger.rabbit]],
[sn[Rabbit]], [ssoGUID[4638A469-2789-4AA6-80AD-DB6A3EA82D2D]],
[cn[roger.rabbit]], [givenName[Roger]], [objectClass[casPerson]]],
responseControls=null, messageId=-1], accountState=null, result=true,
resultCode=SUCCESS, message=null, controls=null]
2015-01-14 10:03:31,435 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [uid[roger.rabbit]]
2015-01-14 10:03:31,435 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [uid[roger.rabbit]]
2015-01-14 10:03:31,436 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [ssoGUID[4638A469-2789-4AA6-80AD-DB6A3EA82D2D]]
2015-01-14 10:03:31,436 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [ssoGUID[4638A469-2789-4AA6-80AD-DB6A3EA82D2D]]
2015-01-14 10:03:31,437 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [givenName[Roger]]
2015-01-14 10:03:31,437 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [givenName[Roger]]
2015-01-14 10:03:31,439 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [sn[Rabbit]]
2015-01-14 10:03:31,439 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - Found principal
attribute: [sn[Rabbit]]
2015-01-14 10:03:31,442 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
LdapAuthenticationHandler successfully authenticated roger.rabbit+password
2015-01-14 10:03:31,442 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
LdapAuthenticationHandler successfully authenticated roger.rabbit+password
2015-01-14 10:03:31,442 DEBUG
[org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] -
Attempting to resolve a principal...
2015-01-14 10:03:31,442 DEBUG
[org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] -
Attempting to resolve a principal...
2015-01-14 10:03:31,443 DEBUG
[org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] -
Creating SimplePrincipal for [roger.rabbit]
2015-01-14 10:03:31,443 DEBUG
[org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver] -
Creating SimplePrincipal for [roger.rabbit]
2015-01-14 10:03:31,453 DEBUG [org.ldaptive.SearchOperation] - execute
request=[org.ldaptive.SearchRequest@-277308916::baseDn=ou=casusers,dc=xyz,dc=net,
searchFilter=[org.ldaptive.SearchFilter@-657486109::filter=uid={0},
parameters={0=roger.rabbit}], returnAttributes=[], searchScope=null,
timeLimit=0, sizeLimit=1, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1059929757::config=[org.ldaptive.ConnectionConfig@783971551::ldapUrl=ldap://vps-internal.xyz.net,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@1397683312::bindDn=cn=CAS,dc=xyz,dc=net,
bindSaslConfig=null, bindControls=null]],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@862574034::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@55894851::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@3a14456a],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1767172188::factory=sun.security.ssl.SSLSocketFactoryImpl@4563260a,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@70567e1c]
2015-01-14 10:03:31,465 DEBUG [org.ldaptive.SearchOperation] - execute
response=[org.ldaptive.Response@1373079681::result=[[[dn=cn=roger.rabbit,ou=casusers,dc=xyz,dc=net[[uid[roger.rabbit]],
[sn[Rabbit]], [ssoGUID[4638A469-2789-4AA6-80AD-DB6A3EA82D2D]],
[cn[roger.rabbit]], [givenName[Roger]], [objectClass[casPerson]]],
responseControls=null, messageId=-1]]], resultCode=SUCCESS, message=null,
matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for
request=[org.ldaptive.SearchRequest@-277308916::baseDn=ou=casusers,dc=xyz,dc=net,
searchFilter=[org.ldaptive.SearchFilter@-657486109::filter=uid={0},
parameters={0=roger.rabbit}], returnAttributes=[], searchScope=null,
timeLimit=0, sizeLimit=1, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1059929757::config=[org.ldaptive.ConnectionConfig@783971551::ldapUrl=ldap://vps-internal.xyz.net,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@1397683312::bindDn=cn=CAS,dc=xyz,dc=net,
bindSaslConfig=null, bindControls=null]],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@862574034::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@55894851::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@3a14456a],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1767172188::factory=sun.security.ssl.SSLSocketFactoryImpl@4563260a,
sslConfig=[org.ldaptive.ssl.SslConfig@1774842986::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1407113134::trustCertificates=file:/etc/pki/tls/certs/sub.class1.server.ca.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@70567e1c]
2015-01-14 10:03:31,492 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver@234ded29
resolved roger.rabbit from roger.rabbit+password
2015-01-14 10:03:31,492 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver@234ded29
resolved roger.rabbit from roger.rabbit+password
2015-01-14 10:03:31,496 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated
roger.rabbit with credentials [roger.rabbit+password].
2015-01-14 10:03:31,496 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated
roger.rabbit with credentials [roger.rabbit+password].
2015-01-14 10:03:31,497 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Attribute map
for roger.rabbit: {ssoGUID=4638A469-2789-4AA6-80AD-DB6A3EA82D2D,
givenname=Roger, surname=Rabbit}
2015-01-14 10:03:31,497 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Attribute map
for roger.rabbit: {ssoGUID=4638A469-2789-4AA6-80AD-DB6A3EA82D2D,
givenname=Roger, surname=Rabbit}
2015-01-14 10:03:31,499 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail
record BEGIN
=============================================================
WHO: audit:unknown
WHAT: supplied credentials: [roger.rabbit+password]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Wed Jan 14 10:03:31 MST 2015
CLIENT IP ADDRESS: 192.168.248.48
SERVER IP ADDRESS: vps-internal.xyz.net
=============================================================
2015-01-14 10:03:31,503 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail
record BEGIN
=============================================================
WHO: audit:unknown
WHAT: TGT-1-7fNtJBbcOjMwdjRzuYLk40lCdQkvD2f9NuFEYcv3eNlM9Z70Qb-cas01.example.org
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Jan 14 10:03:31 MST 2015
CLIENT IP ADDRESS: 192.168.248.48
SERVER IP ADDRESS: vps-internal.xyz.net
=============================================================
2015-01-14 10:03:31,510 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
Granted service ticket [ST-1-djA9tq70uw3h3Nv3oAR3-cas01.example.org] for
service [http://test.vps-internal.xyz.net:14007/] for user [roger.rabbit]
2015-01-14 10:03:31,511 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail
record BEGIN
=============================================================
WHO: roger.rabbit
WHAT: ST-1-djA9tq70uw3h3Nv3oAR3-cas01.example.org for
http://test.vps-internal.xyz.net:14007/
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Jan 14 10:03:31 MST 2015
CLIENT IP ADDRESS: 192.168.248.48
SERVER IP ADDRESS: vps-internal.xyz.net
=============================================================
2015-01-14 10:03:32,533 DEBUG
[org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
- Attempting to authenticate https://vps-internal.xyz.net/callback/
2015-01-14 10:03:32,533 DEBUG
[org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
- Attempting to authenticate https://vps-internal.xyz.net/callback/
2015-01-14 10:03:33,138 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
HttpBasedServiceCredentialsAuthenticationHandler successfully authenticated
https://vps-internal.xyz.net/callback/
2015-01-14 10:03:33,138 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
HttpBasedServiceCredentialsAuthenticationHandler successfully authenticated
https://vps-internal.xyz.net/callback/
2015-01-14 10:03:33,145 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
org.jasig.cas.authentication.principal.BasicPrincipalResolver@2f66243c resolved
https://vps-internal.xyz.net/callback/ from
https://vps-internal.xyz.net/callback/
2015-01-14 10:03:33,145 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
org.jasig.cas.authentication.principal.BasicPrincipalResolver@2f66243c resolved
https://vps-internal.xyz.net/callback/ from
https://vps-internal.xyz.net/callback/
2015-01-14 10:03:33,146 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated
https://vps-internal.xyz.net/callback/ with credentials
[https://vps-internal.xyz.net/callback/].
2015-01-14 10:03:33,146 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Authenticated
https://vps-internal.xyz.net/callback/ with credentials
[https://vps-internal.xyz.net/callback/].
2015-01-14 10:03:33,147 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Attribute map
for https://vps-internal.xyz.net/callback/: {}
2015-01-14 10:03:33,147 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Attribute map
for https://vps-internal.xyz.net/callback/: {}
2015-01-14 10:03:33,148 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail
record BEGIN
=============================================================
WHO: audit:unknown
WHAT: supplied credentials: [https://vps-internal.xyz.net/callback/]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Wed Jan 14 10:03:33 MST 2015
CLIENT IP ADDRESS: 172.16.1.214
SERVER IP ADDRESS: vps-internal.xyz.net
=============================================================
2015-01-14 10:03:33,152 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail
record BEGIN
=============================================================
WHO: roger.rabbit
WHAT: TGT-2-6osrPiDIx10hQsdfK0SwykyqoSJemBudm15xvj02deedAHivXn-cas01.example.org
ACTION: PROXY_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Jan 14 10:03:33 MST 2015
CLIENT IP ADDRESS: 172.16.1.214
SERVER IP ADDRESS: vps-internal.xyz.net
=============================================================
2015-01-14 10:03:33,174 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail
record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-1-djA9tq70uw3h3Nv3oAR3-cas01.example.org
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Wed Jan 14 10:03:33 MST 2015
CLIENT IP ADDRESS: 172.16.1.214
SERVER IP ADDRESS: vps-internal.xyz.net
=============================================================
2015-01-14 10:04:52,827 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered
services.
2015-01-14 10:04:52,832 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 1 services.
deployerConfigContext.xml
Description: XML document
