Re: [cas-user] LDAP SSL error with CAS 4.0

Venkatesh Babu KR Mon, 04 May 2015 01:03:06 -0700

Hi Daniel,

Thanks for sharing the link. It was helpful. I've configured our deployer
context on the same lines, but authentication fails with a
"NullPointerException". I'm not able to find the exception stack trace in
the log too, the exception is just getting printed in the audit log. Any
idea, why and where this exception is happening, how to resolve this? Given
below is the exception message in log file, and below that I've pasted
excerpts from our deployer context config.


Exception message:
===============

2015-05-04 12:33:13,295 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: supplied credentials: [soman.x.dubey+password]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Mon May 04 12:33:13 IST 2015
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>

2015-05-04 12:33:13,296 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: java.lang.NullPointerException
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Mon May 04 12:33:13 IST 2015
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

Deployer context excerpts:
====================
<bean id="hostnameVerifier"
    class="org.ldaptive.ssl.AllowAnyHostnameVerifier" />

<bean id="socketFactory" class="org.ldaptive.ssl.TLSSocketFactory"
      p:hostnameVerifier-ref="hostnameVerifier" />

<bean id="providerConfig"
class="org.ldaptive.provider.jndi.JndiProviderConfig"
      p:sslSocketFactory-ref="socketFactory" />

<bean id="provider" class="org.ldaptive.provider.jndi.JndiProvider"
      p:providerConfig-ref="providerConfig" />

<bean id="searchConnectionFactory"
      class="org.ldaptive.DefaultConnectionFactory"
      p:connectionConfig-ref="searchConnectionConfig"
      p:provider-ref="provider" />

<bean id="searchConnectionConfig" parent="abstractConnectionConfig"
      p:connectionInitializer-ref="searchConnectionInitializer" />
....
....

<bean id="bindConnectionFactory"
class="org.ldaptive.DefaultConnectionFactory"
      p:connectionConfig-ref="bindConnectionConfig"
      p:provider-ref="provider" />

<bean id="bindConnectionConfig" parent="abstractConnectionConfig" />

<bean id="abstractConnectionConfig" abstract="true"
class="org.ldaptive.ConnectionConfig"
      p:ldapUrl="ldap://ldaps.hma.com";
      p:connectTimeout="3000"
      p:useStartTLS="true"
      p:sslConfig-ref="sslConfig"/>

<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
    <property name="trustManagers">
        <list>
            <bean class="org.ldaptive.ssl.AllowAnyTrustManager"/>
        </list>
    </property>
    <!--
    <property name="credentialConfig">
        <bean class="org.ldaptive.ssl.KeyStoreCredentialConfig"

p:trustStore="file:///C:/Apps/Java/jdk1.7.0_21/jre/lib/security/jssecacerts"
        p:trustStorePassword="changeit" />
    </property>
    -->
</bean>

Regards,
Venkatesh


On Thu, Apr 23, 2015 at 8:14 AM, Daniel Fisher <[email protected]> wrote:

> On Wed, Apr 22, 2015 at 5:07 AM, Venkatesh Babu KR <[email protected]
> > wrote:
>
>> Hi,
>>
>> We are migrating to use CAS 4.0 with our ldap server, but running into
>> issues related to SSL/TLS.
>>
>> Earlier in CAS 3.5, we were able to resolve SSL selfsigned certificate
>> error by importing the certificate into our CA store, but now, the same is
>> not working. Given below at the bottom is snippet from the
>> deployerConfigContext.xml related to configuring SSL connection, however,
>> the CAS server throws exception saying:
>>
>> 2015-04-22 14:07:28,060 DEBUG
>> [org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory] - <Error
>> connecting to LDAP URL: ldap://ldaps.hma.com>
>>
>> [org.ldaptive.provider.ConnectionException@812461251::resultCode=null,
>> matchedDn=null, responseControls=null, referralURLs=null, messageId=-1,
>> providerException=javax.net.ssl.SSLPeerUnverifiedException: hostname of the
>> server 'ldaps.hma.com' does not match the hostname in the server's
>> certificate.]
>>
>
> Have a look at this thread:
> https://groups.google.com/forum/#!topic/jasig-cas-user/g3AWqzQVNLE
>
> --Daniel Fisher
>
> --
> You are currently subscribed to [email protected] as: 
> [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] LDAP SSL error with CAS 4.0

Reply via email to