Hello Carlos,
I join you my new deployer xml file.
And this is what I have in logs :
2015-09-17 22:17:26,133 DEBUG
[org.springframework.binding.mapping.impl.DefaultMapper] - <Beginning
mapping between source
[org.springframework.webflow.core.collection.LocalParameterMap] and
target [org.jasig.cas.authentication.UsernamePasswordCredential]>
2015-09-17 22:17:26,134 DEBUG
[org.springframework.binding.mapping.impl.DefaultMapping] - <Adding
mapping result [Success@51d92944 mapping = parameter:'username' ->
username, code = 'success', error = false, originalValue =
'guillaume.cheramy@mydomain', mappedValue = 'guillaume.cheramy@mydomain']>
2015-09-17 22:17:26,134 DEBUG
[org.springframework.binding.mapping.impl.DefaultMapping] - <Adding
mapping result [Success@8245957 mapping = parameter:'password' ->
password, code = 'success', error = false, originalValue = 'mypassword',
mappedValue = 'mypassword']>
2015-09-17 22:17:26,134 DEBUG
[org.springframework.binding.mapping.impl.DefaultMapper] - <Completing
mapping between source
[org.springframework.webflow.core.collection.LocalParameterMap] and
target [org.jasig.cas.authentication.UsernamePasswordCredential]; total
mappings = 2; total errors = 0>
2015-09-17 22:17:26,134 DEBUG
[org.springframework.beans.factory.support.DefaultListableBeanFactory] -
<Returning cached instance of singleton bean 'authenticationViaFormAction'>
2015-09-17 22:17:26,140 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler failed authenticating
guillaume.cheramy@mydomain+password>
2015-09-17 22:17:26,140 INFO
[org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
But auth fail again.
Le 17/09/2015 16:47, Carlos M. Fernández a écrit :
> Allo, Guillaume,
>
> It seems that the issue is caused by the constructor-arg for the
> authenticationManager bean, where you have:
>
> <entry key-ref="proxyAuthenticationHandler"
> value-ref="proxyPrincipalResolver" />
> <entry key-ref="primaryAuthenticationHandler"
> value-ref="primaryPrincipalResolver" />
> <entry key-ref="ldapAuthenticationHandler"
> value-ref="usernamePasswordCredentialsResolver" />
>
> Your authentication attempt goes through the primaryAuthenticationHandler
> and fails. Since you want to use LDAP, and already have the LDAP handler
> there, simply comment out the entry for the primaryAuthenticationHandler
> and the referenced beans (primaryAuthenticationHandler,
> primaryPrincipalResolver). If you also want to use the same LDAP directory
> for attribute resolution, change the value-ref for the
> ldapAuthenticationHandler entry to "#{ null }" and comment out the
> usernamePasswordCredentialsResolver bean.
>
> Best regards,
> --
> Carlos.
>
> -----Original Message-----
> From: Guillaume Chéramy [mailto:[email protected]]
> Sent: Thursday, 17 September, 2015 09:27
> To: [email protected]
> Subject: [cas-user] Aperao CAS 4.1.0-RC2 with LDAP backend : Invalid
> Credential
>
> Hello,
>
> I'll test to install CAS 4 with LDAP backend for testing before
> migration from CAS 3.4.
>
> So I install CAS with simple-cas4-overlay adapted for LDAP. There is my
> deployerConfigContext.xml in joint file.
>
> All start well and I arrive on CAS login page. But when I put my login
> (uid) and my password I have always a Invalid credentials but :
> => I can saw request to LDAP in logs
> => if I test a ldapsearch with the same user all is good
>
> Where is my mistake ?
>
> Thanks for you're help.
>
> Sincerely
>
> guidtz
>
>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected] To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to Apereo under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Apereo licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xmlns:c="http://www.springframework.org/schema/c";
xmlns:tx="http://www.springframework.org/schema/tx";
xmlns:util="http://www.springframework.org/schema/util";
xmlns:sec="http://www.springframework.org/schema/security";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd";>
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<entry key-ref="ldapAuthenticationHandler"><null/></entry>
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
<bean id="proxyAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="supportsTrustStoreSslSocketFactoryHttpClient" />
<bean id="proxyPrincipalResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
<bean id="usernamePasswordCredentialsResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
<bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
<entry>
<key><value>memberOf</value></key>
<list>
<value>faculty</value>
<value>staff</value>
<value>org</value>
</list>
</entry>
</util:map>
<bean id="serviceRegistryDao" class="org.jasig.cas.services.JsonServiceRegistryDao"
c:configDirectory="${service.registry.config.location:classpath:services}" />
<bean id="auditTrailManager" class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
<bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />
<util:list id="monitorsList">
<bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" />
<bean class="org.jasig.cas.monitor.SessionMonitor"
p:ticketRegistry-ref="ticketRegistry"
p:serviceTicketCountWarnThreshold="5000"
p:sessionCountWarnThreshold="100000" />
</util:list>
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="uid"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<entry key="uid" value="uid" />
<entry key="mail" value="mail" />
<entry key="displayName" value="displayName" />
</map>
</property>
</bean>
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="dnResolver"
c:handler-ref="authHandler" />
<bean id="dnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
p:baseDn="${ldap.baseDn}"
p:subtreeSearch="true"
p:allowMultipleDns="false"
p:connectionFactory-ref="searchPooledLdapConnectionFactory"
p:userFilter="${ldap.authn.searchFilter}" />
<bean id="searchPooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="searchConnectionPool" />
<bean id="searchConnectionPool" parent="abstractConnectionPool"
p:connectionFactory-ref="searchConnectionFactory" />
<bean id="searchConnectionFactory"
class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="searchConnectionConfig" />
<bean id="searchConnectionConfig" parent="abstractConnectionConfig"
p:connectionInitializer-ref="bindConnectionInitializer" />
<bean id="bindConnectionInitializer"
class="org.ldaptive.BindConnectionInitializer"
p:bindDn="${ldap.authn.managerDn}">
<property name="bindCredential">
<bean class="org.ldaptive.Credential"
c:password="${ldap.authn.managerPassword}" />
</property>
</bean>
<bean id="abstractConnectionPool" abstract="true"
class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize"
p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="${ldap.pool.blockWaitTime}"
p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy" />
<bean id="abstractConnectionConfig" abstract="true"
class="org.ldaptive.ConnectionConfig"
p:ldapUrl="${ldap.url}"
p:connectTimeout="${ldap.connectTimeout}"
p:useStartTLS="${ldap.useStartTLS}"
p:sslConfig-ref="sslConfig" />
<bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
p:minPoolSize="${ldap.pool.minSize}"
p:maxPoolSize="${ldap.pool.maxSize}"
p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
p:validatePeriodically="${ldap.pool.validatePeriodically}"
p:validatePeriod="${ldap.pool.validatePeriod}" />
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="${ldap.trustedCert}" />
</property>
</bean>
<bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
p:prunePeriod="${ldap.pool.prunePeriod}"
p:idleTime="${ldap.pool.idleTime}" />
<bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
<bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler"
p:connectionFactory-ref="bindPooledLdapConnectionFactory" />
<bean id="bindPooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="bindConnectionPool" />
<bean id="bindConnectionPool" parent="abstractConnectionPool"
p:connectionFactory-ref="bindConnectionFactory" />
<bean id="bindConnectionFactory"
class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="bindConnectionConfig" />
<bean id="bindConnectionConfig" parent="abstractConnectionConfig" />
</beans>
