You need to make sure the authentication handler is retrieving that attribute for you. Just because it’s in LDAP it doesn’t mean CAS will get it for you automatically.
From: Nicolás [mailto:[email protected]] Sent: Saturday, September 19, 2015 8:35 AM To: [email protected] Subject: Re: [cas-user] LDAP authentication succeeded but CAS says it's not There it goes: 2015-09-19 16:28:42,603 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP authentication for myuser+password> 2015-09-19 16:28:42,604 DEBUG [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for myuser with uid=%s,cn=...,dc=...,dc=...> 2015-09-19 16:28:42,605 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]> 2015-09-19 16:28:42,605 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate criteria=[org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=> ..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]]> 2015-09-19 16:28:42,607 DEBUG [org.ldaptive.BindOperation] - <execute request=[org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7> , controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c> ]> 2015-09-19 16:28:42,616 DEBUG [org.ldaptive.BindOperation] - <execute response=[org.ldaptive.Response@1228828549::result=null, resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1463714762::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7> , controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c> ]> 2015-09-19 16:28:42,618 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.Defau<authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7, controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c], result=true, resultCode=SUCCESS, message=null, controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@45829884::dn=uid=myuser,cn=...,dc=...,dc=..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]]> 2015-09-19 16:28:42,619 INFO [org.ldaptive.auth.Authenticator] - <Authentication succeeded for dn: uid=myuser,cn=...,dc=...,dc=...> 2015-09-19 16:28:42,625 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@571189844::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1061882219::config=[org.ldaptive.ConnectionConfig@1110730474::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@2102224415::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1684782461::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@305841a7> , controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@45c503f0> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@5d658d0c> ], result=true, resultCode=SUCCESS, message=null, controls=null] for dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@688444560::user=myuser, retAttrs=[1.1]]> 2015-09-19 16:28:42,626 DEBUG [org.jasig.cas.authentication.LdapAuthenticationHandler] - <LDAP response: [org.ldaptive.auth.AuthenticationResponse@735806018::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS, ldapEntry=[dn=uid=myuser,cn=...,dc=...,dc=...[]], accountState=null, result=true, resultCode=SUCCESS, message=null, controls=null]> 2015-09-19 16:28:42,627 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating myuser+password> 2015-09-19 16:28:42,627 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler exception details: uid attribute not found for myuser> 2015-09-19 16:28:42,628 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [UsernamePasswordCredential] for audit> 2015-09-19 16:28:42,637 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: supplied credentials: [myuser+password] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Sat Sep 19 16:28:42 WEST 2015 CLIENT IP ADDRESS: 192.168.1.111 SERVER IP ADDRESS: 192.168.1.40 ============================================================= > 2015-09-19 16:28:42,639 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [UsernamePasswordCredential] for audit> 2015-09-19 16:28:42,640 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: 1 errors, 0 successes ACTION: TICKET_GRANTING_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Sat Sep 19 16:28:42 WEST 2015 CLIENT IP ADDRESS: 192.168.1.111 SERVER IP ADDRESS: 192.168.1.40 ============================================================= I noticed that now there's a line saying this: 2015-09-19 16:28:42,627 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler exception details: uid attribute not found for myuser> However, this attribute is indeed present in the LDAP directory for that user and it's accessible by everyone: uid: myuser Thanks. El 19/09/15 a las 15:38, Misagh Moayyed escribió: Change org.jasig.cas to DEBUG and report back please. From: Nicolás [mailto:[email protected]] Sent: Saturday, September 19, 2015 6:30 AM To: [email protected] <mailto:[email protected]> Subject: [cas-user] LDAP authentication succeeded but CAS says it's not Hi, I'm having some issue configuring LDAP authentication on CAS 4.1.0. I must say I had this configuration working on 4.0.4 but for some reason, even when successfully authenticating vs. LDAP, CAS says the credentials are not right. This is what I did: 1) deployerConfigContext.xml: Inside the authenticationManager bean, this is the map defined: <constructor-arg> <map> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="ldapAuthenticationHandler" value="#{null}" /> </map> </constructor-arg> 2) deployerConfigContext.xml: Copied and pasted the LDAP support direct bind (http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html#ldap-supporting-direct-bind) config, except that I removed the p:sslConfig-ref="sslConfig" part and the corresponding sslConfig bean, because I'm not using SSL over LDAP. 3) pom.xml: Added the corresponding dependency: <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-support-ldap</artifactId> <version>${cas.version}</version> </dependency> 4) cas.properties: I customized any needed properties, as I had it in my 4.0.4 working configuration. Now, I access /cas and authenticate, and CAS says the credentials are not right. I had a look at the authentication log and I found the binding be successfull as far as LDAP goes as you can see here: Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND anonymous mech=implicit ssf=0 Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND dn="uid=myuser,cn=...,dc=...,dc=..." method=128 Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 BIND dn="uid=myuser,cn=...,dc=...,dc=..." mech=SIMPLE ssf=0 Sep 19 14:07:15 machine slapd[22970]: conn=1004 op=1 RESULT tag=97 err=0 text= I decide to activate the debugging as mentioned in the Troubleshooting page of the LDAP configuration, and I see the following: 2015-09-19 14:07:15,636 DEBUG [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for myuser with uid=%s,cn=...,dc=...,dc=...> 2015-09-19 14:07:15,637 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]> 2015-09-19 14:07:15,637 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate criteria=[org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=> ..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]]> 2015-09-19 14:07:15,639 DEBUG [org.ldaptive.BindOperation] - <execute request=[org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ]> 2015-09-19 14:07:15,643 DEBUG [org.ldaptive.BindOperation] - <execute response=[org.ldaptive.Response@1182007988::result=null, resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1] for request=[org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.BindRequest@1670297304::bindDn=uid=myuser,cn=...,dc=...,dc=> ..., saslConfig=null, controls=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ]> 2015-09-19 14:07:15,645 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.Defa<authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ], result=true, resultCode=SUCCESS, message=null, controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc= <mailto:org.ldaptive.auth.AuthenticationCriteria@1404709825::dn=uid=myuser,cn=...,dc=...,dc=> ..., authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]]> 2015-09-19 14:07:15,660 INFO [org.ldaptive.auth.Authenticator] - <Authentication succeeded for dn: uid=myuser,cn=...,dc=...,dc=...> 2015-09-19 14:07:15,662 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@1784519566::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1313776513::config=[org.ldaptive.ConnectionConfig@257920952::ldapUrl=ldap://localhost, connectTimeout=3000, responseTimeout=-1, sslConfig=null, useSSL=false, useStartTLS=false, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@972029714::metadata=[ldapUrl=ldap://localhost, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@995300469::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2 <mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@65f55fd2> , controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587 <mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5ae33587> , environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0 <mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@4b642bc0> ], result=true, resultCode=SUCCESS, message=null, controls=null] for dn=uid=myuser,cn=...,dc=...,dc=... with request=[org.ldaptive.auth.AuthenticationRequest@954293603::user=myuser, retAttrs=[1.1]]> 2015-09-19 14:07:15,664 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <LdapAuthenticationHandler failed authenticating myuser+password> 2015-09-19 14:07:15,665 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: supplied credentials: [myuser+password] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Sat Sep 19 14:07:15 WEST 2015 CLIENT IP ADDRESS: 192.168.1.X SERVER IP ADDRESS: 192.168.1.X ============================================================= > 2015-09-19 14:07:15,667 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: 1 errors, 0 successes ACTION: TICKET_GRANTING_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Sat Sep 19 14:07:15 WEST 2015 CLIENT IP ADDRESS: 192.168.1.X SERVER IP ADDRESS: 192.168.1.X ============================================================= So if CAS says that the authentication succeeded at first, why LdapAuthenticationHandler fails? Any hint will be very appreciated since I'm a bit lost right now. Thanks, Nicolás -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
