Hi Kate,
I've just passed this through, after smashing my head a few hours
against the wall :-) In order to have the 4.1.x LDAP authentication
working, you should deploy SAML configuration as well. Just follow the
instructions at
http://jasig.github.io/cas/4.1.x/protocol/SAML-Protocol.html, afterwards
the authentication should work.
Regards,
Nicolás
El 22/09/15 a las 20:09, Kate Gray escribió:
Hello,
I have set up a minimal OpenLDAP installation and attempted to follow
the 4.1 authentication instructions. I have a simple test setup,
where the DN is in a format string to make things easier.
Authentication itself seems to succeed immediately, but the handler
still fails, saying the attribute is missing. The error logs look
like this:
2015-09-22 14:57:03,634 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@255464314::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1497009408::config=[org.ldaptive.ConnectionConfig@1452978425::ldapUrl=ldap://ldap-01.corecodec.com/,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@175268509::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@505154363::trustCertificates=file://etc/ssl/certs/ldap.crt,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1814265440::metadata=[ldapUrl=ldap://ldap-01.corecodec.com/,
count=1],
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@238946327::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@15592091,
controlProcessor=org.ldaptive.provider.ControlProcessor@50d692d0,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1685441284::factory=sun.security.ssl.SSLSocketFactoryImpl@7163a722,
sslConfig=[org.ldaptive.ssl.SslConfig@175268509::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@505154363::trustCertificates=file://etc/ssl/certs/ldap.crt,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@a85254f],
result=true, resultCode=SUCCESS, message=null, controls=null] for
criteria=[org.ldaptive.auth.AuthenticationCriteria@1495557037::dn=uid=test,ou=users,dc=identity,dc=corecodec,dc=com,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@153672333::user=test,
retAttrs=[1.1]]]>
2015-09-22 14:57:03,637 INFO [org.ldaptive.auth.Authenticator] -
<Authentication succeeded for dn:
uid=test,ou=users,dc=identity,dc=corecodec,dc=com>
2015-09-22 14:57:03,649 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@255464314::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1497009408::config=[org.ldaptive.ConnectionConfig@1452978425::ldapUrl=ldap://ldap-01.corecodec.com/,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@175268509::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@505154363::trustCertificates=file://etc/ssl/certs/ldap.crt,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1814265440::metadata=[ldapUrl=ldap://ldap-01.corecodec.com/,
count=1],
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@238946327::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@15592091,
controlProcessor=org.ldaptive.provider.ControlProcessor@50d692d0,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1685441284::factory=sun.security.ssl.SSLSocketFactoryImpl@7163a722,
sslConfig=[org.ldaptive.ssl.SslConfig@175268509::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@505154363::trustCertificates=file://etc/ssl/certs/ldap.crt,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@a85254f],
result=true, resultCode=SUCCESS, message=null, controls=null] for
dn=uid=test,ou=users,dc=identity,dc=corecodec,dc=com with
request=[org.ldaptive.auth.AuthenticationRequest@153672333::user=test,
retAttrs=[1.1]]>
2015-09-22 14:57:03,651 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - <LDAP
response:
[org.ldaptive.auth.AuthenticationResponse@992560313::authenticationResultCode=AUTHENTICATION_HANDLER_SUCCESS,
ldapEntry=[dn=uid=test,ou=users,dc=identity,dc=corecodec,dc=com[]],
accountState=null, result=true, resultCode=SUCCESS, message=null,
controls=null]>
2015-09-22 14:57:03,658 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler failed authenticating test+password>
2015-09-22 14:57:03,658 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler exception details: uid attribute not found
for test>
I’ve spent a number of hours on this so far, but I’m stumped. I’m
wondering if any one has experienced this problem, and might know what
I’m missing. My full deployerConfigContext is at
https://gist.github.com/kategray/ff9e9189726c4cb8ce55 .
Kate
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
