Hi all,
I am running a CAS 3.1.1 server on Tomcat 5.5.26. The
deployerConfigContext.xml is configured to check user authentication on
3 M$ Active Directories thru 3 LDAP authentication handlers.
This works fine if the user/password match one of the 3 AD. But if the
password is mistyped (or a bad username), CAS returns an exception (HTTP
500) instead of the default red error message "The credentials you
provided cannot be determined to be authentic."
I have tested with only 1 LDAP authentication handler and the warning
message is returned well (No HTTP 500 exception).
As soon as I configure 2 LDAP authentication handlers, the HTTP 500
exception occurs.
Below is the exception returned when 2 LDAP are configured and when I
mistype a password + an example of my deployerConfigContext.xml using 2
LDAP authentication handlers.
Any idea why this HTTP 500 exception occurs? Missing configuration
parameters?
Best
Chris
----------------------------
Etat HTTP 500 -
type Rapport d'exception
message
description Le serveur a rencontré une erreur interne () qui l'a empêché
de satisfaire la requête.
exception
org.springframework.web.util.NestedServletException: Request processing
failed; nested exception is
org.springframework.webflow.engine.ActionExecutionException: Exception
thrown executing [EMAIL PROTECTED] targetAction =
[EMAIL PROTECTED], attributes =
map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
action execution attributes were 'map['method' -> 'submit']'; nested
exception is org.springframework.ldap.UncategorizedLdapException:
Operation failed; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
vece�]
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:487)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
cause mère
org.springframework.webflow.engine.ActionExecutionException: Exception
thrown executing [EMAIL PROTECTED] targetAction =
[EMAIL PROTECTED], attributes =
map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
action execution attributes were 'map['method' -> 'submit']'; nested
exception is org.springframework.ldap.UncategorizedLdapException:
Operation failed; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
vece�]
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:68)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245)
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172)
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
cause mère
org.springframework.ldap.UncategorizedLdapException: Operation failed;
nested exception is javax.naming.AuthenticationException: [LDAP: error
code 49 - 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece�]
org.springframework.ldap.DefaultNamingExceptionTranslator.translate(DefaultNamingExceptionTranslator.java:93)
org.springframework.ldap.support.AbstractContextSource.createContext(AbstractContextSource.java:204)
org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:104)
org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:67)
org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:56)
org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:58)
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:84)
org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:383)
org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:107)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103)
org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136)
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245)
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172)
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
cause mère
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
vece�]
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
javax.naming.InitialContext.init(InitialContext.java:223)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
org.springframework.ldap.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:59)
org.springframework.ldap.support.AbstractContextSource.createContext(AbstractContextSource.java:193)
org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:104)
org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:67)
org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:56)
org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:58)
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:84)
org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:383)
org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:107)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103)
org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136)
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245)
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172)
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
note La trace complète de la cause mère de cette erreur est disponible
dans les fichiers journaux de Apache Tomcat/5.5.26.
Apache Tomcat/5.5.26
------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<!-- BEGIN: Company AD EUROPE Handler -->
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="sAMAccountName=%u" />
<property name="searchBase"
value="OU=Subsidiaries,DC=eu,DC=company,DC=com" />
<property name="contextSource" ref="contextSourceEU" />
<property name="ignorePartialResultException" value="yes" />
</bean>
<!-- END: Company AD EUROPE Handler -->
<!-- BEGIN: Company AD AMERICA Handler -->
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="sAMAccountName=%u" />
<property name="searchBase"
value="OU=Subsidiaries,DC=am,DC=company,DC=com" />
<property name="contextSource" ref="contextSourceAM" />
<property name="ignorePartialResultException" value="yes" />
</bean>
<!-- END: Company AD AMERICA Handler -->
</list>
</property>
</bean>
<!-- BEGIN: Company AD EUROPE AuthenticatedLdapContextSource -->
<bean id="contextSourceEU"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldap://sdceuces01.eu.company.com/</value>
</list>
</property>
<property name="userName" value="CN=eu_svc,OU=System
Services,OU=Users,OU=Users
Groups,OU=FRA,OU=Subsidiaries,DC=eu,DC=company,DC=com"/>
<property name="password" value="***********"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
<!-- END: Company AD EUROPE AuthenticatedLdapContextSource -->
<!-- BEGIN: Company AD AMERICA AuthenticatedLdapContextSource -->
<bean id="contextSourceAM"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldap://sdcamces01.am.company.com/</value>
</list>
</property>
<property name="userName" value="CN=am_svc,OU=System
Services,OU=Users,OU=Users
Groups,OU=USA,OU=Subsidiaries,DC=am,DC=company,DC=com"/>
<property name="password" value="**************"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
<!-- END: Company AD AMERICA AuthenticatedLdapContextSource -->
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
</value>
</property>
</bean>
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.StubPersonAttributeDao">
<property name="backingMap">
<map>
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
</map>
</property>
</bean>
<bean
id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
</beans>
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
