[cas-user] Connection refused with Consul
Hi there ! I am trying to configure CAS 5.3.10 (Docker) with Consul (docker), but I have this error : Connect to localhost:8500 [localhost/127.0.0.1] failed: Connection refused (Connection refused) This is very strange because I have configured cas.properties file like this : spring.cloud.consul.port=443 spring.cloud.consul.enabled=true spring.cloud.consul.host=consul.mydomain.fr spring.cloud.consul.config.enabled=true spring.cloud.consul.config.prefix=prod/cas/config spring.cloud.consul.config.defaultContext=apps spring.cloud.consul.config.profileSeparator=:: spring.cloud.consul.config.watch.delay=1000 spring.cloud.consul.config.watch.enabled=false What I have wrong ? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7e9743fc-0d83-481b-96e1-5451c32596fb%40apereo.org.
[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback
It's ok, it works with this cas.properties config :
cas.authn.ldap[0].name=LDAP
cas.authn.ldap[0].order=0
cas.authn.ldap[0].ldapUrl=ldap://ad1.my.domain ldap://ad2.my.domain
cas.authn.ldap[0].bindDn=cn=users,ou=application,dc=my,dc=domain
cas.authn.ldap[0].baseDn="ou=application,dc=my,dc=domain"
cas.authn.ldap[0].searchFilter="sAMAccountName={user}"
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].dnFormat="%s@MY.DOMAIN"
cas.authn.ldap[0].principalAttributeList="sAMAccountName"
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].subtreeSearch=true
Le vendredi 11 octobre 2019 16:38:53 UTC+2, Kevin Imbrechts a écrit :
>
> I have delete JAAS config and I put LDAP config.
> My pom.xml
>
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
>
>
> My cas.properties
> cas.authn.ldap[0].name=LDAP
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].ldapUrl=ldap://ad1.my.domain ldap://ad2.my.domain
> cas.authn.ldap[0].bindDn="cn=user-apereo-cas"
> cas.authn.ldap[0].baseDn="ou=application,dc=my,dc=domain"
> cas.authn.ldap[0].searchFilter="sAMAccountName={user}"
> cas.authn.ldap[0].type=AD
> cas.authn.ldap[0].dnFormat="%s@MY.DOMAIN"
> cas.authn.ldap[0].principalAttributeList="sAMAccountName"
> cas.authn.ldap[0].useSsl=false
>
> I have this error :
> 2019-10-11 16:22:04,823 DEBUG
> [org.apereo.cas.authentication.support.DefaultLdapAccountStateHandler] -
> [[org.ldaptive.auth.AuthenticationResponse@690116111::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
>
> resolvedDn="kevinimbrechts@MY.DOMAIN",
> ldapEntry=[dn="kevinimbrechts@MY.DOMAIN"[]], accountState=null,
> result=false, resultCode=INVALID_CREDENTIALS,
> message=javax.naming.AuthenticationException: [LDAP: error code 49 -
> 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
> data 52e, v2580], controls=null]]>
>
> Very strange...
>
> Le jeudi 10 octobre 2019 16:12:36 UTC+2, Kevin Imbrechts a écrit :
>>
>> In my /etc/cas/config/jaas.config file, I've this config :
>> MY.DOMAIN <http://SIDEN.INT> {
>> com.sun.security.auth.module.Krb5LoginModule sufficient
>> refreshKrb5Config=TRUE
>> useTicketCache=TRUE
>> renewTGT=TRUE
>> useKeyTab=TRUE
>> doNotPrompt=FALSE
>> keyTab=/etc/cas/config/cas.HTTP.keytab
>> storeKey=FALSE
>> principal="uid=usr-docker,dc=my,dc=domain"
>> debug=TRUE;
>> };
>>
>> My run-cas.sh script execute cas.war like this :
>> exec java -Djava.security.auth.login.config=/etc/cas/config/jaas.config
>> -jar /cas-overlay/target/cas.war
>>
>> And my JAAS config from /etc/cas/config/cas.properties :
>> # JAAS Config
>> cas.authn.jaas[0].realm=MY.REALM
>> cas.authn.jaas[0].kerberosKdcSystemProperty=ad1.my.domain
>> cas.authn.jaas[0].kerberosRealmSystemProperty=MY.REALM
>> cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/jaas.config
>>
>> Thanks
>>
>>
>>
>> Le jeudi 10 octobre 2019 16:03:51 UTC+2, Kevin Imbrechts a écrit :
>>>
>>> Ok I think I found the error :
>>> 2019-10-10 15:56:38,737 DEBUG
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
>>> for MY.REALM].>
>>> 2019-10-10 15:56:38,737 DEBUG
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
>>> for MY.REALM].>
>>> 2019-10-10 15:56:38,738 DEBUG
>>> [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - >> authentication handler failure under key [JaasAuthenticationHandler]>
>>>
>>> How to configure a LoginModule ?
>>>
>>> Le jeudi 10 octobre 2019 15:37:25 UTC+2, Kevin Imbrechts a écrit :
>>>>
>>>> I tried, but I can't do it. Nobody can help me ? :(
>>>>
>>>> Le mercredi 9 octobre 2019 19:10:43 UTC+2, Kevin Imbrechts a écrit :
>>>>>
>>>>> JAAS is a Java standard authentication and authorization API. JAAS is
>>>>> configured via externalized plain text configuration file.
>>>>>
>>>>>
>>>>> https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html
>>>>>
>>>>> I think CAS attempts to use another authentication support but I don't
>>>>> know why...
>>>>>
>>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ff1e195e-0dfe-4d89-8a74-bee653a98cf7%40apereo.org.
[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback
It's ok, it works with this cas.properties config :
cas.authn.ldap[0].name=LDAP
cas.authn.ldap[0].order=0
cas.authn.ldap[0].ldapUrl=ldap://ad1.my.domain ldap://ad2.my.domain
cas.authn.ldap[0].bindDn="cn=users,ou=application,dc=my,dc=domain"
cas.authn.ldap[0].baseDn="ou=application,dc=my,dc=domain"
cas.authn.ldap[0].searchFilter="sAMAccountName={user}"
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].dnFormat="%s@MY.DOMAIN"
cas.authn.ldap[0].principalAttributeList="sAMAccountName"
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].subtreeSearch=true
Le vendredi 11 octobre 2019 16:38:53 UTC+2, Kevin Imbrechts a écrit :
>
> I have delete JAAS config and I put LDAP config.
> My pom.xml
>
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
>
>
> My cas.properties
> cas.authn.ldap[0].name=LDAP
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].ldapUrl=ldap://ad1.my.domain ldap://ad2.my.domain
> cas.authn.ldap[0].bindDn="cn=user-apereo-cas"
> cas.authn.ldap[0].baseDn="ou=application,dc=my,dc=domain"
> cas.authn.ldap[0].searchFilter="sAMAccountName={user}"
> cas.authn.ldap[0].type=AD
> cas.authn.ldap[0].dnFormat="%s@MY.DOMAIN"
> cas.authn.ldap[0].principalAttributeList="sAMAccountName"
> cas.authn.ldap[0].useSsl=false
>
> I have this error :
> 2019-10-11 16:22:04,823 DEBUG
> [org.apereo.cas.authentication.support.DefaultLdapAccountStateHandler] -
> [[org.ldaptive.auth.AuthenticationResponse@690116111::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
>
> resolvedDn="kevinimbrechts@MY.DOMAIN",
> ldapEntry=[dn="kevinimbrechts@MY.DOMAIN"[]], accountState=null,
> result=false, resultCode=INVALID_CREDENTIALS,
> message=javax.naming.AuthenticationException: [LDAP: error code 49 -
> 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
> data 52e, v2580], controls=null]]>
>
> Very strange...
>
> Le jeudi 10 octobre 2019 16:12:36 UTC+2, Kevin Imbrechts a écrit :
>>
>> In my /etc/cas/config/jaas.config file, I've this config :
>> MY.DOMAIN <http://SIDEN.INT> {
>> com.sun.security.auth.module.Krb5LoginModule sufficient
>> refreshKrb5Config=TRUE
>> useTicketCache=TRUE
>> renewTGT=TRUE
>> useKeyTab=TRUE
>> doNotPrompt=FALSE
>> keyTab=/etc/cas/config/cas.HTTP.keytab
>> storeKey=FALSE
>> principal="uid=usr-docker,dc=my,dc=domain"
>> debug=TRUE;
>> };
>>
>> My run-cas.sh script execute cas.war like this :
>> exec java -Djava.security.auth.login.config=/etc/cas/config/jaas.config
>> -jar /cas-overlay/target/cas.war
>>
>> And my JAAS config from /etc/cas/config/cas.properties :
>> # JAAS Config
>> cas.authn.jaas[0].realm=MY.REALM
>> cas.authn.jaas[0].kerberosKdcSystemProperty=ad1.my.domain
>> cas.authn.jaas[0].kerberosRealmSystemProperty=MY.REALM
>> cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/jaas.config
>>
>> Thanks
>>
>>
>>
>> Le jeudi 10 octobre 2019 16:03:51 UTC+2, Kevin Imbrechts a écrit :
>>>
>>> Ok I think I found the error :
>>> 2019-10-10 15:56:38,737 DEBUG
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
>>> for MY.REALM].>
>>> 2019-10-10 15:56:38,737 DEBUG
>>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>>> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
>>> for MY.REALM].>
>>> 2019-10-10 15:56:38,738 DEBUG
>>> [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - >> authentication handler failure under key [JaasAuthenticationHandler]>
>>>
>>> How to configure a LoginModule ?
>>>
>>> Le jeudi 10 octobre 2019 15:37:25 UTC+2, Kevin Imbrechts a écrit :
>>>>
>>>> I tried, but I can't do it. Nobody can help me ? :(
>>>>
>>>> Le mercredi 9 octobre 2019 19:10:43 UTC+2, Kevin Imbrechts a écrit :
>>>>>
>>>>> JAAS is a Java standard authentication and authorization API. JAAS is
>>>>> configured via externalized plain text configuration file.
>>>>>
>>>>>
>>>>> https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html
>>>>>
>>>>> I think CAS attempts to use another authentication support but I don't
>>>>> know why...
>>>>>
>>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e379f581-9ff3-46cc-970a-d00ae9e837ac%40apereo.org.
[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback
I have delete JAAS config and I put LDAP config.
My pom.xml
org.apereo.cas
cas-server-support-ldap
${cas.version}
My cas.properties
cas.authn.ldap[0].name=LDAP
cas.authn.ldap[0].order=0
cas.authn.ldap[0].ldapUrl=ldap://ad1.my.domain ldap://ad2.my.domain
cas.authn.ldap[0].bindDn="cn=user-apereo-cas"
cas.authn.ldap[0].baseDn="ou=application,dc=my,dc=domain"
cas.authn.ldap[0].searchFilter="sAMAccountName={user}"
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].dnFormat="%s@MY.DOMAIN"
cas.authn.ldap[0].principalAttributeList="sAMAccountName"
cas.authn.ldap[0].useSsl=false
I have this error :
2019-10-11 16:22:04,823 DEBUG
[org.apereo.cas.authentication.support.DefaultLdapAccountStateHandler] -
Very strange...
Le jeudi 10 octobre 2019 16:12:36 UTC+2, Kevin Imbrechts a écrit :
>
> In my /etc/cas/config/jaas.config file, I've this config :
> MY.DOMAIN <http://SIDEN.INT> {
> com.sun.security.auth.module.Krb5LoginModule sufficient
> refreshKrb5Config=TRUE
> useTicketCache=TRUE
> renewTGT=TRUE
> useKeyTab=TRUE
> doNotPrompt=FALSE
> keyTab=/etc/cas/config/cas.HTTP.keytab
> storeKey=FALSE
> principal="uid=usr-docker,dc=my,dc=domain"
> debug=TRUE;
> };
>
> My run-cas.sh script execute cas.war like this :
> exec java -Djava.security.auth.login.config=/etc/cas/config/jaas.config
> -jar /cas-overlay/target/cas.war
>
> And my JAAS config from /etc/cas/config/cas.properties :
> # JAAS Config
> cas.authn.jaas[0].realm=MY.REALM
> cas.authn.jaas[0].kerberosKdcSystemProperty=ad1.my.domain
> cas.authn.jaas[0].kerberosRealmSystemProperty=MY.REALM
> cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/jaas.config
>
> Thanks
>
>
>
> Le jeudi 10 octobre 2019 16:03:51 UTC+2, Kevin Imbrechts a écrit :
>>
>> Ok I think I found the error :
>> 2019-10-10 15:56:38,737 DEBUG
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
>> for MY.REALM].>
>> 2019-10-10 15:56:38,737 DEBUG
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
>> for MY.REALM].>
>> 2019-10-10 15:56:38,738 DEBUG
>> [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - > authentication handler failure under key [JaasAuthenticationHandler]>
>>
>> How to configure a LoginModule ?
>>
>> Le jeudi 10 octobre 2019 15:37:25 UTC+2, Kevin Imbrechts a écrit :
>>>
>>> I tried, but I can't do it. Nobody can help me ? :(
>>>
>>> Le mercredi 9 octobre 2019 19:10:43 UTC+2, Kevin Imbrechts a écrit :
>>>>
>>>> JAAS is a Java standard authentication and authorization API. JAAS is
>>>> configured via externalized plain text configuration file.
>>>>
>>>> https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html
>>>>
>>>> I think CAS attempts to use another authentication support but I don't
>>>> know why...
>>>>
>>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e4515ab-d562-4fb4-9fc9-fa0058c9f9f2%40apereo.org.
[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback
In my /etc/cas/config/jaas.config file, I've this config :
MY.DOMAIN <http://SIDEN.INT> {
com.sun.security.auth.module.Krb5LoginModule sufficient
refreshKrb5Config=TRUE
useTicketCache=TRUE
renewTGT=TRUE
useKeyTab=TRUE
doNotPrompt=FALSE
keyTab=/etc/cas/config/cas.HTTP.keytab
storeKey=FALSE
principal="uid=usr-docker,dc=my,dc=domain"
debug=TRUE;
};
My run-cas.sh script execute cas.war like this :
exec java -Djava.security.auth.login.config=/etc/cas/config/jaas.config
-jar /cas-overlay/target/cas.war
And my JAAS config from /etc/cas/config/cas.properties :
# JAAS Config
cas.authn.jaas[0].realm=MY.REALM
cas.authn.jaas[0].kerberosKdcSystemProperty=ad1.my.domain
cas.authn.jaas[0].kerberosRealmSystemProperty=MY.REALM
cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/jaas.config
Thanks
Le jeudi 10 octobre 2019 16:03:51 UTC+2, Kevin Imbrechts a écrit :
>
> Ok I think I found the error :
> 2019-10-10 15:56:38,737 DEBUG
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
> for MY.REALM].>
> 2019-10-10 15:56:38,737 DEBUG
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
> for MY.REALM].>
> 2019-10-10 15:56:38,738 DEBUG
> [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - authentication handler failure under key [JaasAuthenticationHandler]>
>
> How to configure a LoginModule ?
>
> Le jeudi 10 octobre 2019 15:37:25 UTC+2, Kevin Imbrechts a écrit :
>>
>> I tried, but I can't do it. Nobody can help me ? :(
>>
>> Le mercredi 9 octobre 2019 19:10:43 UTC+2, Kevin Imbrechts a écrit :
>>>
>>> JAAS is a Java standard authentication and authorization API. JAAS is
>>> configured via externalized plain text configuration file.
>>>
>>> https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html
>>>
>>> I think CAS attempts to use another authentication support but I don't
>>> know why...
>>>
>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3b5b7e9-4a07-45e1-b4fa-760d0f0037a3%40apereo.org.
[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback
In my /etc/cas/config/jaas.config file, I've this config :
SIDEN.INT {
com.sun.security.auth.module.Krb5LoginModule sufficient
refreshKrb5Config=TRUE
useTicketCache=TRUE
renewTGT=TRUE
useKeyTab=TRUE
doNotPrompt=FALSE
keyTab=/etc/cas/config/cas.HTTP.keytab
storeKey=FALSE
principal="uid=usr-docker,dc=my,dc=domain"
debug=TRUE;
};
My run-cas.sh script execute cas.war like this :
exec java -Djava.security.auth.login.config=/etc/cas/config/jaas.config
-jar /cas-overlay/target/cas.war
And my JAAS config from /etc/cas/config/cas.properties :
# JAAS Config
cas.authn.jaas[0].realm=MY.REALM
cas.authn.jaas[0].kerberosKdcSystemProperty=ad1.my.domain
cas.authn.jaas[0].kerberosRealmSystemProperty=MY.REALM
cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/jaas.config
Thanks
Le jeudi 10 octobre 2019 16:03:51 UTC+2, Kevin Imbrechts a écrit :
>
> Ok I think I found the error :
> 2019-10-10 15:56:38,737 DEBUG
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
> for MY.REALM].>
> 2019-10-10 15:56:38,737 DEBUG
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <[JaasAuthenticationHandler] exception details: [No LoginModules configured
> for MY.REALM].>
> 2019-10-10 15:56:38,738 DEBUG
> [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - authentication handler failure under key [JaasAuthenticationHandler]>
>
> How to configure a LoginModule ?
>
> Le jeudi 10 octobre 2019 15:37:25 UTC+2, Kevin Imbrechts a écrit :
>>
>> I tried, but I can't do it. Nobody can help me ? :(
>>
>> Le mercredi 9 octobre 2019 19:10:43 UTC+2, Kevin Imbrechts a écrit :
>>>
>>> JAAS is a Java standard authentication and authorization API. JAAS is
>>> configured via externalized plain text configuration file.
>>>
>>> https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html
>>>
>>> I think CAS attempts to use another authentication support but I don't
>>> know why...
>>>
>>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/461d102a-3456-4d5d-a7bd-5c9cb3f305ac%40apereo.org.
[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback
Ok I think I found the error : 2019-10-10 15:56:38,737 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[JaasAuthenticationHandler] exception details: [No LoginModules configured for MY.REALM].> 2019-10-10 15:56:38,737 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[JaasAuthenticationHandler] exception details: [No LoginModules configured for MY.REALM].> 2019-10-10 15:56:38,738 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - How to configure a LoginModule ? Le jeudi 10 octobre 2019 15:37:25 UTC+2, Kevin Imbrechts a écrit : > > I tried, but I can't do it. Nobody can help me ? :( > > Le mercredi 9 octobre 2019 19:10:43 UTC+2, Kevin Imbrechts a écrit : >> >> JAAS is a Java standard authentication and authorization API. JAAS is >> configured via externalized plain text configuration file. >> >> https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html >> >> I think CAS attempts to use another authentication support but I don't >> know why... >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/89172820-f0b1-4cf7-ab6b-e431a69d78aa%40apereo.org.
[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback
I tried, but I can't do it. Nobody can help me ? :( Le mercredi 9 octobre 2019 19:10:43 UTC+2, Kevin Imbrechts a écrit : > > JAAS is a Java standard authentication and authorization API. JAAS is > configured via externalized plain text configuration file. > > https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html > > I think CAS attempts to use another authentication support but I don't > know why... > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e1dc00a9-d862-4144-8aa5-26e8007772c8%40apereo.org.
[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback
JAAS is a Java standard authentication and authorization API. JAAS is configured via externalized plain text configuration file. https://apereo.github.io/cas/5.3.x/installation/JAAS-Authentication.html I think CAS attempts to use another authentication support but I don't know why... -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/059bb000-4cf5-4072-aa2e-5dfb89dad749%40apereo.org.
[cas-user] Re: [CAS5.3.10] How to use SPNEGO authentication with login form as fallback
I have a JAAS config file using Kerberos and I changed my cas.properties
file like this :
cas.authn.jaas[0].realm=MY.DOMAIN
cas.authn.jaas[0].kerberosKdcSystemProperty=ad.MY.DOMAIN
cas.authn.jaas[0].kerberosRealmSystemProperty=MY.DOMAIN
cas.authn.jaas[0].loginConfigurationFile=/etc/cas/config/login.conf
cas.authn.jaas[0].principal.principalAttribute="uid=usr-docker,dc=my,dc=domain"
Still doesn't work.
Le mardi 8 octobre 2019 16:49:53 UTC+2, Kevin Imbrechts a écrit :
>
> Hello,
>
> With my CAS 5.3.10, I want to authenticate with SPNEGO when it's possible.
> But it can happen that some users can't use SPNEGO. I want to use login
> form as a fallback when SPNEGO failed authentication.
> I see the login form, but when I submit the form, I have an error "bad
> login/password".
> Any idea ? What I've misconfigured ?
>
> Thanks.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8475df2d-a7d4-4369-8590-1cdb720c55bb%40apereo.org.
SIDEN.INT {
com.sun.security.auth.module.Krb5LoginModule sufficient
refreshKrb5Config=TRUE
useTicketCache=TRUE
renewTGT=TRUE
useKeyTab=TRUE
doNotPrompt=FALSE
keyTab=/etc/cas/config/cas.HTTP.keytab
storeKey=TRUE/FALSE
principal="uid=usr-docker,dc=my,dc=domain"
debug=TRUE;
};
[cas-user] [CAS5.3.10] How to use SPNEGO authentication with login form as fallback
Hello, With my CAS 5.3.10, I want to authenticate with SPNEGO when it's possible. But it can happen that some users can't use SPNEGO. I want to use login form as a fallback when SPNEGO failed authentication. I see the login form, but when I submit the form, I have an error "bad login/password". Any idea ? What I've misconfigured ? Thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/49a57d89-59cc-4952-ad28-6d1d0640fe83%40apereo.org. 2019-10-08 16:43:20,101 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - 2019-10-08 16:43:20,101 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - 2019-10-08 16:43:20,101 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - 2019-10-08 16:43:20,101 DEBUG [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - 2019-10-08 16:43:20,102 WARN [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - 2019-10-08 16:43:20,102 WARN [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - 2019-10-08 16:43:20,102 INFO [org.apereo.cas.web.flow.BasicAuthenticationAction] - 2019-10-08 16:43:20,102 INFO [org.apereo.cas.web.flow.BasicAuthenticationAction] - 2019-10-08 16:43:20,103 DEBUG [org.apereo.cas.web.flow.actions.ClearWebflowCredentialAction] - 2019-10-08 16:43:20,103 DEBUG [org.apereo.cas.web.flow.actions.ClearWebflowCredentialAction] - 2019-10-08 16:43:20,104 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - 2019-10-08 16:43:20,104 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - 2019-10-08 16:43:20,104 DEBUG [org.apereo.cas.web.flow.resolver.impl.RankedAuthenticationProviderWebflowEventResolver] - 2019-10-08 16:43:20,104 DEBUG [org.apereo.cas.web.flow.resolver.impl.RankedAuthenticationProviderWebflowEventResolver] - 2019-10-08 16:43:20,104 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - 2019-10-08 16:43:20,104 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - 2019-10-08 16:43:20,105 DEBUG [org.apereo.cas.web.flow.login.InitializeLoginAction] - 2019-10-08 16:43:20,105 DEBUG [org.apereo.cas.web.flow.login.InitializeLoginAction] - 2019-10-08 16:43:20,105 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,105 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,105 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,105 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,106 WARN [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,106 WARN [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,106 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,106 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,106 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,106 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,108 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,108 DEBUG [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,108 DEBUG [org.apereo.cas.web.flow.client.HostNameSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,108 DEBUG [org.apereo.cas.web.flow.client.HostNameSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,108 INFO [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,108 INFO [org.apereo.cas.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction] - 2019-10-08 16:43:20,108 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 2019-10-08 16:43:20,108 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 2019-10-08 16:43:20,108 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 2019-10-08 16:43:20,108 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 2019-10-08 16:43:20,109 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 2019-10-08 16:43:20,109 DEBUG [org.apereo.cas.web.flow.SpnegoNegotiateCredentialsAction] - 2019-10-08
[cas-user] Re: [CAS5.3.12] yamlServiceRegistry or jsonServiceRegistry don't work
Thanks. For now, I don't have a lot of time and I'm afraid of having regressions in applications that will use CAS. So I want to use 5.x version and, after, upgrade for 6.x when I'll have more time. Thank you so much ! Le mardi 8 octobre 2019 12:03:00 UTC+2, Andy Ng a écrit : > > Hi Kevin, > > If you are using the latest Java version, best course of action is to > upgrade CAS to latest CAS 6.x version :) (currently is CAS 6.0.x, possible > to be CAS 6.1 very soon) > > CAS 5.3.x is still usable (i.e. not EOF as of today), but it is much > better to go with the later version. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0fe4ca8a-da3e-4219-a6be-6ffaddd49c7f%40apereo.org.
[cas-user] Re: [CAS5.3.12] yamlServiceRegistry or jsonServiceRegistry don't work
Oh... Thank you. I was using java 11... I try with 8 and I'll keep you informed Le mardi 8 octobre 2019 11:21:46 UTC+2, Andy Ng a écrit : > > HI Kevin, > > You *cas.log* error contain one error called > java.lang.NullPointerException... > ... org.apache.commons.lang3.SystemUtils.isJavaVersionAtLeast > > Searching online come up with this issue: > https://jira.apache.org/jira/browse/LANG-1365 > > What is your docker java version? Java 10? > > FYI, pretty sure CAS 5 only support Java 8, so if Java 10 was used this > might happen. > > See if the above helps > > Cheers! > - Andy > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8fc63049-b4f3-4b7b-96bf-2aea4b4fc790%40apereo.org.
[cas-user] [CAS5.3.12] yamlServiceRegistry or jsonServiceRegistry don't work
Hi, I am trying to create an Docker image based on Alpine Linux 3.10.9 with Apereo CAS 5.3.12 overlay. I want to use YAML services registry but CAS doesn't start. I have a null pointer exception (see cas.log). I really don't know what happens... I think is a misconfiguration but I don't know where. Can you help me, please ? Thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/63da0453-617e-4616-9033-480fdff3f12c%40apereo.org. 2019-10-08 10:32:24,435 WARN [org.apereo.cas.web.CasWebApplicationContext] - Exception in thread "main" java.lang.reflect.InvocationTargetException at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) at org.springframework.boot.loader.WarLauncher.main(WarLauncher.java:59) Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.servicesManager': Invocation of init method failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.serviceRegistry' defined in class path resource [org/apereo/cas/config/CasCoreServicesConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.services.ServiceRegistry]: Factory method 'serviceRegistry' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.yamlServiceRegistry' defined in class path resource [org/apereo/cas/services/config/YamlServiceRegistryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.services.ServiceRegistry]: Factory method 'yamlServiceRegistry' threw exception; nested exception is java.lang.NullPointerException at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:137) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:407) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1623) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:553) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481) at org.springframework.beans.factory.support.AbstractBeanFactory$2.getObject(AbstractBeanFactory.java:351) at org.springframework.cloud.context.scope.GenericScope$BeanLifecycleWrapper.getBean(GenericScope.java:379) at org.springframework.cloud.context.scope.GenericScope.get(GenericScope.java:181) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:346) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1080) at org.springframework.cloud.context.scope.refresh.RefreshScope.start(RefreshScope.java:121) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at
