Re: [cas-user] Authentication issues - CAS cannot find authentication handler that supports [UsernamePasswordCredential].

2018-05-15 Thread David Curry 
If you're using ldap.type=AD, you should not be using a bind credential.

If you want to use a bind credential, you should use
ldap.type=AUTHENTICATED.

See
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1
for more info on ldap.type.

--Dave





--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Tue, May 15, 2018 at 9:04 AM, Jennifer LaVoie 
wrote:

> Hello Everyone
>
> I am trying to get CAS to work with AD.  I am getting the following error
> and authentication fails.  I already have the OS bound to AD for OS login,
> so I know there is not firewall issue or anything.  I am wondering if I
> have the right libraries and jar files?  I did update my pom.xml and run
> maven again to (i hope) install the ldap stuff.
>
> Here is my cas.properties (some fields masked)
>
> cas.server.name: https://cas3-dev.campus.bridgew.edu
> cas.server.prefix: ${cas.server.name}/cas
>
> cas.adminPagesSecurity.ip=127\.0\.0\.1
>
> cas.tgc.secure: true
> cas.tgc.crypto.signing.key: xxx
> cas.tgc.crypto.encryption.key: xxx
> cas.webflow.crypto.signing.key: xxx
> cas.webflow.crypto.encryption.key: xxx
>
>
> logging.config: file:/etc/cas/config/log4j2.xml
> cas.serviceRegistry.json.config.location: file:/etc/cas/services
>
> cas.authn.accept.users:
>
> cas.authn.ldap[0].order:0
> cas.authn.ldap[0].name: Active Directory
> cas.authn.ldap[0].type: AD
> cas.authn.ldap[0].ldapUrl:  ldap://boydendc-prd.campus.
> bridgew.edu:389
> cas.authn.ldap[0].validatePeriod:   270
> cas.authn.ldap[0].poolPassivator:   NONE
> cas.authn.ldap[0].userFilter:   sAMAccountName={user}
> cas.authn.ldap[0].baseDn:   dc=campus,dc=bridgew,dc=edu
> cas.authn.ldap[0].bindDn:   "cn=cassrch,ou=BEIS-CAS,ou=IT
> Admin,dc=campus,dc=bridgew,dc=edu"
> cas.authn.ldap[1].bindCredential:  xx
> cas.authn.ldap[0].dnFormat: uid=%s,dc=campus,dc=bridgew,dc=edu
>
> This is a tail of my catalina.out
>
> 15-May-2018 08:53:40.825 INFO [main] 
> org.apache.catalina.startup.HostConfig.deployDirectory
> Deployment of web application directory [/opt/apache/webapps/cas] has
> finished in [32,744] ms
> 15-May-2018 08:53:40.830 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["https-jsse-nio-8443"]
> 15-May-2018 08:53:40.841 INFO [main] org.apache.coyote.AbstractProtocol.start
> Starting ProtocolHandler ["ajp-nio-8009"]
> 15-May-2018 08:53:40.843 INFO [main] 
> org.apache.catalina.startup.Catalina.start
> Server startup in 33115 ms
> 2018-05-15 08:54:00,803 DEBUG 
> [org.apereo.cas.services.AbstractServicesManager]
> - 
> 2018-05-15 08:54:00,804 INFO [org.apereo.cas.services.AbstractServicesManager]
> - 
> 2018-05-15 08:54:10,807 DEBUG [org.apereo.cas.authentication.
> PseudoPlatformTransactionManager] -  [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean]:
> PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
> 2018-05-15 08:54:10,812 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-05-15 08:54:10,812 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-05-15 08:54:10,815 INFO 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - <[0] expired tickets removed.>
> 2018-05-15 08:54:10,815 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-05-15 08:54:10,815 DEBUG 
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner]
> - 
> 2018-05-15 08:54:10,816 DEBUG [org.apereo.cas.authentication.
> PseudoPlatformTransactionManager] - 
> 2018-05-15 08:55:00,804 DEBUG 
> [org.apereo.cas.services.AbstractServicesManager]
> - 
> 2018-05-15 08:55:00,805 INFO [org.apereo.cas.services.AbstractServicesManager]
> - 
> 2018-05-15 08:55:42,520 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction]
> - 
> 2018-05-15 08:55:42,526 DEBUG 
> [org.apereo.cas.authentication.principal.WebApplicationServiceFactory]
> - 
> 2018-05-15 08:55:42,527 DEBUG 
> [org.apereo.cas.web.support.DefaultArgumentExtractor]
> - 
> 2018-05-15 08:55:42,527 DEBUG 
> [org.apereo.cas.web.support.AbstractArgumentExtractor]
> - 
> 2018-05-15 08:55:42,550 DEBUG [org.apereo.cas.web.support.WebUtils] -
> 
> 2018-05-15 08:55:42,553 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> -  =
> WHO: audit:unknown
> WHAT: [event=success,timestamp=Tue May 15 08:55:42 EDT 2018,source=
> RankedAuthenticationProviderWebflowEventResolver]
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Tue May 15 08:55:42 EDT 2018
> CLIENT IP ADDRESS: 10.28.51.56
> SERVER IP ADDRESS: 10.20.32.131
>

[cas-user] Authentication issues - CAS cannot find authentication handler that supports [UsernamePasswordCredential].

2018-05-15 Thread Jennifer LaVoie 
Hello Everyone

I am trying to get CAS to work with AD.  I am getting the following error 
and authentication fails.  I already have the OS bound to AD for OS login, 
so I know there is not firewall issue or anything.  I am wondering if I 
have the right libraries and jar files?  I did update my pom.xml and run 
maven again to (i hope) install the ldap stuff.

Here is my cas.properties (some fields masked)

cas.server.name: https://cas3-dev.campus.bridgew.edu
cas.server.prefix: ${cas.server.name}/cas

cas.adminPagesSecurity.ip=127\.0\.0\.1

cas.tgc.secure: true
cas.tgc.crypto.signing.key: xxx
cas.tgc.crypto.encryption.key: xxx
cas.webflow.crypto.signing.key: xxx
cas.webflow.crypto.encryption.key: xxx


logging.config: file:/etc/cas/config/log4j2.xml
cas.serviceRegistry.json.config.location: file:/etc/cas/services

cas.authn.accept.users:

cas.authn.ldap[0].order:0
cas.authn.ldap[0].name: Active Directory
cas.authn.ldap[0].type: AD
cas.authn.ldap[0].ldapUrl:  
ldap://boydendc-prd.campus.bridgew.edu:389
cas.authn.ldap[0].validatePeriod:   270
cas.authn.ldap[0].poolPassivator:   NONE
cas.authn.ldap[0].userFilter:   sAMAccountName={user}
cas.authn.ldap[0].baseDn:   dc=campus,dc=bridgew,dc=edu
cas.authn.ldap[0].bindDn:   "cn=cassrch,ou=BEIS-CAS,ou=IT 
Admin,dc=campus,dc=bridgew,dc=edu"
cas.authn.ldap[1].bindCredential:  xx
cas.authn.ldap[0].dnFormat: uid=%s,dc=campus,dc=bridgew,dc=edu

This is a tail of my catalina.out

15-May-2018 08:53:40.825 INFO [main] 
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web 
application directory [/opt/apache/webapps/cas] has finished in [32,744] ms
15-May-2018 08:53:40.830 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["https-jsse-nio-8443"]
15-May-2018 08:53:40.841 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["ajp-nio-8009"]
15-May-2018 08:53:40.843 INFO [main] 
org.apache.catalina.startup.Catalina.start Server startup in 33115 ms
2018-05-15 08:54:00,803 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 
2018-05-15 08:54:00,804 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 
2018-05-15 08:54:10,807 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2018-05-15 08:54:10,812 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 
2018-05-15 08:54:10,812 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 
2018-05-15 08:54:10,815 INFO 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] 
expired tickets removed.>
2018-05-15 08:54:10,815 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 
2018-05-15 08:54:10,815 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 
2018-05-15 08:54:10,816 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 

2018-05-15 08:55:00,804 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 
2018-05-15 08:55:00,805 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 
2018-05-15 08:55:42,520 INFO 
[org.apereo.cas.web.flow.InitialFlowSetupAction] - 
2018-05-15 08:55:42,526 DEBUG 
[org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - 

2018-05-15 08:55:42,527 DEBUG 
[org.apereo.cas.web.support.DefaultArgumentExtractor] - 
2018-05-15 08:55:42,527 DEBUG 
[org.apereo.cas.web.support.AbstractArgumentExtractor] - 
2018-05-15 08:55:42,550 DEBUG [org.apereo.cas.web.support.WebUtils] - 

2018-05-15 08:55:42,553 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2018-05-15 08:55:42,884 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:42,885 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:42,885 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:42,886 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:42,887 DEBUG 
[org.apereo.cas.services.web.ServiceThemeResolver] - 
2018-05-15 08:55:42,887 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:42,887 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:43,864 DEBUG 
[org.apereo.cas.web.view.CasReloadableMessageBundle] - 
2018-05-15 08:55:43,865 DEBUG 
[org.apereo.cas.web.view.CasReloadableMessageBundle] - 
2018-05-15 08:55:43,866 DEBUG 
[org.apereo.cas.web.view.CasReloadableMessageBundle] - 
2018-05-15 08:55:43,868 DEBUG 
[org.apereo.cas.web.view.CasReloadableMessageBundle] - 
2018-05-15 08:55:44,024 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:44,025 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:44,025 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15 08:55:44,026 DEBUG 
[org.apereo.cas.services.web.ChainingThemeResolver] - 
2018-05-15