Re: [cas-user] Authentication issues - CAS cannot find authentication handler that supports [UsernamePasswordCredential].
If you're using ldap.type=AD, you should not be using a bind credential. If you want to use a bind credential, you should use ldap.type=AUTHENTICATED. See https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1 for more info on ldap.type. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Tue, May 15, 2018 at 9:04 AM, Jennifer LaVoiewrote: > Hello Everyone > > I am trying to get CAS to work with AD. I am getting the following error > and authentication fails. I already have the OS bound to AD for OS login, > so I know there is not firewall issue or anything. I am wondering if I > have the right libraries and jar files? I did update my pom.xml and run > maven again to (i hope) install the ldap stuff. > > Here is my cas.properties (some fields masked) > > cas.server.name: https://cas3-dev.campus.bridgew.edu > cas.server.prefix: ${cas.server.name}/cas > > cas.adminPagesSecurity.ip=127\.0\.0\.1 > > cas.tgc.secure: true > cas.tgc.crypto.signing.key: xxx > cas.tgc.crypto.encryption.key: xxx > cas.webflow.crypto.signing.key: xxx > cas.webflow.crypto.encryption.key: xxx > > > logging.config: file:/etc/cas/config/log4j2.xml > cas.serviceRegistry.json.config.location: file:/etc/cas/services > > cas.authn.accept.users: > > cas.authn.ldap[0].order:0 > cas.authn.ldap[0].name: Active Directory > cas.authn.ldap[0].type: AD > cas.authn.ldap[0].ldapUrl: ldap://boydendc-prd.campus. > bridgew.edu:389 > cas.authn.ldap[0].validatePeriod: 270 > cas.authn.ldap[0].poolPassivator: NONE > cas.authn.ldap[0].userFilter: sAMAccountName={user} > cas.authn.ldap[0].baseDn: dc=campus,dc=bridgew,dc=edu > cas.authn.ldap[0].bindDn: "cn=cassrch,ou=BEIS-CAS,ou=IT > Admin,dc=campus,dc=bridgew,dc=edu" > cas.authn.ldap[1].bindCredential: xx > cas.authn.ldap[0].dnFormat: uid=%s,dc=campus,dc=bridgew,dc=edu > > This is a tail of my catalina.out > > 15-May-2018 08:53:40.825 INFO [main] > org.apache.catalina.startup.HostConfig.deployDirectory > Deployment of web application directory [/opt/apache/webapps/cas] has > finished in [32,744] ms > 15-May-2018 08:53:40.830 INFO [main] org.apache.coyote.AbstractProtocol.start > Starting ProtocolHandler ["https-jsse-nio-8443"] > 15-May-2018 08:53:40.841 INFO [main] org.apache.coyote.AbstractProtocol.start > Starting ProtocolHandler ["ajp-nio-8009"] > 15-May-2018 08:53:40.843 INFO [main] > org.apache.catalina.startup.Catalina.start > Server startup in 33115 ms > 2018-05-15 08:54:00,803 DEBUG > [org.apereo.cas.services.AbstractServicesManager] > - > 2018-05-15 08:54:00,804 INFO [org.apereo.cas.services.AbstractServicesManager] > - > 2018-05-15 08:54:10,807 DEBUG [org.apereo.cas.authentication. > PseudoPlatformTransactionManager] - [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean]: > PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'> > 2018-05-15 08:54:10,812 DEBUG > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] > - > 2018-05-15 08:54:10,812 DEBUG > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] > - > 2018-05-15 08:54:10,815 INFO > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] > - <[0] expired tickets removed.> > 2018-05-15 08:54:10,815 DEBUG > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] > - > 2018-05-15 08:54:10,815 DEBUG > [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] > - > 2018-05-15 08:54:10,816 DEBUG [org.apereo.cas.authentication. > PseudoPlatformTransactionManager] - > 2018-05-15 08:55:00,804 DEBUG > [org.apereo.cas.services.AbstractServicesManager] > - > 2018-05-15 08:55:00,805 INFO [org.apereo.cas.services.AbstractServicesManager] > - > 2018-05-15 08:55:42,520 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] > - > 2018-05-15 08:55:42,526 DEBUG > [org.apereo.cas.authentication.principal.WebApplicationServiceFactory] > - > 2018-05-15 08:55:42,527 DEBUG > [org.apereo.cas.web.support.DefaultArgumentExtractor] > - > 2018-05-15 08:55:42,527 DEBUG > [org.apereo.cas.web.support.AbstractArgumentExtractor] > - > 2018-05-15 08:55:42,550 DEBUG [org.apereo.cas.web.support.WebUtils] - > > 2018-05-15 08:55:42,553 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > - = > WHO: audit:unknown > WHAT: [event=success,timestamp=Tue May 15 08:55:42 EDT 2018,source= > RankedAuthenticationProviderWebflowEventResolver] > ACTION: AUTHENTICATION_EVENT_TRIGGERED > APPLICATION: CAS > WHEN: Tue May 15 08:55:42 EDT 2018 > CLIENT IP ADDRESS: 10.28.51.56 > SERVER IP ADDRESS: 10.20.32.131 >
[cas-user] Authentication issues - CAS cannot find authentication handler that supports [UsernamePasswordCredential].
Hello Everyone I am trying to get CAS to work with AD. I am getting the following error and authentication fails. I already have the OS bound to AD for OS login, so I know there is not firewall issue or anything. I am wondering if I have the right libraries and jar files? I did update my pom.xml and run maven again to (i hope) install the ldap stuff. Here is my cas.properties (some fields masked) cas.server.name: https://cas3-dev.campus.bridgew.edu cas.server.prefix: ${cas.server.name}/cas cas.adminPagesSecurity.ip=127\.0\.0\.1 cas.tgc.secure: true cas.tgc.crypto.signing.key: xxx cas.tgc.crypto.encryption.key: xxx cas.webflow.crypto.signing.key: xxx cas.webflow.crypto.encryption.key: xxx logging.config: file:/etc/cas/config/log4j2.xml cas.serviceRegistry.json.config.location: file:/etc/cas/services cas.authn.accept.users: cas.authn.ldap[0].order:0 cas.authn.ldap[0].name: Active Directory cas.authn.ldap[0].type: AD cas.authn.ldap[0].ldapUrl: ldap://boydendc-prd.campus.bridgew.edu:389 cas.authn.ldap[0].validatePeriod: 270 cas.authn.ldap[0].poolPassivator: NONE cas.authn.ldap[0].userFilter: sAMAccountName={user} cas.authn.ldap[0].baseDn: dc=campus,dc=bridgew,dc=edu cas.authn.ldap[0].bindDn: "cn=cassrch,ou=BEIS-CAS,ou=IT Admin,dc=campus,dc=bridgew,dc=edu" cas.authn.ldap[1].bindCredential: xx cas.authn.ldap[0].dnFormat: uid=%s,dc=campus,dc=bridgew,dc=edu This is a tail of my catalina.out 15-May-2018 08:53:40.825 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/apache/webapps/cas] has finished in [32,744] ms 15-May-2018 08:53:40.830 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-8443"] 15-May-2018 08:53:40.841 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"] 15-May-2018 08:53:40.843 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 33115 ms 2018-05-15 08:54:00,803 DEBUG [org.apereo.cas.services.AbstractServicesManager] - 2018-05-15 08:54:00,804 INFO [org.apereo.cas.services.AbstractServicesManager] - 2018-05-15 08:54:10,807 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2018-05-15 08:54:10,812 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 2018-05-15 08:54:10,812 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 2018-05-15 08:54:10,815 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.> 2018-05-15 08:54:10,815 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 2018-05-15 08:54:10,815 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 2018-05-15 08:54:10,816 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2018-05-15 08:55:00,804 DEBUG [org.apereo.cas.services.AbstractServicesManager] - 2018-05-15 08:55:00,805 INFO [org.apereo.cas.services.AbstractServicesManager] - 2018-05-15 08:55:42,520 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] - 2018-05-15 08:55:42,526 DEBUG [org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - 2018-05-15 08:55:42,527 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - 2018-05-15 08:55:42,527 DEBUG [org.apereo.cas.web.support.AbstractArgumentExtractor] - 2018-05-15 08:55:42,550 DEBUG [org.apereo.cas.web.support.WebUtils] - 2018-05-15 08:55:42,553 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 2018-05-15 08:55:42,884 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - 2018-05-15 08:55:42,885 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - 2018-05-15 08:55:42,885 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - 2018-05-15 08:55:42,886 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - 2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - 2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - 2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - 2018-05-15 08:55:43,864 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - 2018-05-15 08:55:43,865 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - 2018-05-15 08:55:43,866 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - 2018-05-15 08:55:43,868 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - 2018-05-15 08:55:44,024 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - 2018-05-15 08:55:44,025 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - 2018-05-15 08:55:44,025 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - 2018-05-15 08:55:44,026 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - 2018-05-15