subject:"RE\: \[cas\-user\] Help configuring LPPE in CAS 3.5.2.1"

Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1

2014-08-26 Thread Christopher Sterling

To an extent, figured out what is going on. If your password expires in the 
timeframe window, it lets you in. (in our case, 30 days) if it is outside 
that window, it doesn't let you in at all.

On Tuesday, August 26, 2014 11:45:27 AM UTC-4, Christopher Sterling wrote:
>
> So, I have some good news and some bad news that is a little strange and I 
> hope you can help me.
>
>
> It works. It lets users login, notifies them of when their password will 
> expire, and then logs them in. The issue, I have 2 LDAP accounts tied to my 
> name. If I try to login with the account with the expired password, I get 
> the notification like expected. If I login with my other account, (without 
> an expired password) CAS thinks and thinks and thinks and then returns the 
> error: "CAS is Unavailable
> There was an error trying to complete your request. Please notify your 
> support desk or try again." Any thoughts? 
>
> I'm trying to get a log of why it fails for me, it just takes a while to 
> fail.
>
> Also, thank you so much for your help. We've had three of us looking at 
> this and it was because of one line that it wasn't working correctly. I 
> probably never would have seen that problem.
>
>
> On Tuesday, August 26, 2014 10:49:31 AM UTC-4, Misagh Moayyed wrote:
>
> So, that’s not actually doing anything for you because the block in 
> between “HttpBasedServiceCredentialsAuthenticationHandler” and 
> “lppeEnabledLdapAuthenticationHandler” is taking over the authentication. 
> You want to have one authentication handler, and in your case that would be 
> the LPPE-enabled one. So remove the block in between and try again.
>
>  
>
> *From:* Christopher Sterling [mailto:cwste...@georgiasouthern.edu] 
> *Sent:* Tuesday, August 26, 2014 7:45 AM
> *To:* jasig-c...@googlegroups.com
> *Cc:* cas-...@lists.jasig.org; cas-...@lists.jasig.org; mmoa...@unicon.net
> *Subject:* Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1
>
>  
>
> Yep. It's presently located under the authenticationHandlers property.
>
>  
>
> 
>
>   
>
> 
>
>  class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
>
>   p:httpClient-ref="httpClient" />
>
>  
>
>  
>
>  class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>
>  p:filter="sAMAccountName=%u"
>
>  p:ignorePartialResultException="true"
>
> 
>  p:searchBase="DC=ad,DC=georgiasouthern,DC=edu"
>
>  p:contextSource-ref="contextSource" />
>
>  
>
>  
>
> 
>
>  
>
> bean="lppeEnabledLdapAuthenticationHandler" />
>
>   
>
> 
>
>  
>
>
>
> On Tuesday, August 26, 2014 10:43:12 AM UTC-4, Misagh Moayyed wrote:
>
> …and is your LPPE handler referenced in your authentication manager? In 
> your deployerContextConfig.xml? 
>
>  
>
> *From:* Christopher Sterling [mailto:cwste...@georgiasouthern.edu] 
> *Sent:* Tuesday, August 26, 2014 6:58 AM
> *To:* cas-...@lists.jasig.org
> *Cc:* cas-...@lists.jasig.org; cas-...@lists.jasig.org; mmoa...@unicon.net
> *Subject:* Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1
>
>  
>
> Yep, got DEBUG turned on. What exactly should I be looking for? It's ~4100 
> lines. I can put it on pastebin if needed. 
>
>  
>
> I did find this when looking through the log.
>
>  
>
> 2014-08-26 09:32:48,278 DEBUG 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] -  LDAP bind with credential: CN=Christopher Wyatt 
> Sterling,OU=Students,DC=ad,DC=georgiasouthern,DC=edu>
>
> 2014-08-26 09:32:48,536 INFO 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] -  authenticate user cs02357 with error [LDAP: error code 49 - 80090308: 
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, 
> v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP: 
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: 
> AcceptSecurityContext error, data 773, v1db1 ]>
>
> 2014-08-26 09:32:48,536 DEBUG 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <*No error 
> definitions are defined*. Throwing error [LDAP: error code 49 - 80090308: 
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, 
&g

Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1

2014-08-26 Thread Christopher Sterling

So, I have some good news and some bad news that is a little strange and I 
hope you can help me.


It works. It lets users login, notifies them of when their password will 
expire, and then logs them in. The issue, I have 2 LDAP accounts tied to my 
name. If I try to login with the account with the expired password, I get 
the notification like expected. If I login with my other account, (without 
an expired password) CAS thinks and thinks and thinks and then returns the 
error: "CAS is Unavailable
There was an error trying to complete your request. Please notify your 
support desk or try again." Any thoughts? 

I'm trying to get a log of why it fails for me, it just takes a while to 
fail.

Also, thank you so much for your help. We've had three of us looking at 
this and it was because of one line that it wasn't working correctly. I 
probably never would have seen that problem.


On Tuesday, August 26, 2014 10:49:31 AM UTC-4, Misagh Moayyed wrote:
>
> So, that’s not actually doing anything for you because the block in 
> between “HttpBasedServiceCredentialsAuthenticationHandler” and 
> “lppeEnabledLdapAuthenticationHandler” is taking over the authentication. 
> You want to have one authentication handler, and in your case that would be 
> the LPPE-enabled one. So remove the block in between and try again.
>
>  
>
> *From:* Christopher Sterling [mailto:cwste...@georgiasouthern.edu 
> ] 
> *Sent:* Tuesday, August 26, 2014 7:45 AM
> *To:* jasig-c...@googlegroups.com 
> *Cc:* cas-...@lists.jasig.org ; cas-...@lists.jasig.org 
> ; mmoa...@unicon.net 
> *Subject:* Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1
>
>  
>
> Yep. It's presently located under the authenticationHandlers property.
>
>  
>
> 
>
>   
>
> 
>
>  class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
>
>   p:httpClient-ref="httpClient" />
>
>  
>
>  
>
>  class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>
>  p:filter="sAMAccountName=%u"
>
>  p:ignorePartialResultException="true"
>
> 
>  p:searchBase="DC=ad,DC=georgiasouthern,DC=edu"
>
>  p:contextSource-ref="contextSource" />
>
>  
>
>  
>
> 
>
>  
>
> bean="lppeEnabledLdapAuthenticationHandler" />
>
>   
>
> 
>
>  
>
>
>
> On Tuesday, August 26, 2014 10:43:12 AM UTC-4, Misagh Moayyed wrote:
>
> …and is your LPPE handler referenced in your authentication manager? In 
> your deployerContextConfig.xml? 
>
>  
>
> *From:* Christopher Sterling [mailto:cwste...@georgiasouthern.edu] 
> *Sent:* Tuesday, August 26, 2014 6:58 AM
> *To:* cas-...@lists.jasig.org
> *Cc:* cas-...@lists.jasig.org; cas-...@lists.jasig.org; mmoa...@unicon.net
> *Subject:* Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1
>
>  
>
> Yep, got DEBUG turned on. What exactly should I be looking for? It's ~4100 
> lines. I can put it on pastebin if needed. 
>
>  
>
> I did find this when looking through the log.
>
>  
>
> 2014-08-26 09:32:48,278 DEBUG 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] -  LDAP bind with credential: CN=Christopher Wyatt 
> Sterling,OU=Students,DC=ad,DC=georgiasouthern,DC=edu>
>
> 2014-08-26 09:32:48,536 INFO 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] -  authenticate user cs02357 with error [LDAP: error code 49 - 80090308: 
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, 
> v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP: 
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: 
> AcceptSecurityContext error, data 773, v1db1 ]>
>
> 2014-08-26 09:32:48,536 DEBUG 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <*No error 
> definitions are defined*. Throwing error [LDAP: error code 49 - 80090308: 
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, 
> v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP: 
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: 
> AcceptSecurityContext error, data 773, v1db1 ]>
>
>
>
>
> On Tuesday, August 26, 2014 2:31:12 AM UTC-4, Misagh Moayyed wrote:
>
> Would you be able to turn on DEBUG in your logs?

RE: [cas-user] Help configuring LPPE in CAS 3.5.2.1

2014-08-26 Thread Misagh Moayyed

So, that’s not actually doing anything for you because the block in between 
“HttpBasedServiceCredentialsAuthenticationHandler” and 
“lppeEnabledLdapAuthenticationHandler” is taking over the authentication. 
You want to have one authentication handler, and in your case that would be 
the LPPE-enabled one. So remove the block in between and try again.



From: Christopher Sterling [mailto:cwsterl...@georgiasouthern.edu]
Sent: Tuesday, August 26, 2014 7:45 AM
To: jasig-cas-u...@googlegroups.com
Cc: cas-user@lists.jasig.org; cas-user@lists.jasig.org; mmoay...@unicon.net
Subject: Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1



Yep. It's presently located under the authenticationHandlers property.





  



















   

  







On Tuesday, August 26, 2014 10:43:12 AM UTC-4, Misagh Moayyed wrote:

…and is your LPPE handler referenced in your authentication manager? In your 
deployerContextConfig.xml?



From: Christopher Sterling [mailto:cwste...@georgiasouthern.edu 
 ]
Sent: Tuesday, August 26, 2014 6:58 AM
To: cas-...@lists.jasig.org 
Cc: cas-...@lists.jasig.org  ; cas-...@lists.jasig.org 
 ; mmoa...@unicon.net 
Subject: Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1



Yep, got DEBUG turned on. What exactly should I be looking for? It's ~4100 
lines. I can put it on pastebin if needed.



I did find this when looking through the log.



2014-08-26 09:32:48,278 DEBUG 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 

2014-08-26 09:32:48,536 INFO 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 

2014-08-26 09:32:48,536 DEBUG 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 




On Tuesday, August 26, 2014 2:31:12 AM UTC-4, Misagh Moayyed wrote:

Would you be able to turn on DEBUG in your logs?



From: Christopher Sterling [mailto:cwste...@georgiasouthern.edu]
Sent: Monday, August 25, 2014 2:06 PM
To: cas-...@lists.jasig.org <mailto:cas-...@lists.jasig.org>
Subject: [cas-user] Help configuring LPPE in CAS 3.5.2.1



So, We need some help trying to configure the LPPE module in  CAS 3.5.2.1 
and I'm wondering if I can get some help.



We followed the directions here: 
https://wiki.jasig.org/pages/viewpage.action?pageId=26149328



Our pom.xml file: http://ss.chrissterling.me/2014-08-25_1650.png



In the deployerConfigContext.xml file, we added the ref 
bean="lppeEnabledLdapAuthenticationHandler" />: 
http://ss.chrissterling.me/2014-08-25_1653.png



For the lppe-configuration file, we took the one in the 
WEB-INF/unused-spring-configuration/lppe-configuration.xml and moved it to 
WEB-INF/spring-configuration/lppe-configuration.xml



In lppe-configuration.xml, we added the error code block to the following 
code:





   

 





 



 



 



 



 

 

   




In the cas.properties we have the following settings: 
http://ss.chrissterling.me/2014-08-25_1655.png



In the login-webflow.xml we put this in there: 
http://ss.chrissterling.me/2014-08-25_1658.png



We haven't done the second replace, but will if suggested.



When a user with an expired password tries to login, they get the following 
message: The credentials you provided cannot be determined to be authentic.



And in the tomcat log, we get the following:



2014-08-25 14:14:59,317 INFO 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 

2014-08-25 14:14:59,317 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 


2014-08-25 14:14:59,318 INFO 
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 



Now, I did notice, in our log, we do have these NUL values coming back as 
well: http://ss.chrissterling.me/2014-08-25_1704.png (note the arrows)



Does anybody have any suggestions as to what we can do to see if we can get 
this fixed and working? Do you guys need anything else from me in the way of 
debugging?




-- 
You are currently subscribed to cas-...@lists.jasig.org 
<mailto:cas-...@lists.jasig.org>  as: mmoa...@unicon.net 
<mailto:mmoa...@unicon.net>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 
You are currently subscribed to cas-...@lists.jasig.org 
<mailto:cas-...@lists.jasig.org>  as: jasig-cas-user...@googlegroups.com 
<mailto:jasig-cas-user...@googlegroups.com>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-...@lists.jasig.org   as: 
mmoa...@unicon.net 
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 
You are currently subscribed to cas-...@lists.jasig.org   as: 
jasi

Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1

2014-08-26 Thread Christopher Sterling

Yep. It's presently located under the authenticationHandlers property.












   






On Tuesday, August 26, 2014 10:43:12 AM UTC-4, Misagh Moayyed wrote:
>
> …and is your LPPE handler referenced in your authentication manager? In 
> your deployerContextConfig.xml? 
>
>  
>
> *From:* Christopher Sterling [mailto:cwste...@georgiasouthern.edu 
> ] 
> *Sent:* Tuesday, August 26, 2014 6:58 AM
> *To:* cas-...@lists.jasig.org 
> *Cc:* cas-...@lists.jasig.org ; cas-...@lists.jasig.org 
> ; mmoa...@unicon.net 
> *Subject:* Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1
>
>  
>
> Yep, got DEBUG turned on. What exactly should I be looking for? It's ~4100 
> lines. I can put it on pastebin if needed. 
>
>  
>
> I did find this when looking through the log.
>
>  
>
> 2014-08-26 09:32:48,278 DEBUG 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] -  LDAP bind with credential: CN=Christopher Wyatt 
> Sterling,OU=Students,DC=ad,DC=georgiasouthern,DC=edu>
>
> 2014-08-26 09:32:48,536 INFO 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] -  authenticate user cs02357 with error [LDAP: error code 49 - 80090308: 
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, 
> v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP: 
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: 
> AcceptSecurityContext error, data 773, v1db1 ]>
>
> 2014-08-26 09:32:48,536 DEBUG 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <*No error 
> definitions are defined*. Throwing error [LDAP: error code 49 - 80090308: 
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, 
> v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP: 
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: 
> AcceptSecurityContext error, data 773, v1db1 ]>
>
>
>
>
> On Tuesday, August 26, 2014 2:31:12 AM UTC-4, Misagh Moayyed wrote:
>
> Would you be able to turn on DEBUG in your logs? 
>
>  
>
> *From:* Christopher Sterling [mailto:cwste...@georgiasouthern.edu] 
> *Sent:* Monday, August 25, 2014 2:06 PM
> *To:* cas-...@lists.jasig.org
> *Subject:* [cas-user] Help configuring LPPE in CAS 3.5.2.1
>
>  
>
> So, We need some help trying to configure the LPPE module in  CAS 3.5.2.1 
> and I'm wondering if I can get some help.
>
>  
>
> We followed the directions here: 
> https://wiki.jasig.org/pages/viewpage.action?pageId=26149328
>
>  
>
> Our pom.xml file: http://ss.chrissterling.me/2014-08-25_1650.png
>
>  
>
> In the deployerConfigContext.xml file, we added the ref 
> bean="lppeEnabledLdapAuthenticationHandler" />: 
> http://ss.chrissterling.me/2014-08-25_1653.png
>
>  
>
> For the lppe-configuration file, we took the one in the 
> WEB-INF/unused-spring-configuration/lppe-configuration.xml and moved it to 
> WEB-INF/spring-configuration/lppe-configuration.xml
>
>  
>
> In lppe-configuration.xml, we added the error code block to the following 
> code:
>
>  
>
>  class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>
>p:filter="${ldap.authentication.filter}"
>
>p:searchBase="${ldap.authentication.basedn}"
>
>p:contextSource-ref="contextSource"
>
>p:searchContextSource-ref="pooledContextSource"
>
>   
>  
> p:ignorePartialResultException="${ldap.authentication.ignorePartialResultException}">
>
>
>
>  
>
> 
>   p:ldapPattern="data 530"
>
>   p:type="badHours" />
>
>  
>
>  
>  p:ldapPattern="data 533"
>
>  p:type="accountDisabled" />
>
>  
>
>  
>  p:ldapPattern="data 773"
>
>  p:type="mustChangePassword" />
>
>  
>
>  
>  p:ldapPattern="data 775"
>
>  p:type="accountLocked" />
>
>  
>
>  
>  p:ldapPattern="data 531"
>
>  p:type="badWorkstation" />
>
>  
>
>  
>  p:ldapPattern="data (701|532)"
>
>  p:type="passwordExpired" />
>
>  
>
>
>
> 
>
>
> In the cas.properties we have the following settings: 
> http://ss.c

RE: [cas-user] Help configuring LPPE in CAS 3.5.2.1

2014-08-26 Thread Misagh Moayyed

…and is your LPPE handler referenced in your authentication manager? In your 
deployerContextConfig.xml?



From: Christopher Sterling [mailto:cwsterl...@georgiasouthern.edu]
Sent: Tuesday, August 26, 2014 6:58 AM
To: cas-user@lists.jasig.org
Cc: cas-user@lists.jasig.org; cas-user@lists.jasig.org; mmoay...@unicon.net
Subject: Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1



Yep, got DEBUG turned on. What exactly should I be looking for? It's ~4100 
lines. I can put it on pastebin if needed.



I did find this when looking through the log.



2014-08-26 09:32:48,278 DEBUG 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 

2014-08-26 09:32:48,536 INFO 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 

2014-08-26 09:32:48,536 DEBUG 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 




On Tuesday, August 26, 2014 2:31:12 AM UTC-4, Misagh Moayyed wrote:

Would you be able to turn on DEBUG in your logs?



From: Christopher Sterling [mailto:cwste...@georgiasouthern.edu 
 ]
Sent: Monday, August 25, 2014 2:06 PM
To: cas-...@lists.jasig.org 
Subject: [cas-user] Help configuring LPPE in CAS 3.5.2.1



So, We need some help trying to configure the LPPE module in  CAS 3.5.2.1 
and I'm wondering if I can get some help.



We followed the directions here: 
https://wiki.jasig.org/pages/viewpage.action?pageId=26149328



Our pom.xml file: http://ss.chrissterling.me/2014-08-25_1650.png



In the deployerConfigContext.xml file, we added the ref 
bean="lppeEnabledLdapAuthenticationHandler" />: 
http://ss.chrissterling.me/2014-08-25_1653.png



For the lppe-configuration file, we took the one in the 
WEB-INF/unused-spring-configuration/lppe-configuration.xml and moved it to 
WEB-INF/spring-configuration/lppe-configuration.xml



In lppe-configuration.xml, we added the error code block to the following 
code:





   

 





 



 



 



 



 

 

   




In the cas.properties we have the following settings: 
http://ss.chrissterling.me/2014-08-25_1655.png



In the login-webflow.xml we put this in there: 
http://ss.chrissterling.me/2014-08-25_1658.png



We haven't done the second replace, but will if suggested.



When a user with an expired password tries to login, they get the following 
message: The credentials you provided cannot be determined to be authentic.



And in the tomcat log, we get the following:



2014-08-25 14:14:59,317 INFO 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 

2014-08-25 14:14:59,317 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 


2014-08-25 14:14:59,318 INFO 
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 



Now, I did notice, in our log, we do have these NUL values coming back as 
well: http://ss.chrissterling.me/2014-08-25_1704.png (note the arrows)



Does anybody have any suggestions as to what we can do to see if we can get 
this fixed and working? Do you guys need anything else from me in the way of 
debugging?




-- 
You are currently subscribed to cas-...@lists.jasig.org   as: 
mmoa...@unicon.net 
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 
You are currently subscribed to cas-...@lists.jasig.org   as: 
jasig-cas-user...@googlegroups.com 
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org 
<mailto:cas-user@lists.jasig.org>  as: mmoay...@unicon.net 
<mailto:mmoay...@unicon.net>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1

2014-08-26 Thread Christopher Sterling

Yep, got DEBUG turned on. What exactly should I be looking for? It's ~4100 
lines. I can put it on pastebin if needed. 

I did find this when looking through the log.

2014-08-26 09:32:48,278 DEBUG 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 
2014-08-26 09:32:48,536 INFO 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 
2014-08-26 09:32:48,536 DEBUG 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - <*No error 
definitions are defined*. Throwing error [LDAP: error code 49 - 80090308: 
LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, 
v1db1 ]; nested exception is javax.naming.AuthenticationException: [LDAP: 
error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: 
AcceptSecurityContext error, data 773, v1db1 ]>



On Tuesday, August 26, 2014 2:31:12 AM UTC-4, Misagh Moayyed wrote:
>
> Would you be able to turn on DEBUG in your logs? 
>
>  
>
> *From:* Christopher Sterling [mailto:cwste...@georgiasouthern.edu 
> ] 
> *Sent:* Monday, August 25, 2014 2:06 PM
> *To:* cas-...@lists.jasig.org 
> *Subject:* [cas-user] Help configuring LPPE in CAS 3.5.2.1
>
>  
>
> So, We need some help trying to configure the LPPE module in  CAS 3.5.2.1 
> and I'm wondering if I can get some help.
>
>  
>
> We followed the directions here: 
> https://wiki.jasig.org/pages/viewpage.action?pageId=26149328
>
>  
>
> Our pom.xml file: http://ss.chrissterling.me/2014-08-25_1650.png
>
>  
>
> In the deployerConfigContext.xml file, we added the ref 
> bean="lppeEnabledLdapAuthenticationHandler" />: 
> http://ss.chrissterling.me/2014-08-25_1653.png
>
>  
>
> For the lppe-configuration file, we took the one in the 
> WEB-INF/unused-spring-configuration/lppe-configuration.xml and moved it to 
> WEB-INF/spring-configuration/lppe-configuration.xml
>
>  
>
> In lppe-configuration.xml, we added the error code block to the following 
> code:
>
>  
>
>  class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>
>p:filter="${ldap.authentication.filter}"
>
>p:searchBase="${ldap.authentication.basedn}"
>
>p:contextSource-ref="contextSource"
>
>p:searchContextSource-ref="pooledContextSource"
>
>   
>  
> p:ignorePartialResultException="${ldap.authentication.ignorePartialResultException}">
>
>
>
>  
>
> 
>   p:ldapPattern="data 530"
>
>   p:type="badHours" />
>
>  
>
>  
>  p:ldapPattern="data 533"
>
>  p:type="accountDisabled" />
>
>  
>
>  
>  p:ldapPattern="data 773"
>
>  p:type="mustChangePassword" />
>
>  
>
>  
>  p:ldapPattern="data 775"
>
>  p:type="accountLocked" />
>
>  
>
>  
>  p:ldapPattern="data 531"
>
>  p:type="badWorkstation" />
>
>  
>
>  
>  p:ldapPattern="data (701|532)"
>
>  p:type="passwordExpired" />
>
>  
>
>
>
> 
>
>
> In the cas.properties we have the following settings: 
> http://ss.chrissterling.me/2014-08-25_1655.png
>
>  
>
> In the login-webflow.xml we put this in there: 
> http://ss.chrissterling.me/2014-08-25_1658.png
>
>  
>
> We haven't done the second replace, but will if suggested.
>
>  
>
> When a user with an expired password tries to login, they get the 
> following message: The credentials you provided cannot be determined to be 
> authentic.
>
>  
>
> And in the tomcat log, we get the following:
>
>  
>
> 2014-08-25 14:14:59,317 INFO 
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] -  authenticate user cs02357 with error [LDAP: error code 49 - 80090308: 
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, 
> v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: 
> error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: 
> AcceptSecurityContext error, data 773, v1db1]>
>
> 2014-08-25 14:14:59,317 INFO 
> [org.jasig.cas.authentication.AuthenticationManagerImpl] - 
>  authenticating [username: cs02357]>
>
> 2014-08-25 14:14:59,318 INFO 
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
>
> =
>
> WHO: [username: cs02357]
>
> WHAT: supplied credentials: [username: cs02357]
>
> ACTION: AUTHENTICATION_FAILED
>
> APPLICATION: CAS
>
> WHEN: Mon Aug 25 14:14:59 EDT 2014
>
> CLIENT IP ADDRESS: 141.165.2.185
>
> SERVER IP ADDRESS: 141.165.6.22
>
> =
>
>  
>
> > 
>
>  
>
> Now, I did notice, in our log, we do have these NUL values coming back as 
> well: http://ss.chrissterling.me/2014-08-25_1704.png (note the arrows)
>
>  
>
> Does anybody have any suggestions as to what we can do to see if we can 
> get this fixed and working? Do you guys need anything else from me in the 
> way of debugging?
>
>  
>

RE: [cas-user] Help configuring LPPE in CAS 3.5.2.1

2014-08-25 Thread Misagh Moayyed

Would you be able to turn on DEBUG in your logs?



From: Christopher Sterling [mailto:cwsterl...@georgiasouthern.edu]
Sent: Monday, August 25, 2014 2:06 PM
To: cas-user@lists.jasig.org
Subject: [cas-user] Help configuring LPPE in CAS 3.5.2.1



So, We need some help trying to configure the LPPE module in  CAS 3.5.2.1 
and I'm wondering if I can get some help.



We followed the directions here: 
https://wiki.jasig.org/pages/viewpage.action?pageId=26149328



Our pom.xml file: http://ss.chrissterling.me/2014-08-25_1650.png



In the deployerConfigContext.xml file, we added the ref 
bean="lppeEnabledLdapAuthenticationHandler" />: 
http://ss.chrissterling.me/2014-08-25_1653.png



For the lppe-configuration file, we took the one in the 
WEB-INF/unused-spring-configuration/lppe-configuration.xml and moved it to 
WEB-INF/spring-configuration/lppe-configuration.xml



In lppe-configuration.xml, we added the error code block to the following 
code:





   

 





 



 



 



 



 

 

   




In the cas.properties we have the following settings: 
http://ss.chrissterling.me/2014-08-25_1655.png



In the login-webflow.xml we put this in there: 
http://ss.chrissterling.me/2014-08-25_1658.png



We haven't done the second replace, but will if suggested.



When a user with an expired password tries to login, they get the following 
message: The credentials you provided cannot be determined to be authentic.



And in the tomcat log, we get the following:



2014-08-25 14:14:59,317 INFO 
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - 

2014-08-25 14:14:59,317 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 


2014-08-25 14:14:59,318 INFO 
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 



Now, I did notice, in our log, we do have these NUL values coming back as 
well: http://ss.chrissterling.me/2014-08-25_1704.png (note the arrows)



Does anybody have any suggestions as to what we can do to see if we can get 
this fixed and working? Do you guys need anything else from me in the way of 
debugging?




-- 
You are currently subscribed to cas-user@lists.jasig.org 
  as: mmoay...@unicon.net 

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1

Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1

RE: [cas-user] Help configuring LPPE in CAS 3.5.2.1

Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1

RE: [cas-user] Help configuring LPPE in CAS 3.5.2.1

Re: [cas-user] Help configuring LPPE in CAS 3.5.2.1

RE: [cas-user] Help configuring LPPE in CAS 3.5.2.1

7 matches

Site Navigation

Mail list logo

Footer information