[cas-user] CAS IDP OpenAthens error

2022-05-18 Thread Thanh Nguyen 
Dear CAS community and members around the world,

I am from an University in Vietnam. I got below error while integrate my 
CAS server with OpenAthens via SAML IDP. Please help me. Thanks a lot.

2022-05-19 11:12:54,217 WARN 
[org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver] - 

2022-05-19 11:12:54,218 ERROR 
[org.springframework.boot.web.support.ErrorPageFilter] - 
org.apereo.cas.support.saml.SamlException: 
org.opensaml.saml.common.SAMLException: No signature signing parameter is 
available
at 
org.apereo.cas.support.saml.web.idp.profile.builders.enc.BaseSamlObjectSigner.encode(BaseSamlObjectSigner.java:128)
 
~[cas-server-support-saml-idp-5.2.5.jar:5.2.5]
at 
org.apereo.cas.support.saml.web.idp.profile.builders.enc.BaseSamlObjectSigner$$FastClassBySpringCGLIB$$1fa50f6e.invoke()
 
~[cas-server-support-saml-idp-5.2.5.jar:5.2.5]
at 
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) 
~[spring-core-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.apereo.cas.support.saml.web.idp.profile.builders.enc.BaseSamlObjectSigner$$EnhancerBySpringCGLIB$$3fdada57.encode()
 
~[cas-server-support-saml-idp-5.2.5.jar:5.2.5]
at 
org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder.buildResponse(SamlProfileSaml2ResponseBuilder.java:111)
 
~[cas-server-support-saml-idp-5.2.5.jar:5.2.5]
at 
org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder.buildResponse(SamlProfileSaml2ResponseBuilder.java:48)
 
~[cas-server-support-saml-idp-5.2.5.jar:5.2.5]
at 
org.apereo.cas.support.saml.web.idp.profile.builders.response.BaseSamlProfileSamlResponseBuilder.build(BaseSamlProfileSamlResponseBuilder.java:80)
 
~[cas-server-support-saml-idp-5.2.5.jar:5.2.5]
at sun.reflect.GeneratedMethodAccessor548.invoke(Unknown Source) ~[?:?]
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
~[?:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
at 
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at 
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
 
~[spring-aop-4.3.16.RELEASE.jar:4.3.16.RELEASE]
at com.sun.proxy.$Proxy258.build(Unknown Source) ~[?:?]
at 
org.apereo.cas.support.saml.web.idp.profile.AbstractSamlProfileHandlerController.buildSamlResponse(AbstractSamlProfileHandlerController.java:606)
 
~[cas-server-support-saml-idp-5.2.5.jar:5.2.5]
at 
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.handleCallbackProfileRequest(SSOSamlProfileCallbackHandlerController.java:117)
 
~[cas-server-support-saml-idp-5.2.5.jar:5.2.5]
at sun.reflect.GeneratedMethodAccessor556.invoke(Unknown Source) ~[?:?]
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
~[?:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
at

[cas-user] Problems with slack cas

2022-05-18 Thread Bryan Duran Castañeda 
Hello friends,

 I would like to join the cas chat in the slack app.  But when I try to
register with my personal email or with my google or apple account, it does
not allow me since it is not a valid domain.

 Could you support me by sending me an invitation to my email
vbryan...@hotmail.con or tell me how I could create an account @apareo.org

 Thanks for the support

 I'll be awaiting your comments

 Greetings,
 Bryan Duran

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAON4S3cc10R5sRMVanM-AYkny6VM2--LJiHN7rva%2BKbWgzfNwg%40mail.gmail.com.

Re: [cas-user] CAS LDAP authentication with OpenLDAP aliases?

2022-05-18 Thread Ray Bon 
Carl,

Are you referring to surrogate authentication?
https://apereo.github.io/cas/6.4.x/authentication/Surrogate-Authentication.html

Ray

On Wed, 2022-05-18 at 16:23 -0400, Carl Waldbieser wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

If I have an entry and an alias in an OpenLDAP DIT such that searching on 
"alias" dereferences "entry", is it possible to configure CAS to perform a 2 
stage BIND in this way?

I.e.


  1.  User enters "alias" and password at the CAS login form.
  2.  CAS searches the DIT with LDAP base "uid=alias,ou=aliases,o=myorg" and a 
filter like "(objectClass=*)".
  3.  The actual entry dereferenced has DN 
"uid=entry,ou=somedepartment,o=myorg".
  4.  CAS attempts a BIND against this DN with the provided password.

It's not obvious from the documentation how one might configure that, or even 
if it is possible.

Thanks,
Carl Waldbieser


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory 
the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose 
historical relationships with the land continue to this day.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/868a2f900c274818b9e38f466497d550f92d75a7.camel%40uvic.ca.

Re: [cas-user] CAS Interrupt

2022-05-18 Thread Matthew Gordon 
Hello Mathieu, 

Thank you for your reply!

It's not even getting that far. It's like it's not attempting to process 
the groovy script for the interrupt. I did attempt to add those lines, in 
several places, and did not see any output in the tomcat or CAS logs.

2022-05-18 16:41:51,370 DEBUG 
[org.apereo.cas.interrupt.webflow.actions.InquireInterruptAction] - 

2022-05-18 16:41:51,373 DEBUG 
[org.apereo.cas.interrupt.webflow.actions.InquireInterruptAction] - 


I am using the example code here: 
https://apereo.github.io/cas/6.5.x/webflow/Webflow-Customization-Interrupt-Groovy.html

Thank you,
Matt

On Tuesday, May 17, 2022 at 12:53:48 PM UTC-4 Mathieu HETRU wrote:

> Can you use println instead of logger ? like this :
>
> println "==="
> println principal
> println service
> println "==="
>
> Best Regards,
>
> Le dim. 15 mai 2022 à 02:00, Matthew Gordon  a écrit :
>
>> Built CAS 6.5.3 with:
>> support-interrupt-webflow
>>
>> Added this line to the config:
>> cas.interrupt.groovy.location=/etc/cas/scripts/INTERRUPT.groovy
>>
>> It does not appear to be calling the groovy script at all. I even added 
>> an intentional coding error expecting to break CAS, and nothing. Any ideas?
>>
>> LOG:
>> 2022-05-14 19:53:37,426 DEBUG 
>> [org.apereo.cas.interrupt.webflow.actions.InquireInterruptAction] - 
>> 
>> 2022-05-14 19:53:37,429 DEBUG 
>> [org.apereo.cas.interrupt.webflow.actions.InquireInterruptAction] - 
>> 
>>
>>
>> SCRIPT:
>>
>> import org.apereo.cas.interrupt.InterruptResponse
>>
>> def run(final Object... args) {
>> def principal = args[0]
>> def attributes = args[1]
>> def service = args[2]
>> def registeredService = args[3]
>> def requestContext = args[4]
>> def logger = args[5]
>>
>> logger.info("**principal - Attributes:")
>> principal.properties.each {  logger.info("KEY: $it.key -> VALUE: 
>> $it.value") }
>>
>> logger.info("**attributes - Attributes:")
>> attributes.properties.each {  logger.info("KEY: $it.key -> VALUE: 
>> $it.value") }
>>
>> logger.info("**service - Attributes:")
>> service.properties.each {  logger.info("KEY: $it.key -> VALUE: 
>> $it.value") }
>>
>> logger.info("**registeredService - Attributes:")
>> registeredService.properties.each {  logger.info("KEY: $it.key -> 
>> VALUE: $it.value") }
>>
>> logger.info("**requestContext - Attributes:")
>> requestContext.properties.each {  logger.info("KEY: $it.key -> 
>> VALUE: $it.value") }
>>
>> def block = false
>> def ssoEnabled = false
>>
>> return new InterruptResponse("Message", [link1:"google.com", link2:"
>> yahoo.com"], block, ssoEnabled)
>> 
>> /*return new InterruptResponse(message: message, redirectTo: 
>> redirectTo, block: block, ssoEnabled: ssoEnabled, autoRedirect: true, 
>> autoRedirectAfterSeconds: 1)*/
>> }
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/add29812-d0ec-41b1-8d6e-b26708e71917n%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8750ab0f-40a6-41f6-aa1b-40132e42478cn%40apereo.org.

[cas-user] CAS LDAP authentication with OpenLDAP aliases?

2022-05-18 Thread Carl Waldbieser 
If I have an entry and an alias in an OpenLDAP DIT such that searching on
"alias" dereferences "entry", is it possible to configure CAS to perform a
2 stage BIND in this way?

I.e.


   1. User enters "alias" and password at the CAS login form.
   2. CAS searches the DIT with LDAP base "uid=alias,ou=aliases,o=myorg"
   and a filter like "(objectClass=*)".
   3. The actual entry dereferenced has DN
   "uid=entry,ou=somedepartment,o=myorg".
   4. CAS attempts a BIND against this DN with the provided password.


It's not obvious from the documentation how one might configure that, or
even if it is possible.

Thanks,
Carl Waldbieser

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALt4NbOY6rzt0meT%3D-1u0EA4aO%3DR%2Bg%2B_e286KFt9occTy9%3DfAQ%40mail.gmail.com.

Re: [cas-user] CAS/LDAP user

2022-05-18 Thread Ray Bon 
Zaki,

This is an ldap config issue.
Either the testuser needs to be added to the people ou; or change the testuser 
dn to match what exists in ldap.

Ray

On Wed, 2022-05-18 at 09:54 +0300, Zaki Elmi Guelleh wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi Ray,

when i  use the command line utility ldapsearch from cas server; i have this 
error: result: 32 No such object
root@cas:/etc/cas/config# ldapsearch -h 192.168.143.200 -x -W -D 
"cn=testuser,ou=people,dc=example,dc=com"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

Le mer. 18 mai 2022 à 08:31, Zaki Elmi Guelleh 
mailto:zakiguel...@gmail.com>> a écrit :
Hi Ray,
 ldap settings are correct.
root@LDAPserv:~# ldapsearch -h 192.168.143.200 -x -W -D 
"cn=admin,dc=example,dc=com"
# testuser, people, example.com
dn: cn=testuser,ou=people,dc=example,dc=com
cn: testuser
gidNumber: 9802
givenName: testuser
homeDirectory: /home/users/testuser
mail:
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: supannPerson
sn: testuser
supannEmpId: 1001
supannEmpProfil:: QWRtaW5pc3RyYXRldXIgZHUgU3lzdMOobWUgJiBSw6lzZWF1
supannEntiteAffectation:
uid: testuser
uidNumber: 10012
userPassword:: e01ENX16QVBuUjZhdnU4djR2blpvclA2KzVRPT0=


logs cas :

=
WHO: audit:unknown
WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, 
event=success, timestamp=Wed May 18 07:23:54 CEST 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed May 18 07:23:54 CEST 2022
CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=

>
2022-05-18 07:24:07,465 INFO 
[org.apereo.cas.authentication.DefaultAuthenticationManager] - 
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for 
testuser].>
2022-05-18 07:24:07,465 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - mailto:r...@uvic.ca>> a 
écrit :
zak,

This are the settings I have for ldap


cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://...
cas.authn.ldap[0].connectTimeout=PT3S
cas.authn.ldap[0].baseDn=ou=people,...
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].bindDn=cn=Auth Manager,...
cas.authn.ldap[0].bindCredential=...
cas.authn.ldap[0].principalAttributeList=...

You can use the command line utility, ldapsearch, to be sure your ldap settings 
are correct.
Also check ldap logs.

Ray

On Tue, 2022-05-17 at 08:25 -0700, zak elmi wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi everyone.

I have a problem that I haven't been able to solve for a long time.


[org.apereo.cas.configuration.CasConfigurationPropertiesValidator] - 

 _  _   _ ___ _
/ \  |  _ \| |  _ \| / _ \   / ___|  / \  / ___|
   / _ \ | |_) |  _| | |_) |  _|| | | | | | / _ \ \___ \
  / ___ \|  __/| |___|  _ <| |__| |_| | | |___ / ___ \ ___) |
 /_/   \_\_|   |_|_| \_\_\___/   \/_/   \_\/


CAS Version: 6.6.0-RC2
CAS Branch: master
CAS Commit Id: 7946bc20e93ed407274ca391864c8e67165b4c8c
CAS Build Date/Time: 2022-05-10T11:39:56Z
Spring Boot Version: 2.6.6
Spring Version: 5.3.19
Java Home: /usr/lib/jvm/jdk-11
Java Vendor: Oracle Corporation
Java Version: 11.0.15
JVM Free Memory: 298 MB
JVM Maximum Memory: 910 MB
JVM Total Memory: 603 MB
OS Architecture: amd64
OS Name: Linux
OS Version: 4.9.0-18-amd64
OS Date/Time: 2022-05-17T16:45:45.852237
OS Temp Directory: /opt/tomcat/latest/temp

Apache Tomcat Version: Apache Tomcat/9.0.30
---
    ____   __
 |  _ \| |  / \  |  _ \ \ / /
 | |_) |  _|   / _ \ | | | \ V /
 |  _ <| |___ / ___ \| |_| || |
 |_| \_\_/_/   \_\/ |_|

>
2022-05-17 16:55:04,681 WARN 
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
 - <1 errors, 0 successes>
2022-05-17 16:55:13,354 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://example.com/index.php, 
requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue May 17 16:55:13 CEST 2022
CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=

>
2022-05-17 16:55:13,367 INFO 
[org.apereo.cas.authentication.DefaultAuthenticationManager] - 
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for

RE: [EXTERNAL SENDER] Re: [cas-user] CAS/LDAP user

2022-05-18 Thread King, Robert 
It looks like the attribute in your cas.authn.ldap[0].searchFilter is not in 
the response from your LDAP query.

cas.authn.ldap[0].searchFilter=supannAliasLogin={%s}

Also according to the CAS documentation, you should “{user}” and not “{%s}”.

Try the following and see if it resolves your connection issues:

cas.authn.ldap[0].searchFilter=uid={user}

From: cas-user@apereo.org  On Behalf Of Zaki Elmi Guelleh
Sent: Wednesday, May 18, 2022 3:02 AM
To: cas-user@apereo.org
Subject: [EXTERNAL SENDER] Re: [cas-user] CAS/LDAP user

Hi Ray,
 ldap settings are correct.
root@LDAPserv:~# ldapsearch -h 192.168.143.200 -x -W -D 
"cn=admin,dc=example,dc=com"
# testuser, people, example.com
dn: cn=testuser,ou=people,dc=example,dc=com
cn: testuser
gidNumber: 9802
givenName: testuser
homeDirectory: /home/users/testuser
mail:
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: supannPerson
sn: testuser
supannEmpId: 1001
supannEmpProfil:: QWRtaW5pc3RyYXRldXIgZHUgU3lzdMOobWUgJiBSw6lzZWF1
supannEntiteAffectation:
uid: testuser
uidNumber: 10012
userPassword:: e01ENX16QVBuUjZhdnU4djR2blpvclA2KzVRPT0=


logs cas :

=
WHO: audit:unknown
WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver, 
event=success, timestamp=Wed May 18 07:23:54 CEST 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed May 18 07:23:54 CEST 2022
CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=

>
2022-05-18 07:24:07,465 INFO 
[org.apereo.cas.authentication.DefaultAuthenticationManager] - 
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for 
testuser].>
2022-05-18 07:24:07,465 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - mailto:r...@uvic.ca>> a 
écrit :
zak,

This are the settings I have for ldap


cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://...
cas.authn.ldap[0].connectTimeout=PT3S
cas.authn.ldap[0].baseDn=ou=people,...
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].bindDn=cn=Auth Manager,...
cas.authn.ldap[0].bindCredential=...
cas.authn.ldap[0].principalAttributeList=...

You can use the command line utility, ldapsearch, to be sure your ldap settings 
are correct.
Also check ldap logs.

Ray

On Tue, 2022-05-17 at 08:25 -0700, zak elmi wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi everyone.

I have a problem that I haven't been able to solve for a long time.


[org.apereo.cas.configuration.CasConfigurationPropertiesValidator] - 

 _  _   _ ___ _
/ \  |  _ \| |  _ \| / _ \   / ___|  / \  / ___|
   / _ \ | |_) |  _| | |_) |  _|| | | | | | / _ \ \___ \
  / ___ \|  __/| |___|  _ <| |__| |_| | | |___ / ___ \ ___) |
 /_/   \_\_|   |_|_| \_\_\___/   \/_/   \_\/


CAS Version: 6.6.0-RC2
CAS Branch: master
CAS Commit Id: 7946bc20e93ed407274ca391864c8e67165b4c8c
CAS Build Date/Time: 2022-05-10T11:39:56Z
Spring Boot Version: 2.6.6
Spring Version: 5.3.19
Java Home: /usr/lib/jvm/jdk-11
Java Vendor: Oracle Corporation
Java Version: 11.0.15
JVM Free Memory: 298 MB
JVM Maximum Memory: 910 MB
JVM Total Memory: 603 MB
OS Architecture: amd64
OS Name: Linux
OS Version: 4.9.0-18-amd64
OS Date/Time: 2022-05-17T16:45:45.852237
OS Temp Directory: /opt/tomcat/latest/temp

Apache Tomcat Version: Apache Tomcat/9.0.30
---
    ____   __
 |  _ \| |  / \  |  _ \ \ / /
 | |_) |  _|   / _ \ | | | \ V /
 |  _ <| |___ / ___ \| |_| || |
 |_| \_\_/_/   \_\/ |_|
>
2022-05-17 16:55:04,681 WARN 
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
 - <1 errors, 0 successes>
2022-05-17 16:55:13,354 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://example.com/index.php, 
requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue May 17 16:55:13 CEST 2022
CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=

>
2022-05-17 16:55:13,367 INFO 
[org.apereo.cas.authentication.DefaultAuthenticationManager] - 
<[LdapAuthenticationHandler] exception details: [Unable to resolve user dn for 
user].>
2022-05-17 16:55:13,368 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2022-05-17 16:55:13,368 WARN 
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
 - <1 errors, 0 successes>



also find my cas.properties
cas.server.name=https://192.168.143.203:8443

Re: [cas-user] CAS/LDAP user

2022-05-18 Thread Zaki Elmi Guelleh 
Hi Ray,
 ldap settings are correct.
*root@LDAPserv:~# ldapsearch -h 192.168.143.200 -x -W -D
"cn=admin,dc=example,dc=com"*
# testuser, people, example.com
dn: cn=testuser,ou=people,dc=example,dc=com
cn: testuser
gidNumber: 9802
givenName: testuser
homeDirectory: /home/users/testuser
mail:
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: supannPerson
sn: testuser
supannEmpId: 1001
supannEmpProfil:: QWRtaW5pc3RyYXRldXIgZHUgU3lzdMOobWUgJiBSw6lzZWF1
supannEntiteAffectation:
uid: testuser
uidNumber: 10012
userPassword:: e01ENX16QVBuUjZhdnU4djR2blpvclA2KzVRPT0=


logs cas :

=
WHO: audit:unknown
WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
event=success, timestamp=Wed May 18 07:23:54 CEST 2022}
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Wed May 18 07:23:54 CEST 2022
CLIENT IP ADDRESS: X.X.X.X
SERVER IP ADDRESS: X.X.X.X
=

>
2022-05-18 07:24:07,465 INFO
[org.apereo.cas.authentication.DefaultAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: *[Unable to resolve user dn
for testuser].>*
2022-05-18 07:24:07,465 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  a écrit :

> zak,
>
> This are the settings I have for ldap
>
>
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldaps://...
> cas.authn.ldap[0].connectTimeout=PT3S
> cas.authn.ldap[0].baseDn=ou=people,...
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].searchFilter=uid={user}
> cas.authn.ldap[0].bindDn=cn=Auth Manager,...
> cas.authn.ldap[0].bindCredential=...
> cas.authn.ldap[0].principalAttributeList=...
>
> You can use the command line utility, ldapsearch, to be sure your ldap
> settings are correct.
> Also check ldap logs.
>
> Ray
>
> On Tue, 2022-05-17 at 08:25 -0700, zak elmi wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi everyone.
>
> I have a problem that I haven't been able to solve for a long time.
>
>
> [org.apereo.cas.configuration.CasConfigurationPropertiesValidator] -
> 
>
>  _  _   _ ___ _
> / \  |  _ \| |  _ \| / _ \   / ___|  / \  / ___|
>/ _ \ | |_) |  _| | |_) |  _|| | | | | | / _ \ \___ \
>   / ___ \|  __/| |___|  _ <| |__| |_| | | |___ / ___ \ ___) |
>  /_/   \_\_|   |_|_| \_\_\___/   \/_/   \_\/
>
>
> CAS Version: 6.6.0-RC2
> CAS Branch: master
> CAS Commit Id: 7946bc20e93ed407274ca391864c8e67165b4c8c
> CAS Build Date/Time: 2022-05-10T11:39:56Z
> Spring Boot Version: 2.6.6
> Spring Version: 5.3.19
> Java Home: /usr/lib/jvm/jdk-11
> Java Vendor: Oracle Corporation
> Java Version: 11.0.15
> JVM Free Memory: 298 MB
> JVM Maximum Memory: 910 MB
> JVM Total Memory: 603 MB
> OS Architecture: amd64
> OS Name: Linux
> OS Version: 4.9.0-18-amd64
> OS Date/Time: 2022-05-17T16:45:45.852237
> OS Temp Directory: /opt/tomcat/latest/temp
> 
> Apache Tomcat Version: Apache Tomcat/9.0.30
> ---
>     ____   __
>  |  _ \| |  / \  |  _ \ \ / /
>  | |_) |  _|   / _ \ | | | \ V /
>  |  _ <| |___ / ___ \| |_| || |
>  |_| \_\_/_/   \_\/ |_|
>
> >
> 2022-05-17 16:55:04,681 WARN
> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
> - <1 errors, 0 successes>
> 2022-05-17 16:55:13,354 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: audit:unknown
> WHAT: {result=Service Access Granted, service=
> https://example.com/index.php, requiredAttributes={}}
> ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Tue May 17 16:55:13 CEST 2022
> CLIENT IP ADDRESS: X.X.X.X
> SERVER IP ADDRESS: X.X.X.X
> =
>
> >
> 2022-05-17 16:55:13,367 INFO
> [org.apereo.cas.authentication.DefaultAuthenticationManager] -
> <[LdapAuthenticationHandler] exception details: [Unable to resolve user dn
> for user].>
> 2022-05-17 16:55:13,368 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO:  user
> WHAT: [UsernamePasswordCredential(username= user  , source=null,
> customFields={})]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Tue May 17 16:55:13 CEST 2022
> CLIENT IP ADDRESS: X.X.X.X
> SERVER IP ADDRESS: X.X.X.X
> =
>
> >
> 2022-05-17 16:55:13,368 WARN
>

Re: [cas-user] CAS/LDAP user

2022-05-18 Thread Zaki Elmi Guelleh 
Hi Ray,

when i  use the command line utility ldapsearch from cas server; i have
this error: *result: 32 No such object*
*root@cas:/etc/cas/config# ldapsearch -h 192.168.143.200 -x -W -D
"cn=testuser,ou=people,dc=example,dc=com"*
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

Le mer. 18 mai 2022 à 08:31, Zaki Elmi Guelleh  a
écrit :

> Hi Ray,
>  ldap settings are correct.
> *root@LDAPserv:~# ldapsearch -h 192.168.143.200 -x -W -D
> "cn=admin,dc=example,dc=com"*
> # testuser, people, example.com
> dn: cn=testuser,ou=people,dc=example,dc=com
> cn: testuser
> gidNumber: 9802
> givenName: testuser
> homeDirectory: /home/users/testuser
> mail:
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: supannPerson
> sn: testuser
> supannEmpId: 1001
> supannEmpProfil:: QWRtaW5pc3RyYXRldXIgZHUgU3lzdMOobWUgJiBSw6lzZWF1
> supannEntiteAffectation:
> uid: testuser
> uidNumber: 10012
> userPassword:: e01ENX16QVBuUjZhdnU4djR2blpvclA2KzVRPT0=
>
>
> logs cas :
>
> =
> WHO: audit:unknown
> WHAT: {source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
> event=success, timestamp=Wed May 18 07:23:54 CEST 2022}
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Wed May 18 07:23:54 CEST 2022
> CLIENT IP ADDRESS: X.X.X.X
> SERVER IP ADDRESS: X.X.X.X
> =
>
> >
> 2022-05-18 07:24:07,465 INFO
> [org.apereo.cas.authentication.DefaultAuthenticationManager] -
> <[LdapAuthenticationHandler] exception details: *[Unable to resolve user
> dn for testuser].>*
> 2022-05-18 07:24:07,465 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: testuser
> WHAT: [UsernamePasswordCredential(username=testuser, source=null,
> customFields={})]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Wed May 18 07:24:07 CEST 2022
> CLIENT IP ADDRESS: X.X.X.X
> SERVER IP ADDRESS: X.X.X.X
> =
>
>
> Thanks
>
>
>
> Le mar. 17 mai 2022 à 19:23, Ray Bon  a écrit :
>
>> zak,
>>
>> This are the settings I have for ldap
>>
>>
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl=ldaps://...
>> cas.authn.ldap[0].connectTimeout=PT3S
>> cas.authn.ldap[0].baseDn=ou=people,...
>> cas.authn.ldap[0].subtreeSearch=true
>> cas.authn.ldap[0].searchFilter=uid={user}
>> cas.authn.ldap[0].bindDn=cn=Auth Manager,...
>> cas.authn.ldap[0].bindCredential=...
>> cas.authn.ldap[0].principalAttributeList=...
>>
>> You can use the command line utility, ldapsearch, to be sure your ldap
>> settings are correct.
>> Also check ldap logs.
>>
>> Ray
>>
>> On Tue, 2022-05-17 at 08:25 -0700, zak elmi wrote:
>>
>> Notice: This message was sent from outside the University of Victoria
>> email system. Please be cautious with links and sensitive information.
>>
>> Hi everyone.
>>
>> I have a problem that I haven't been able to solve for a long time.
>>
>>
>> [org.apereo.cas.configuration.CasConfigurationPropertiesValidator] -
>> 
>>
>>  _  _   _ ___ _
>> / \  |  _ \| |  _ \| / _ \   / ___|  / \  / ___|
>>/ _ \ | |_) |  _| | |_) |  _|| | | | | | / _ \ \___ \
>>   / ___ \|  __/| |___|  _ <| |__| |_| | | |___ / ___ \ ___) |
>>  /_/   \_\_|   |_|_| \_\_\___/   \/_/   \_\/
>>
>>
>> CAS Version: 6.6.0-RC2
>> CAS Branch: master
>> CAS Commit Id: 7946bc20e93ed407274ca391864c8e67165b4c8c
>> CAS Build Date/Time: 2022-05-10T11:39:56Z
>> Spring Boot Version: 2.6.6
>> Spring Version: 5.3.19
>> Java Home: /usr/lib/jvm/jdk-11
>> Java Vendor: Oracle Corporation
>> Java Version: 11.0.15
>> JVM Free Memory: 298 MB
>> JVM Maximum Memory: 910 MB
>> JVM Total Memory: 603 MB
>> OS Architecture: amd64
>> OS Name: Linux
>> OS Version: 4.9.0-18-amd64
>> OS Date/Time: 2022-05-17T16:45:45.852237
>> OS Temp Directory: /opt/tomcat/latest/temp
>> 
>> Apache Tomcat Version: Apache Tomcat/9.0.30
>> ---
>>     ____   __
>>  |  _ \| |  / \  |  _ \ \ / /
>>  | |_) |  _|   / _ \ | | | \ V /
>>  |  _ <| |___ / ___ \| |_| || |
>>  |_| \_\_/_/   \_\/ |_|
>>
>> >
>> 2022-05-17 16:55:04,681 WARN
>> [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver]
>> - <1 errors, 0 successes>
>> 2022-05-17 16:55:13,354 INFO
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail record BEGIN
>> =
>> WHO: audit:unknown
>> WHAT: {result=Service