LDAP AUTHENTICATION ERROR
65 views
Skip to first unread message
Mustafa
Jun 22, 2019, 9:14:19 PM6/22/19
to CAS Community
HI?
I'am trying to Integrate My cas server with LDAP ( CAS v 5.1.9 installed on Redhat 8 with ldap server installed on Ubuntu 16.04 )
when i check the cas.log i find this Error.
2019-06-23 02:05:12,589 ERROR [org.apereo.cas.web.flow.AuthenticationExceptionHandlerAction] - <Unable to translate handler errors of the authentication exception [org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes]Returning [UNKNOWN]>
2019-06-23 02:05:21,196 WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [user1] of type [UsernamePasswordCredential], which suggests a configuration problem.>
2019-06-23 02:05:21,199 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: user1
WHAT: Supplied credentials: [user1]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Sun Jun 23 02:05:21 WEST 2019
CLIENT IP ADDRESS: 192.168.243.1
SERVER IP ADDRESS: 192.168.243.149
Ray Bon
Jun 24, 2019, 5:33:28 PM6/24/19
to cas-...@apereo.org
Mustafa,
Is this a new integration or is it the result of a change?
You should post your config files.
Ray
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
EL AZZAOUI Mustafa
Jun 24, 2019, 6:42:25 PM6/24/19
to cas-...@apereo.org
Hi Ray Bon ,
yes this is new integration i want to intergate my cas server with my LDAP server . this is my config file cas.properties. thank you
=================================================cas.properties=====================
cas.server.name: https://sso.ensias.ma:8443
cas.server.prefix: https://sso.ensias.ma:8443/cas
cas.adminPagesSecurity.ip=127\.0\.0\.1
logging.config: file:/etc/cas/config/log4j2.xml
# cas.serviceRegistry.config.location: classpath:/services
cas.authn.accept.users:
cas.tgc.secure: true
cas.tgc.crypto.signing.key: QGdatePGEybuSRLau-4iExXyfNq1YmJkzUtaLCR2wkkHNvdsUlccez_cDtK7QL7lidpcWfO77WSMvvdNfmFlhg
cas.tgc.crypto.encryption.key: dF-_VHSwjMnzkbtzDfWLt4pEt27P2eHNObVc_oWT-nM
cas.webflow.crypto.signing.key:3T5rPpKyACyIW_y5u4NzpkdOZzncs8AqlSHH64J6hFPNW7QD4w1CMr_vU4QOCdDZ9iK4gualSof8vbTfKMXvdQ
cas.webflow.crypto.encryption.key: uYhr0kA/aMqT08lfvangTQ==
cas.authn.attributeRepository.ldap[0].type=AUTHENTICATED
cas.authn.attributeRepository.ldap[0].attributes.uid=hbary
cas.authn.attributeRepository.ldap[0].attributes.displayName=hamza bary
# cas.authn.attributeRepository.ldap[0].attributes.cn=commonName
cas.authn.attributeRepository.ldap[0].attributes.affiliation=IoT
cas.authn.ldap[0].ldapUrl=ldaps://192.168.243.146:389
# cas.authn.attributeRepository.ldap[0].connectionStrategy=
cas.authn.attributeRepository.ldap[0].order=0
# cas.authn.attributeRepository.ldap[0].useSsl=true
# cas.authn.attributeRepository.ldap[0].useStartTls=false
# cas.authn.attributeRepository.ldap[0].connectTimeout=5000 cas.authn.attributeRepository.ldap[0].baseDn=dc=ensias,dc=ma
cas.authn.attributeRepository.ldap[0].userFilter=cn=hbary
# cas.authn.attributeRepository.ldap[0].subtreeSearch=true
cas.authn.attributeRepository.ldap[0].bindDn=cn=admin,dc=ensias,dc=ma
cas.authn.attributeRepository.ldap[0].bindCredential=123456
# cas.authn.attributeRepository.ldap[0].trustCertificates=
# cas.authn.attributeRepository.ldap[0].keystore=
# cas.authn.attributeRepository.ldap[0].keystorePassword=
# cas.authn.attributeRepository.ldap[0].keystoreType=JKS|JCEKS|PKCS12
# cas.authn.attributeRepository.ldap[0].poolPassivator=NONE|CLOSE|BIND
# cas.authn.attributeRepository.ldap[0].minPoolSize=3
# cas.authn.attributeRepository.ldap[0].maxPoolSize=10
# cas.authn.attributeRepository.ldap[0].validateOnCheckout=true
# cas.authn.attributeRepository.ldap[0].validatePeriodically=true
# cas.authn.attributeRepository.ldap[0].validatePeriod=600
# cas.authn.attributeRepository.ldap[0].validateTimeout=5000
# cas.authn.attributeRepository.ldap[0].failFast=true
# cas.authn.attributeRepository.ldap[0].idleTime=500
# cas.authn.attributeRepository.ldap[0].prunePeriod=600
# cas.authn.attributeRepository.ldap[0].blockWaitTime=5000
#cas.authn.attributeRepository.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
# cas.authn.attributeRepository.ldap[0].validator.type=NONE|SEARCH|COMPARE
# cas.authn.attributeRepository.ldap[0].validator.baseDn=
# cas.authn.attributeRepository.ldap[0].validator.searchFilter=(objectClass=*)
# cas.authn.attributeRepository.ldap[0].validator.scope=OBJECT|ONELEVEL|SUBTREE
# cas.authn.attributeRepository.ldap[0].validator.attributeName=objectClass
# cas.authn.attributeRepository.ldap[0].validator.attributeValues=top
# cas.authn.attributeRepository.ldap[0].validator.dn=
cas.server.prefix: https://sso.ensias.ma:8443/cas
cas.adminPagesSecurity.ip=127\.0\.0\.1
logging.config: file:/etc/cas/config/log4j2.xml
# cas.serviceRegistry.config.location: classpath:/services
cas.authn.accept.users:
cas.tgc.secure: true
cas.tgc.crypto.signing.key: QGdatePGEybuSRLau-4iExXyfNq1YmJkzUtaLCR2wkkHNvdsUlccez_cDtK7QL7lidpcWfO77WSMvvdNfmFlhg
cas.tgc.crypto.encryption.key: dF-_VHSwjMnzkbtzDfWLt4pEt27P2eHNObVc_oWT-nM
cas.webflow.crypto.signing.key:3T5rPpKyACyIW_y5u4NzpkdOZzncs8AqlSHH64J6hFPNW7QD4w1CMr_vU4QOCdDZ9iK4gualSof8vbTfKMXvdQ
cas.webflow.crypto.encryption.key: uYhr0kA/aMqT08lfvangTQ==
cas.authn.attributeRepository.ldap[0].type=AUTHENTICATED
cas.authn.attributeRepository.ldap[0].attributes.uid=hbary
cas.authn.attributeRepository.ldap[0].attributes.displayName=hamza bary
# cas.authn.attributeRepository.ldap[0].attributes.cn=commonName
cas.authn.attributeRepository.ldap[0].attributes.affiliation=IoT
cas.authn.ldap[0].ldapUrl=ldaps://192.168.243.146:389
# cas.authn.attributeRepository.ldap[0].connectionStrategy=
cas.authn.attributeRepository.ldap[0].order=0
# cas.authn.attributeRepository.ldap[0].useSsl=true
# cas.authn.attributeRepository.ldap[0].useStartTls=false
# cas.authn.attributeRepository.ldap[0].connectTimeout=5000 cas.authn.attributeRepository.ldap[0].baseDn=dc=ensias,dc=ma
cas.authn.attributeRepository.ldap[0].userFilter=cn=hbary
# cas.authn.attributeRepository.ldap[0].subtreeSearch=true
cas.authn.attributeRepository.ldap[0].bindDn=cn=admin,dc=ensias,dc=ma
cas.authn.attributeRepository.ldap[0].bindCredential=123456
# cas.authn.attributeRepository.ldap[0].trustCertificates=
# cas.authn.attributeRepository.ldap[0].keystore=
# cas.authn.attributeRepository.ldap[0].keystorePassword=
# cas.authn.attributeRepository.ldap[0].keystoreType=JKS|JCEKS|PKCS12
# cas.authn.attributeRepository.ldap[0].poolPassivator=NONE|CLOSE|BIND
# cas.authn.attributeRepository.ldap[0].minPoolSize=3
# cas.authn.attributeRepository.ldap[0].maxPoolSize=10
# cas.authn.attributeRepository.ldap[0].validateOnCheckout=true
# cas.authn.attributeRepository.ldap[0].validatePeriodically=true
# cas.authn.attributeRepository.ldap[0].validatePeriod=600
# cas.authn.attributeRepository.ldap[0].validateTimeout=5000
# cas.authn.attributeRepository.ldap[0].failFast=true
# cas.authn.attributeRepository.ldap[0].idleTime=500
# cas.authn.attributeRepository.ldap[0].prunePeriod=600
# cas.authn.attributeRepository.ldap[0].blockWaitTime=5000
#cas.authn.attributeRepository.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
# cas.authn.attributeRepository.ldap[0].validator.type=NONE|SEARCH|COMPARE
# cas.authn.attributeRepository.ldap[0].validator.baseDn=
# cas.authn.attributeRepository.ldap[0].validator.searchFilter=(objectClass=*)
# cas.authn.attributeRepository.ldap[0].validator.scope=OBJECT|ONELEVEL|SUBTREE
# cas.authn.attributeRepository.ldap[0].validator.attributeName=objectClass
# cas.authn.attributeRepository.ldap[0].validator.attributeValues=top
# cas.authn.attributeRepository.ldap[0].validator.dn=
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e958780f64f8d9109331ca8860c347d6133d8165.camel%40uvic.ca.
EL AZZAOUI Mustafa
Ray Bon
Jun 24, 2019, 7:49:30 PM6/24/19
to cas-...@apereo.org
Mustafa,
Try this for userFilter
cas.authn.ldap[0].userFilter=cn={user}
{user} will be substituted for the user logging in.
Ray
EL AZZAOUI Mustafa
Jun 24, 2019, 8:40:30 PM6/24/19
to cas-...@apereo.org
i try it but didn't Work :(
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2bcd9d5c615f2994f5beeb7f36fab943552a3bf0.camel%40uvic.ca.
Ray Bon
Jun 25, 2019, 10:56:14 AM6/25/19
to cas-...@apereo.org
You should look at your LDAP logs. You could also put your CAS logs in debug or even trace mode.
Ray
EL AZZAOUI Mustafa
Jun 26, 2019, 2:31:09 PM6/26/19
to cas-...@apereo.org
ok i will try Thank you Ray :)
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6def22dc8a89497590debef21f6cfa99685f208.camel%40uvic.ca.
Reply all
Reply to author
Forward
0 new messages