Authentication issues - CAS cannot find authentication handler that supports [UsernamePasswordCredential].

2,128 views

Skip to first unread message

Jennifer LaVoie

unread,

May 15, 2018, 9:04:16 AM5/15/18

to CAS Community

Hello Everyone

I am trying to get CAS to work with AD. I am getting the following error and authentication fails. I already have the OS bound to AD for OS login, so I know there is not firewall issue or anything. I am wondering if I have the right libraries and jar files? I did update my pom.xml and run maven again to (i hope) install the ldap stuff.

Here is my cas.properties (some fields masked)

cas.server.name: https://cas3-dev.campus.bridgew.edu

cas.server.prefix: ${cas.server.name}/cas

cas.adminPagesSecurity.ip=127\.0\.0\.1

cas.tgc.secure: true

cas.tgc.crypto.signing.key: xxx

cas.tgc.crypto.encryption.key: xxx

cas.webflow.crypto.signing.key: xxx

cas.webflow.crypto.encryption.key: xxx

logging.config: file:/etc/cas/config/log4j2.xml

cas.serviceRegistry.json.config.location: file:/etc/cas/services

cas.authn.accept.users:

cas.authn.ldap[0].order: 0

cas.authn.ldap[0].name: Active Directory

cas.authn.ldap[0].type: AD

cas.authn.ldap[0].ldapUrl: ldap://boydendc-prd.campus.bridgew.edu:389

cas.authn.ldap[0].validatePeriod: 270

cas.authn.ldap[0].poolPassivator: NONE

cas.authn.ldap[0].userFilter: sAMAccountName={user}

cas.authn.ldap[0].baseDn: dc=campus,dc=bridgew,dc=edu

cas.authn.ldap[0].bindDn: "cn=cassrch,ou=BEIS-CAS,ou=IT Admin,dc=campus,dc=bridgew,dc=edu"

cas.authn.ldap[1].bindCredential: xxxxxx

cas.authn.ldap[0].dnFormat: uid=%s,dc=campus,dc=bridgew,dc=edu

This is a tail of my catalina.out

15-May-2018 08:53:40.825 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/apache/webapps/cas] has finished in [32,744] ms

15-May-2018 08:53:40.830 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-8443"]

15-May-2018 08:53:40.841 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]

15-May-2018 08:53:40.843 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 33115 ms

2018-05-15 08:54:00,803 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [InMemoryServiceRegistry]>

2018-05-15 08:54:00,804 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>

2018-05-15 08:54:10,807 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating new transaction with name [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>

2018-05-15 08:54:10,812 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Attempting to acquire ticket cleanup lock.>

2018-05-15 08:54:10,812 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Acquired lock. Proceeding with cleanup.>

2018-05-15 08:54:10,815 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>

2018-05-15 08:54:10,815 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Releasing ticket cleanup lock.>

2018-05-15 08:54:10,815 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.>

2018-05-15 08:54:10,816 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Initiating transaction commit>

2018-05-15 08:55:00,804 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [InMemoryServiceRegistry]>

2018-05-15 08:55:00,805 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>

2018-05-15 08:55:42,520 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: [/cas/] >

2018-05-15 08:55:42,526 DEBUG [org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - <No service is specified in the request. Skipping service creation>

2018-05-15 08:55:42,527 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <No service could be extracted based on the given request>

2018-05-15 08:55:42,527 DEBUG [org.apereo.cas.web.support.AbstractArgumentExtractor] - <Extractor did not generate service.>

2018-05-15 08:55:42,550 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>

2018-05-15 08:55:42,553 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: audit:unknown

WHAT: [event=success,timestamp=Tue May 15 08:55:42 EDT 2018,source=RankedAuthenticationProviderWebflowEventResolver]

ACTION: AUTHENTICATION_EVENT_TRIGGERED

APPLICATION: CAS

WHEN: Tue May 15 08:55:42 EDT 2018

CLIENT IP ADDRESS: 10.28.51.56

SERVER IP ADDRESS: 10.20.32.131

=============================================================

2018-05-15 08:55:42,884 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>

2018-05-15 08:55:42,885 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>

2018-05-15 08:55:42,885 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>

2018-05-15 08:55:42,886 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>

2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]>

2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>

2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>

2018-05-15 08:55:43,864 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML>

2018-05-15 08:55:43,865 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML>

2018-05-15 08:55:43,866 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en] - neither plain properties nor XML>

2018-05-15 08:55:43,868 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Loading properties [messages.properties] with encoding 'UTF-8'>

2018-05-15 08:55:44,024 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>

2018-05-15 08:55:44,025 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>

2018-05-15 08:55:44,025 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>

2018-05-15 08:55:44,026 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>

2018-05-15 08:55:44,026 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]>

2018-05-15 08:55:44,026 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>

2018-05-15 08:55:44,027 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>

2018-05-15 08:55:50,612 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>

2018-05-15 08:55:50,613 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>

2018-05-15 08:55:50,613 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>

2018-05-15 08:55:50,614 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>

2018-05-15 08:55:50,614 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]>

2018-05-15 08:55:50,615 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>

2018-05-15 08:55:50,615 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>

2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Located client IP address as [10.28.51.56]>

2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <User agent [Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36] is authorized to proceed>

2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Adaptive authentication policy has authorized client [10.28.51.56] to proceed.>

2018-05-15 08:55:50,630 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>

2018-05-15 08:55:50,653 DEBUG [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] - <Authentication handlers used for this transaction are [HttpBasedServiceCredentialsAuthenticationHandler]>

2018-05-15 08:55:50,657 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [jennifer.lavoie_da] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>

2018-05-15 08:55:50,659 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: jennifer.lavoie_da

WHAT: Supplied credentials: [jennifer.lavoie_da]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Tue May 15 08:55:50 EDT 2018

CLIENT IP ADDRESS: 10.28.51.56

SERVER IP ADDRESS: 10.20.32.131

=============================================================

2018-05-15 08:55:50,671 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>

2018-05-15 08:55:50,671 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>

2018-05-15 08:55:50,671 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>

2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>

2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]>

2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>

2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>

2018-05-15 08:55:50,689 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>

2018-05-15 08:55:50,690 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>

2018-05-15 08:55:50,690 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>

2018-05-15 08:55:50,690 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>

2018-05-15 08:55:50,691 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]>

2018-05-15 08:55:50,691 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>

2018-05-15 08:55:50,691 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>

2018-05-15 08:56:00,805 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [InMemoryServiceRegistry]>

2018-05-15 08:56:00,806 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>

[root@cas3-dev bin]# netstat -anop |grep java

tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 1799/java off (0.00/0/0)

tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 1799/java off (0.00/0/0)

tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 1799/java off (0.00/0/0)

unix 2 [ ] STREAM CONNECTED 31447 1799/java

unix 3 [ ] STREAM CONNECTED 31552 1799/java

unix 3 [ ] STREAM CONNECTED 31551 1799/java

unix 2 [ ] STREAM CONNECTED 33610 1799/java

[root@cas3-dev bin]# netstat -anop |grep 389

tcp 0 0 10.20.32.131:33050 10.20.16.65:389 ESTABLISHED 1244/winbindd keepalive (6472.16/0/0)

[root@cas3-dev bin]#

Any insight would be useful

Thanks so much

Jen

David Curry

unread,

May 15, 2018, 9:14:01 AM5/15/18

to cas-...@apereo.org

If you're using ldap.type=AD, you should not be using a bind credential.

If you want to use a bind credential, you should use ldap.type=AUTHENTICATED.

See https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-authentication-1 for more info on ldap.type.

--Dave

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3bb4e351-dc1a-442b-a3e8-1bc0d0d8d21c%40apereo.org.

Reply all

Reply to author

Forward

0 new messages