Hello Everyone
I am trying to get CAS to work with AD. I am getting the following error and authentication fails. I already have the OS bound to AD for OS login, so I know there is not firewall issue or anything. I am wondering if I have the right libraries and jar files? I did update my pom.xml and run maven again to (i hope) install the ldap stuff.
Here is my cas.properties (some fields masked)
cas.adminPagesSecurity.ip=127\.0\.0\.1
cas.tgc.secure: true
cas.tgc.crypto.signing.key: xxx
cas.tgc.crypto.encryption.key: xxx
cas.webflow.crypto.signing.key: xxx
cas.webflow.crypto.encryption.key: xxx
logging.config: file:/etc/cas/config/log4j2.xml
cas.serviceRegistry.json.config.location: file:/etc/cas/services
cas.authn.accept.users:
cas.authn.ldap[0].order: 0
cas.authn.ldap[0].name: Active Directory
cas.authn.ldap[0].type: AD
cas.authn.ldap[0].validatePeriod: 270
cas.authn.ldap[0].poolPassivator: NONE
cas.authn.ldap[0].userFilter: sAMAccountName={user}
cas.authn.ldap[0].baseDn: dc=campus,dc=bridgew,dc=edu
cas.authn.ldap[0].bindDn: "cn=cassrch,ou=BEIS-CAS,ou=IT Admin,dc=campus,dc=bridgew,dc=edu"
cas.authn.ldap[1].bindCredential: xxxxxx
cas.authn.ldap[0].dnFormat: uid=%s,dc=campus,dc=bridgew,dc=edu
This is a tail of my catalina.out
15-May-2018 08:53:40.825 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/apache/webapps/cas] has finished in [32,744] ms
15-May-2018 08:53:40.830 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-8443"]
15-May-2018 08:53:40.841 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
15-May-2018 08:53:40.843 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 33115 ms
2018-05-15 08:54:00,803 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [InMemoryServiceRegistry]>
2018-05-15 08:54:00,804 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
2018-05-15 08:54:10,807 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Creating new transaction with name [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner.clean]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; 'ticketTransactionManager'>
2018-05-15 08:54:10,812 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Attempting to acquire ticket cleanup lock.>
2018-05-15 08:54:10,812 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Acquired lock. Proceeding with cleanup.>
2018-05-15 08:54:10,815 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2018-05-15 08:54:10,815 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Releasing ticket cleanup lock.>
2018-05-15 08:54:10,815 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.>
2018-05-15 08:54:10,816 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - <Initiating transaction commit>
2018-05-15 08:55:00,804 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [InMemoryServiceRegistry]>
2018-05-15 08:55:00,805 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
2018-05-15 08:55:42,520 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: [/cas/] >
2018-05-15 08:55:42,526 DEBUG [org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - <No service is specified in the request. Skipping service creation>
2018-05-15 08:55:42,527 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <No service could be extracted based on the given request>
2018-05-15 08:55:42,527 DEBUG [org.apereo.cas.web.support.AbstractArgumentExtractor] - <Extractor did not generate service.>
2018-05-15 08:55:42,550 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2018-05-15 08:55:42,553 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Tue May 15 08:55:42 EDT 2018,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue May 15 08:55:42 EDT 2018
CLIENT IP ADDRESS: 10.28.51.56
SERVER IP ADDRESS: 10.20.32.131
=============================================================
>
2018-05-15 08:55:42,884 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>
2018-05-15 08:55:42,885 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>
2018-05-15 08:55:42,885 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>
2018-05-15 08:55:42,886 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>
2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]>
2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>
2018-05-15 08:55:42,887 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>
2018-05-15 08:55:43,864 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML>
2018-05-15 08:55:43,865 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML>
2018-05-15 08:55:43,866 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en] - neither plain properties nor XML>
2018-05-15 08:55:43,868 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Loading properties [messages.properties] with encoding 'UTF-8'>
2018-05-15 08:55:44,024 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>
2018-05-15 08:55:44,025 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>
2018-05-15 08:55:44,025 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>
2018-05-15 08:55:44,026 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>
2018-05-15 08:55:44,026 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]>
2018-05-15 08:55:44,026 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>
2018-05-15 08:55:44,027 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>
2018-05-15 08:55:50,612 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>
2018-05-15 08:55:50,613 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>
2018-05-15 08:55:50,613 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>
2018-05-15 08:55:50,614 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>
2018-05-15 08:55:50,614 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]>
2018-05-15 08:55:50,615 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>
2018-05-15 08:55:50,615 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>
2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Located client IP address as [10.28.51.56]>
2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <User agent [Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36] is authorized to proceed>
2018-05-15 08:55:50,629 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Adaptive authentication policy has authorized client [10.28.51.56] to proceed.>
2018-05-15 08:55:50,630 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2018-05-15 08:55:50,630 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>
2018-05-15 08:55:50,653 DEBUG [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] - <Authentication handlers used for this transaction are [HttpBasedServiceCredentialsAuthenticationHandler]>
2018-05-15 08:55:50,657 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [jennifer.lavoie_da] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
2018-05-15 08:55:50,659 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: jennifer.lavoie_da
WHAT: Supplied credentials: [jennifer.lavoie_da]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue May 15 08:55:50 EDT 2018
CLIENT IP ADDRESS: 10.28.51.56
SERVER IP ADDRESS: 10.20.32.131
=============================================================
>
2018-05-15 08:55:50,671 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>
2018-05-15 08:55:50,671 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>
2018-05-15 08:55:50,671 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>
2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>
2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]>
2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>
2018-05-15 08:55:50,672 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>
2018-05-15 08:55:50,689 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>
2018-05-15 08:55:50,690 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>
2018-05-15 08:55:50,690 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>
2018-05-15 08:55:50,690 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>
2018-05-15 08:55:50,691 DEBUG [org.apereo.cas.services.web.ServiceThemeResolver] - <No service is found in the request context. Falling back to the default theme [cas-theme-default]>
2018-05-15 08:55:50,691 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>
2018-05-15 08:55:50,691 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>
2018-05-15 08:56:00,805 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [InMemoryServiceRegistry]>
2018-05-15 08:56:00,806 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
[root@cas3-dev bin]# netstat -anop |grep java
tcp 0 0
0.0.0.0:8009 0.0.0.0:* LISTEN 1799/java off (0.00/0/0)
tcp 0 0
0.0.0.0:8443 0.0.0.0:* LISTEN 1799/java off (0.00/0/0)
unix 2 [ ] STREAM CONNECTED 31447 1799/java
unix 3 [ ] STREAM CONNECTED 31552 1799/java
unix 3 [ ] STREAM CONNECTED 31551 1799/java
unix 2 [ ] STREAM CONNECTED 33610 1799/java
[root@cas3-dev bin]# netstat -anop |grep 389
[root@cas3-dev bin]#
Any insight would be useful
Thanks so much
Jen