Add static user to some handler
72 views
Skip to first unread message
Josep Manel Andrés
Jul 11, 2016, 9:59:20 AM7/11/16
to CAS Community
Hi,
I am using CAS to login to our webapps as a normal users, but when we
want to do admin task, we need to login as a root (to our webapps ) and
since we only have one authenticationHandler, which is
ldapAuthenticationHandler, so I could not find a way to define a static
root user with an static password, so the behavour wold be something like.
Try to log in using ldapAuthenticationHandler, and if this doesn't work,
then try to login with root account defined statically, and if it
doesn't, then do nothing.
Best regards.
--
Josep Manel Andrés (josep....@bsc.es)
Operations - Barcelona Supercomputing Center
C/ Jordi Girona, 31 http://www.bsc.es
08034 Barcelona, Spain Tel: +34-93-405 42 14
e-mail: sys...@bsc.es Fax: +34-93-413 77 21
-----------------------------------------------
WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.
http://www.bsc.es/disclaimer
I am using CAS to login to our webapps as a normal users, but when we
want to do admin task, we need to login as a root (to our webapps ) and
since we only have one authenticationHandler, which is
ldapAuthenticationHandler, so I could not find a way to define a static
root user with an static password, so the behavour wold be something like.
Try to log in using ldapAuthenticationHandler, and if this doesn't work,
then try to login with root account defined statically, and if it
doesn't, then do nothing.
Best regards.
--
Josep Manel Andrés (josep....@bsc.es)
Operations - Barcelona Supercomputing Center
C/ Jordi Girona, 31 http://www.bsc.es
08034 Barcelona, Spain Tel: +34-93-405 42 14
e-mail: sys...@bsc.es Fax: +34-93-413 77 21
-----------------------------------------------
WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.
http://www.bsc.es/disclaimer
Dmitriy Kopylenko
Jul 11, 2016, 10:16:52 AM7/11/16
to Josep Manel Andrés, CAS Community
You haven’t specified the version of CAS that you use, so I’ll assume the latest. This might solve your use case: https://apereo.github.io/cas/4.2.x/installation/Whitelist-Authentication.html
Cheers,
D.
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5783A634.50605%40bsc.es.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Josep Manel Andrés
Jul 11, 2016, 11:08:06 AM7/11/16
to Dmitriy Kopylenko, CAS Community
Right , that seems to be what I need, but for 4.0.x, that is the version
I am running.
But now I have a problem, if I add FileAuthenticationHandler just right
before ldapauthenticationhandler it can be deployed to the server but
not authenticating with the username defined in the file.
(I've added cas-server-support-generic support)
On the logs I never see the app going to look for users defined on the file.
I have tried both: AcceptUsersAuthenticationHandler too, but it never
compiles....
Thank you.
On 11/07/16 16:16, Dmitriy Kopylenko wrote:
> You haven’t specified the version of CAS that you use, so I’ll assume
> the latest. This might solve your use case:
> https://apereo.github.io/cas/4.2.x/installation/Whitelist-Authentication.html
>
> Cheers,
> D.
>
>> On Jul 11, 2016, at 9:59 AM, Josep Manel Andrés <josep....@bsc.es
I am running.
But now I have a problem, if I add FileAuthenticationHandler just right
before ldapauthenticationhandler it can be deployed to the server but
not authenticating with the username defined in the file.
(I've added cas-server-support-generic support)
On the logs I never see the app going to look for users defined on the file.
I have tried both: AcceptUsersAuthenticationHandler too, but it never
compiles....
Thank you.
On 11/07/16 16:16, Dmitriy Kopylenko wrote:
> You haven’t specified the version of CAS that you use, so I’ll assume
> the latest. This might solve your use case:
> https://apereo.github.io/cas/4.2.x/installation/Whitelist-Authentication.html
>
> Cheers,
> D.
>
>> On Jul 11, 2016, at 9:59 AM, Josep Manel Andrés <josep....@bsc.es
>> <mailto:josep....@bsc.es>> wrote:
>>
>> Hi,
>> I am using CAS to login to our webapps as a normal users, but when we
>> want to do admin task, we need to login as a root (to our webapps )
>> and since we only have one authenticationHandler, which is
>> ldapAuthenticationHandler, so I could not find a way to define a
>> static root user with an static password, so the behavour wold be
>> something like.
>>
>> Try to log in using ldapAuthenticationHandler, and if this doesn't
>> work, then try to login with root account defined statically, and if
>> it doesn't, then do nothing.
>>
>> Best regards.
>>
>> --
>> Josep Manel Andrés (josep....@bsc.es <mailto:josep....@bsc.es>)
>>
>> Hi,
>> I am using CAS to login to our webapps as a normal users, but when we
>> want to do admin task, we need to login as a root (to our webapps )
>> and since we only have one authenticationHandler, which is
>> ldapAuthenticationHandler, so I could not find a way to define a
>> static root user with an static password, so the behavour wold be
>> something like.
>>
>> Try to log in using ldapAuthenticationHandler, and if this doesn't
>> work, then try to login with root account defined statically, and if
>> it doesn't, then do nothing.
>>
>> Best regards.
>>
>> --
>> Operations - Barcelona Supercomputing Center
>> C/ Jordi Girona, 31 http://www.bsc.es
>> 08034 Barcelona, Spain Tel: +34-93-405 42 14
>> e-mail: sys...@bsc.es <mailto:sys...@bsc.es> Fax: +34-93-413 77 21
>> C/ Jordi Girona, 31 http://www.bsc.es
>> 08034 Barcelona, Spain Tel: +34-93-405 42 14
Dmitriy Kopylenko
Jul 11, 2016, 11:16:01 AM7/11/16
to josep....@bsc.es, CAS Community
Add it after ldap handler
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5783B652.8060606%40bsc.es.
Josep Manel Andrés
Jul 11, 2016, 11:25:21 AM7/11/16
to cas-...@apereo.org
It doesn't seem to even try to open the user's file.....
2016-07-11 17:22:31,928 DEBUG [org.ldaptive.auth.FormatDnResolver] -
<Formatting DN for root with uid=%s,ou=people,ou=my-server,dc=es>
2016-07-11 17:22:31,929 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate dn=uid=root,ou=people,ou=my-server,dc=es with
request=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root,
retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber,
givenName, displayName, groups]]>
2016-07-11 17:22:31,930 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
criteria=[org.ldaptive.auth.AuthenticationCriteria@1986614006::dn=uid=root,ou=people,ou=my-server,dc=es,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root,
retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber,
givenName, displayName, groups]]]>
2016-07-11 17:22:31,931 DEBUG [org.ldaptive.BindOperation] - <execute
request=[org.ldaptive.BindRequest@2093338933::bindDn=uid=root,ou=people,ou=my-server,dc=es,
saslConfig=null, controls=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1777898063::config=[org.ldaptive.ConnectionConfig@163509196::ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1406736210::metadata=[ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, count=1],
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1368011647::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4017ed7e,
controlProcessor=org.ldaptive.provider.ControlProcessor@7a57cb96,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1093902922::factory=sun.security.ssl.SSLSocketFactoryImpl@24e3c9b7,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab]>
2016-07-11 17:22:31,933 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@1677061395::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1777898063::config=[org.ldaptive.ConnectionConfig@163509196::ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1406736210::metadata=[ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, count=1],
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1368011647::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4017ed7e,
controlProcessor=org.ldaptive.provider.ControlProcessor@7a57cb96,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1093902922::factory=sun.security.ssl.SSLSocketFactoryImpl@24e3c9b7,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab],
result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials], controls=null] for
criteria=[org.ldaptive.auth.AuthenticationCriteria@1986614006::dn=uid=root,ou=people,ou=my-server,dc=es,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root,
retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber,
givenName, displayName, groups]]]>
2016-07-11 17:22:31,934 INFO [org.ldaptive.auth.Authenticator] -
<Authentication failed for dn: uid=root,ou=people,ou=my-server,dc=es>
2016-07-11 17:22:31,935 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@1677061395::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1777898063::config=[org.ldaptive.ConnectionConfig@163509196::ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1406736210::metadata=[ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, count=1],
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1368011647::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4017ed7e,
controlProcessor=org.ldaptive.provider.ControlProcessor@7a57cb96,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1093902922::factory=sun.security.ssl.SSLSocketFactoryImpl@24e3c9b7,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab],
result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials], controls=null] for
dn=uid=root,ou=people,ou=my-server,dc=es with
request=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root,
retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber,
givenName, displayName, groups]]>
2016-07-11 17:22:31,935 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler failed authenticating root>
2016-07-11 17:22:31,936 INFO
[org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: root
WHAT: supplied credentials: [root]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Mon Jul 11 17:22:31 CEST 2016
On 11/07/16 17:15, Dmitriy Kopylenko wrote:
> Add it after ldap handler
>
>> On Jul 11, 2016, at 11:08 AM, Josep Manel Andrés <josep....@bsc.es
>>>> <mailto:josep....@bsc.es><mailto:josep....@bsc.es>)
>> <mailto:cas-user+u...@apereo.org>.
>> To post to this group, send email tocas...@apereo.org
>> <mailto:cas-...@apereo.org>.
>> Visit this group athttps://groups.google.com/a/apereo.org/group/cas-user/.
>> For more options, visithttps://groups.google.com/a/apereo.org/d/optout.
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7891FCF2-D6A7-443B-9E7E-66F07399A75C%40unicon.net?utm_medium=email&utm_source=footer>.
2016-07-11 17:22:31,928 DEBUG [org.ldaptive.auth.FormatDnResolver] -
<Formatting DN for root with uid=%s,ou=people,ou=my-server,dc=es>
2016-07-11 17:22:31,929 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate dn=uid=root,ou=people,ou=my-server,dc=es with
request=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root,
retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber,
givenName, displayName, groups]]>
2016-07-11 17:22:31,930 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
criteria=[org.ldaptive.auth.AuthenticationCriteria@1986614006::dn=uid=root,ou=people,ou=my-server,dc=es,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root,
retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber,
givenName, displayName, groups]]]>
2016-07-11 17:22:31,931 DEBUG [org.ldaptive.BindOperation] - <execute
request=[org.ldaptive.BindRequest@2093338933::bindDn=uid=root,ou=people,ou=my-server,dc=es,
saslConfig=null, controls=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1777898063::config=[org.ldaptive.ConnectionConfig@163509196::ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1406736210::metadata=[ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, count=1],
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1368011647::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4017ed7e,
controlProcessor=org.ldaptive.provider.ControlProcessor@7a57cb96,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1093902922::factory=sun.security.ssl.SSLSocketFactoryImpl@24e3c9b7,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab]>
2016-07-11 17:22:31,933 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@1677061395::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1777898063::config=[org.ldaptive.ConnectionConfig@163509196::ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1406736210::metadata=[ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, count=1],
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1368011647::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4017ed7e,
controlProcessor=org.ldaptive.provider.ControlProcessor@7a57cb96,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1093902922::factory=sun.security.ssl.SSLSocketFactoryImpl@24e3c9b7,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab],
result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials], controls=null] for
criteria=[org.ldaptive.auth.AuthenticationCriteria@1986614006::dn=uid=root,ou=people,ou=my-server,dc=es,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root,
retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber,
givenName, displayName, groups]]]>
2016-07-11 17:22:31,934 INFO [org.ldaptive.auth.Authenticator] -
<Authentication failed for dn: uid=root,ou=people,ou=my-server,dc=es>
2016-07-11 17:22:31,935 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@1677061395::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1777898063::config=[org.ldaptive.ConnectionConfig@163509196::ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=true,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1406736210::metadata=[ldapUrl=ldap://opsld02.my-server.es
ldap://opsld01.my-server.es, count=1],
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1368011647::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4017ed7e,
controlProcessor=org.ldaptive.provider.ControlProcessor@7a57cb96,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null],
sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1093902922::factory=sun.security.ssl.SSLSocketFactoryImpl@24e3c9b7,
sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem,
authenticationCertificate=null, authenticationKey=null],
trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null]], hostnameVerifier=null],
providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab],
result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials], controls=null] for
dn=uid=root,ou=people,ou=my-server,dc=es with
request=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root,
retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber,
givenName, displayName, groups]]>
2016-07-11 17:22:31,935 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler failed authenticating root>
2016-07-11 17:22:31,936 INFO
[org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: root
WHAT: supplied credentials: [root]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Mon Jul 11 17:22:31 CEST 2016
On 11/07/16 17:15, Dmitriy Kopylenko wrote:
> Add it after ldap handler
>
>> On Jul 11, 2016, at 11:08 AM, Josep Manel Andrés <josep....@bsc.es
>>>> Operations - Barcelona Supercomputing Center
>>>> C/ Jordi Girona, 31http://www.bsc.es <http://www.bsc.es/>
>>>> 08034 Barcelona, Spain Tel: +34-93-405 42 14
>>>> e-mail:sys...@bsc.es <mailto:sys...@bsc.es><mailto:sys...@bsc.es>
>>>> Fax: +34-93-413 77 21
>>>> -----------------------------------------------
>>>>
>>>> WARNING / LEGAL TEXT: This message is intended only for the use of the
>>>> individual or entity to which it is addressed and may contain
>>>> information which is privileged, confidential, proprietary, or exempt
>>>> from disclosure under applicable law. If you are not the intended
>>>> recipient or the person responsible for delivering the message to the
>>>> intended recipient, you are strictly prohibited from disclosing,
>>>> distributing, copying, or in any way using this message. If you have
>>>> received this communication in error, please notify the sender and
>>>> destroy and delete any copies you may have received.
>>>>
>>>> http://www.bsc.es/disclaimer
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to cas-user+u...@apereo.org.
>>>> To post to this group, send email to cas-...@apereo.org.
>>>> Visit this group at
>>>> https://groups.google.com/a/apereo.org/group/cas-user/.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5783A634.50605%40bsc.es.
>>>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>>>
>>
>> --
>>>> -----------------------------------------------
>>>>
>>>> WARNING / LEGAL TEXT: This message is intended only for the use of the
>>>> individual or entity to which it is addressed and may contain
>>>> information which is privileged, confidential, proprietary, or exempt
>>>> from disclosure under applicable law. If you are not the intended
>>>> recipient or the person responsible for delivering the message to the
>>>> intended recipient, you are strictly prohibited from disclosing,
>>>> distributing, copying, or in any way using this message. If you have
>>>> received this communication in error, please notify the sender and
>>>> destroy and delete any copies you may have received.
>>>>
>>>> http://www.bsc.es/disclaimer
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to cas-user+u...@apereo.org.
>>>> To post to this group, send email to cas-...@apereo.org.
>>>> Visit this group at
>>>> https://groups.google.com/a/apereo.org/group/cas-user/.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5783A634.50605%40bsc.es.
>>>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>>>
>>
>> --
>> Josep Manel Andrés (josep....@bsc.es <mailto:josep....@bsc.es>)
>> Operations - Barcelona Supercomputing Center
>> C/ Jordi Girona, 31 http://www.bsc.es <http://www.bsc.es/>
>> Operations - Barcelona Supercomputing Center
>> 08034 Barcelona, Spain Tel: +34-93-405 42 14
>> e-mail:sys...@bsc.es <mailto:sys...@bsc.es>Fax: +34-93-413 77 21
>> -----------------------------------------------
>>
>> WARNING / LEGAL TEXT: This message is intended only for the use of the
>> individual or entity to which it is addressed and may contain
>> information which is privileged, confidential, proprietary, or exempt
>> from disclosure under applicable law. If you are not the intended
>> recipient or the person responsible for delivering the message to the
>> intended recipient, you are strictly prohibited from disclosing,
>> distributing, copying, or in any way using this message. If you have
>> received this communication in error, please notify the sender and
>> destroy and delete any copies you may have received.
>>
>> http://www.bsc.es/disclaimer
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send
>> an email tocas-user+...@apereo.org
>> e-mail:sys...@bsc.es <mailto:sys...@bsc.es>Fax: +34-93-413 77 21
>> -----------------------------------------------
>>
>> WARNING / LEGAL TEXT: This message is intended only for the use of the
>> individual or entity to which it is addressed and may contain
>> information which is privileged, confidential, proprietary, or exempt
>> from disclosure under applicable law. If you are not the intended
>> recipient or the person responsible for delivering the message to the
>> intended recipient, you are strictly prohibited from disclosing,
>> distributing, copying, or in any way using this message. If you have
>> received this communication in error, please notify the sender and
>> destroy and delete any copies you may have received.
>>
>> http://www.bsc.es/disclaimer
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send
>> <mailto:cas-user+u...@apereo.org>.
>> To post to this group, send email tocas...@apereo.org
>> <mailto:cas-...@apereo.org>.
>> Visit this group athttps://groups.google.com/a/apereo.org/group/cas-user/.
>> To view this discussion on the web
>> visithttps://groups.google.com/a/apereo.org/d/msgid/cas-user/5783B652.8060606%40bsc.es.
>> For more options, visithttps://groups.google.com/a/apereo.org/d/optout.
>
> --
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org
> <mailto:cas-user+u...@apereo.org>.
> --
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org
> To post to this group, send email to cas-...@apereo.org
> <mailto:cas-...@apereo.org>.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7891FCF2-D6A7-443B-9E7E-66F07399A75C%40unicon.net
> To view this discussion on the web visit
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7891FCF2-D6A7-443B-9E7E-66F07399A75C%40unicon.net?utm_medium=email&utm_source=footer>.
Dmitriy Kopylenko
Jul 11, 2016, 11:28:58 AM7/11/16
to josep....@bsc.es, CAS Community
I’m pretty sure it is the mis-configuration.. Try to follow the documentation for your correct version in use: https://apereo.github.io/cas/4.0.x/installation/Whitelist-Authentication.html
Cheers,
D.
e-mail:systems@bsc.es <mailto:sys...@bsc.es>Fax: +34-93-413 77 21
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5783BA5C.8080109%40bsc.es.
Reply all
Reply to author
Forward
0 new messages