CAS 6.6.8 - Authenticate using AD
131 views
Skip to first unread message
Jérémie
Jun 15, 2023, 8:34:01 AM6/15/23
to CAS Community
I've setup a CAS 6.6.8 and an Active Directory on the same server for test purpose.
I can't authenticate to my AD using an account. It seems that CAS cannot find the user inside the AD.
Here my cas.properties file (AD section) :
```
# Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://localhost:389
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].baseDn=DC=AAA,DC=BBB
cas.authn.ldap[0].search-filter=(sAMAccountName={user})
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].dn-format=cn=%s,DC=AAA,DC=BBB
```
I'm using a test user for this with the following DN : CN=cas,CN=Users,DC=AAA,DC=BBB
I don't understand what I'm missing here
Thank you for any help
I can't authenticate to my AD using an account. It seems that CAS cannot find the user inside the AD.
Here my cas.properties file (AD section) :
```
# Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://localhost:389
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].baseDn=DC=AAA,DC=BBB
cas.authn.ldap[0].search-filter=(sAMAccountName={user})
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].dn-format=cn=%s,DC=AAA,DC=BBB
```
I'm using a test user for this with the following DN : CN=cas,CN=Users,DC=AAA,DC=BBB
I don't understand what I'm missing here
Thank you for any help
Ray Bon
Jun 15, 2023, 12:45:09 PM6/15/23
to cas-...@apereo.org
Jérémie,
Here are some loggers for cas ldap:
<AsyncLogger name="org.ldaptive" level="${sys:ldap.log.level}" includeLocation="true" />
<!-- INFO Authentication failed for dn: ...
DEBUG prints failed log in error reason (among other ldap connection details) -->
<AsyncLogger name="org.ldaptive.auth" level="debug" additivity="false" />
Make sure you can authenticate / find the user from another application (I do not know what tools are available for AD).
Check your AD logs to see what it thinks the problem is.
Ray
On Thu, 2023-06-15 at 05:19 -0700, Jérémie wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Jérémie
Jun 16, 2023, 5:56:24 AM6/16/23
to CAS Community, Ray Bon
Hi,
I can find the user using JXplorer and bind connection (also with this user) :
Thank for the logger, I've added it at the end of log4j2 file and set level to debug
Here is my error log now (debug logs doesn't seem to give much more information) :
2023-06-16 09:12:06,090 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2023-06-16 09:12:22,891 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@472298790::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.569972500Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x560c13d8, L:/127.0.0.1:64781 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:22,891 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@1727297356::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.523206700Z, connectionConfig=[org.ldaptive.ConnectionConfig@535779327::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@49261306::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@4a6e0d4c, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@266689882::ldapURLSet=[org.ldaptive.LdapURLSet@1792062454::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@15176c2c, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0xb8d2a988, L:/127.0.0.1:64767 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:22,923 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@1366010559::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.616917100Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x7884a7fa, L:/127.0.0.1:64785 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:52,772 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@111626592::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.523206700Z, connectionConfig=[org.ldaptive.ConnectionConfig@535779327::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@49261306::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@4a6e0d4c, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@266689882::ldapURLSet=[org.ldaptive.LdapURLSet@1792062454::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@15176c2c, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0xea7463b7, L:/127.0.0.1:64769 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:52,772 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@1062011479::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.616917100Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x6ff26ac2, L:/127.0.0.1:64784 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:52,772 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@2121328957::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.538735700Z, connectionConfig=[org.ldaptive.ConnectionConfig@535779327::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@49261306::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@4a6e0d4c, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@266689882::ldapURLSet=[org.ldaptive.LdapURLSet@1792062454::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@15176c2c, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x6c7668c8, L:/127.0.0.1:64771 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:59,415 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [].>
2023-06-16 09:12:59,430 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static Credentials] exception details: [cas not found in backing map.].>
2023-06-16 09:12:59,446 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: cas
WHAT: [UsernamePasswordCredential(username=cas, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Jun 16 09:12:59 UTC 2023
2023-06-16 09:12:22,891 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@472298790::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.569972500Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x560c13d8, L:/127.0.0.1:64781 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:22,891 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@1727297356::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.523206700Z, connectionConfig=[org.ldaptive.ConnectionConfig@535779327::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@49261306::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@4a6e0d4c, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@266689882::ldapURLSet=[org.ldaptive.LdapURLSet@1792062454::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@15176c2c, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0xb8d2a988, L:/127.0.0.1:64767 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:22,923 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@1366010559::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.616917100Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x7884a7fa, L:/127.0.0.1:64785 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:52,772 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@111626592::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.523206700Z, connectionConfig=[org.ldaptive.ConnectionConfig@535779327::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@49261306::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@4a6e0d4c, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@266689882::ldapURLSet=[org.ldaptive.LdapURLSet@1792062454::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@15176c2c, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0xea7463b7, L:/127.0.0.1:64769 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:52,772 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@1062011479::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.616917100Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x6ff26ac2, L:/127.0.0.1:64784 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:52,772 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@2121328957::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.538735700Z, connectionConfig=[org.ldaptive.ConnectionConfig@535779327::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@49261306::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@4a6e0d4c, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@266689882::ldapURLSet=[org.ldaptive.LdapURLSet@1792062454::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@15176c2c, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x6c7668c8, L:/127.0.0.1:64771 - R:localhost/127.0.0.1:389]>
2023-06-16 09:12:59,415 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [].>
2023-06-16 09:12:59,430 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static Credentials] exception details: [cas not found in backing map.].>
2023-06-16 09:12:59,446 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: cas
WHAT: [UsernamePasswordCredential(username=cas, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Jun 16 09:12:59 UTC 2023
I can find the user using JXplorer and bind connection (also with this user) :
Ray Bon
Jun 16, 2023, 10:03:52 PM6/16/23
to cas-...@apereo.org, crazybr...@gmail.com
Jérémie,
I did some testing and the ldaptive loggers are not nearly as useful as I thought they would be.
This logger at debug or trace may provide a little more detail:
<AsyncLogger name="org.apereo.cas.authentication.DefaultAuthenticationManager" level="debug" />
It shows the error message in your email:
2023-06-16 09:12:59,430 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static Credentials] exception details: [cas not found in backing map.].>
Not sure what 'cas not found in backing map' means though.
Check your AD logs to see what AD is doing during the search.
Ray
On Fri, 2023-06-16 at 02:14 -0700, Jérémie wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Daniel Fisher
Jun 17, 2023, 12:38:24 AM6/17/23
to cas-...@apereo.org
On Fri, Jun 16, 2023 at 5:56 AM Jérémie <crazybr...@gmail.com> wrote:
Thank for the logger, I've added it at the end of log4j2 file and set level to debug
You'll probably get a more complete picture if you set all of `org.ldaptive` to DEBUG.
Here is my error log now (debug logs doesn't seem to give much more information) :2023-06-16 09:12:06,090 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2023-06-16 09:12:22,891 WARN [org.ldaptive.transport.netty.NettyConnection] - <Inbound handler caught exception for org.ldaptive.transport.netty.NettyConnection@472298790::ldapUrl=[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=true, connectTime=2023-06-16T09:09:32.569972500Z, connectionConfig=[org.ldaptive.ConnectionConfig@1751226570::ldapUrl=ldap://localhost:389, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1680/0x0000000100199c40@594e605c, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1885893078::credentialConfig=null, trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@26a2d23f, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=null, connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1122089449::ldapURLSet=[org.ldaptive.LdapURLSet@1745317225::active=[[org.ldaptive.LdapURL@1454060764::scheme=ldap, hostname=localhost, port=389, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]], inactive=[]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1692/0x0000000100bd7840@6bd15511, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1683/0x0000000100b72040@24308773, initialized=true], connectionValidator=null, transportOptions={}], channel=[id: 0x560c13d8, L:/127.0.0.1:64781 - R:localhost/127.0.0.1:389]>
Any localhost firewall rules that may be causing problems? What does the AD logs say?
--Daniel Fisher
Jérémie
Jun 19, 2023, 6:38:33 AM6/19/23
to CAS Community, dfisher
All logs were already set to DEBUG.
=============================================================
WHO: cas
WHAT: [UsernamePasswordCredential(username=cas, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: cas
Account Domain: AAA
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A
Process Information:
Caller Process ID: 0x34c
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: XXX
Source Network Address: 127.0.0.1
Source Port: 51309
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
I don't think firewall rules are causing the issue here as I'm reaching the AD.
Tomcat stdout logs :
2023-06-19 07:32:52,281 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [].>
2023-06-19 07:32:52,281 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static Credentials] exception details: [cas not found in backing map.].>
2023-06-19 07:32:52,281 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
2023-06-19 07:32:52,281 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[Static Credentials] exception details: [cas not found in backing map.].>
2023-06-19 07:32:52,281 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: cas
WHAT: [UsernamePasswordCredential(username=cas, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Mon Jun 19 07:32:52 UTC 2023
cas is my user to recall.
AD Logs (not sure if I can get more detailed, not an AD expert) :
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: cas
Account Domain: AAA
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A
Process Information:
Caller Process ID: 0x34c
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: XXX
Source Network Address: 127.0.0.1
Source Port: 51309
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Ray Bon
Jun 21, 2023, 10:42:15 AM6/21/23
to cas-...@apereo.org, dfi...@vt.edu
Jérémie,
'Unknown user name or bad password.'
Suggests that this is an issue on AD side.
See https://fawnoos.com/2022/11/24/cas70x-azure-active-directory/ or this older one https://fawnoos.com/2017/11/22/cas-saml-integration-adfs/
Ray
On Mon, 2023-06-19 at 00:41 -0700, Jérémie wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Jason Everling
Jun 21, 2023, 1:04:44 PM6/21/23
to CAS Community, Ray Bon, dfisher
Try authenticated type instead,
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].bindDn=YOUR_BIND_DN, Can be upn format as well instead of full dn
cas.authn.ldap[0].bindCredential=YOUR_BIND_PASSWORD
cas.authn.ldap[0].bindCredential=YOUR_BIND_PASSWORD
Tom O'Neill
Jun 22, 2023, 10:30:27 AM6/22/23
to cas-...@apereo.org
It looks like you have a mix of different formats for property names.
Can you share your current properties?
You have some older names mixed with some current names.
For example, after reviewing your original message, the ‘base DN’ property should be ‘cas.authn.ldap[0].base-dn’ and not ‘cas.authn.ldap[0].baseDn’.
Also, the ‘sub-tree search’ should be ‘cas.authn.ldap[0].subtree-search’ and not ‘cas.authn.ldap[0].subtreeSearch’.
# Active Directory
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://localhost:389
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].baseDn=DC=AAA,DC=BBB
cas.authn.ldap[0].search-filter=(sAMAccountName={user})
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].dn-format=cn=%s,DC=AAA,DC=BBB
For reference:
https://apereo.github.io/cas/6.6.x/authentication/LDAP-Authentication.html
Thanks,
Tom
From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of
Jason Everling
Sent: Wednesday, June 21, 2023 10:59 AM
To: CAS Community <cas-...@apereo.org>
Cc: Ray Bon <rb...@uvic.ca>; dfisher <dfi...@vt.edu>
Subject: [EXT] Re: [cas-user] CAS 6.6.8 - Authenticate using AD
CAUTION: This email originated from outside of SIG. Exercise caution when opening attachments or clicking links, especially from unknown senders.
[EXT-STAMP-ADDED]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/15727e8d-1679-4f1a-b6cb-f959d3d641b0n%40apereo.org.
Jérémie
Jun 22, 2023, 11:38:18 PM6/22/23
to CAS Community, Jason Everling, Ray Bon, dfisher
Indeed this worked way better, thanks !
Pablo Vidaurri
Jun 22, 2023, 11:38:19 PM6/22/23
to CAS Community, oneill
both formats are fine for Spring...
cas.authn.ldap[0].base-dn
cas.authn.ldap[0].baseDn
Reply all
Reply to author
Forward
0 new messages