probelm with cas 5.1 + ldap configuration
123 views
Skip to first unread message
abdellhak tlili
Aug 31, 2018, 11:49:25 AM8/31/18
to CAS Community
Hi all,
i'm trying to configure cas ( 5.1.9) + LDAP authentication ( using apache directoy )
i have modify the pom/.xml file also i modify cas.propreties file ,
after deploy cas.war to tomacte server , i have this messages in the cas.log file
cas.log :
WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [ad...@XXXX.com] of type [UsernamePasswordCredential], which suggests a configuration problem.>
2018-08-31 16:34:04,220 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
pom.xml :
<dependencies> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp${app.server}</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-ldap</artifactId> <version>${cas.version}</version> </dependency>
cas.properties:
server.name=https://localhost:8443 server.prefix=${server.name}/cas cas.securityContext.serviceProperties.service=${server.prefix}/services/j_acegi_cas_security_check # Names of roles allowed to access the CAS service manager cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix} # IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information # IPv6 version cas.securityContext.status.allowedSubnet=0:0:0:0:0:0:0:1 # IPv4 version #cas.securityContext.status.allowedSubnet=127.0.0.1 cas.themeResolver.defaultThemeName=cas-theme-default cas.viewResolver.basename=default_views host.name=cas.example.org ## Log4J log4j.config.location=log4j2.xml log4j.refresh.interval=60000 #database.hibernate.dialect=org.hibernate.dialect.HSQLDialect ## # Single Sign-On Session Timeouts # Defaults sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml # # Maximum session timeout - TGT will expire in maxTimeToLiveInSeconds regardless of usage tgt.maxTimeToLiveInSeconds=28800 # # Idle session timeout - TGT will expire sooner than maxTimeToLiveInSeconds if no further requests # for STs occur within timeToKillInSeconds tgt.timeToKillInSeconds=7200 ## # Service Ticket Timeout # Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml # # Service Ticket timeout - typically kept short as a control against replay attacks, default is 10s. You'll want to # increase this timeout if you are manually testing service ticket creation/validation via tamperdata or similar tools # Set to 3 min here for easy testing/demonstrating new features. st.timeToKillInSeconds=10 #============================================================================================================== # Define attributes to be retrieved from LDAP as part of the same authentication transaction # The left-hand size notes the source while the right-hand size indicate an optional renaming/remapping # of the attribute definition. The same attribute name is allowed to be mapped multiple times to # different attribute names. #============================================================================================================== cas.authn.ldap[0].principalAttributeList=sn,cn:admin cas.authn.ldap[0].collectDnAttribute=false cas.authn.ldap[0].principalDnAttributeName=dc=XXXX,dc=com cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true cas.authn.ldap[0].credentialCriteria= cas.authn.attributeRepository.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider #======================================== # Authentication #======================================== cas.authn.accept.users= cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldap://localhost:10389/dc=XXXX,dc=com cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].baseDn=cn=admin,ou=Users,dc=XXXX,dc=com cas.authn.ldap[0].userFilter=uid={user} cas.authn.ldap[0].bindCredential=userPassword
and this ldap :
Reply all
Reply to author
Forward
0 new messages