CAS not resolving LDAPAuthenticationHandler
276 views
Skip to first unread message
Tariq Hassan
Aug 9, 2022, 12:12:53 PM8/9/22
to CAS Community
Hi
2022-08-09 14:22:28,844 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Resolved and finalized authentication handlers to carry out this authentication transaction are [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@5b32e0b1]]>
2022-08-09 14:22:28,844 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Candidate resolved authentication handlers for this transaction are [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@bf2c8d55]]>
2022-08-09 14:22:28,844 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting to authenticate credential [UsernamePasswordCredential(username=shassan, source=null, customFields={})]>
2022-08-09 14:22:28,844 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] does not support the credential type [UsernamePasswordCredential(username=shassan, source=null, customFields={})].>
2022-08-09 14:22:28,846 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: shassan
WHAT: [UsernamePasswordCredential(username=shassan, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Aug 09 14:22:28 GMT 2022
CLIENT IP ADDRESS: 103.201.127.10
SERVER IP ADDRESS: 172.17.0.2
=============================================================
It seems my CAS 6.5.6 is unable to resolve LDAP authentication handler as a handler its falling to HttpBasedServiceCredentialsAuthenticationHandler ( i highlighted the relevant log with red color) always & failing .
I have also updated my gradle file for cas ldap support
Here are the logs I ma getting when i try to login
2022-08-09 14:22:28,842 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication handler resolvers produced no candidate authentication handler. Using the default handler resolver instead...>
2022-08-09 14:22:28,843 DEBUG [org.apereo.cas.authentication.AuthenticationHandlerResolver] - <Default authentication handlers used for this transaction are [HttpBasedServiceCredentialsAuthenticationHandler]>2022-08-09 14:22:28,844 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Resolved and finalized authentication handlers to carry out this authentication transaction are [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@5b32e0b1]]>
2022-08-09 14:22:28,844 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Candidate resolved authentication handlers for this transaction are [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@bf2c8d55]]>
2022-08-09 14:22:28,844 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Attempting to authenticate credential [UsernamePasswordCredential(username=shassan, source=null, customFields={})]>
2022-08-09 14:22:28,844 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication handler [HttpBasedServiceCredentialsAuthenticationHandler] does not support the credential type [UsernamePasswordCredential(username=shassan, source=null, customFields={})].>
2022-08-09 14:22:28,846 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: shassan
WHAT: [UsernamePasswordCredential(username=shassan, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Aug 09 14:22:28 GMT 2022
CLIENT IP ADDRESS: 103.201.127.10
SERVER IP ADDRESS: 172.17.0.2
=============================================================
MY cas.properties file is given below
cas.server.name=XXXXXXXXXXXXX
cas.server.prefix=${cas.server.name}/cas
logging.config=file:/etc/cas/config/log4j2.xml
#cas.authn.accept.enabled=
cas.authn.accept.users=
cas.authn.accept.name=
cas.authn.accept.credentialCriteria=
ldap.ldapUrl=ldap://XXXXXXXXXXXXXX
ldap.rootDn=DC=draco,DC=local
ldap.managerDn=CN=XXXXXXX,OU=DI,OU=Service Accounts,DC=draco,DC=local
ldap.managerPassword=XXXXXXXXXXXXX
ldap.filter=sAMAccountName={user}
ldap.serviceUsername=
ldap.servicePassword=
ldap.domain=
ldap.domainController=
ldap.jcifsServiceName=
cas.authn.ldap[0].ldap-url=ldap://XXXXXXXXXXXXXX
cas.authn.ldap[0].principal-dn-attribute-name=${ldap.managerDn}
cas.authn.ldap[0].principal-attribute-list=cn,givenName,distinguishedName,sAMAccountName,displayName,whenCreated,extensionAttribute8,sAMAccountType,employeeID
cas.authn.ldap[0].base-dn=${ldap.rootDn}
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].order=0
cas.authn.ldap[0].bind-dn=${ldap.managerDn}
cas.authn.ldap[0].bind-credential=${ldap.managerPassword}
cas.authn.ldap[0].search-filter=${ldap.filter}
cas.authn.ldap[0].password-encoder.encoding-algorithm=DEFAULT
cas.authn.ldap[0].password-encoder.type=DEFAULT
cas.tgc.crypto.signing.key=bCJV2hA6k-ucRaLcR40Mrve8eLCzM3o2jEnb5DAuUn5zfUFgd9xavqlCKZRtg7Hvy69s25rEGE0-cVlGdGUBtQ
cas.tgc.crypto.encryption.key=uIUKtPqJJZ3JmHdKXtcPE81uOtIJtiXei8xZcn2gTZs
#cas.adminPagesSecurity.ip=127\.0\.0\.
cas.authn.ldap[0].dn-format=%s...@example.com
cas.authn.ldap[0].block-wait-time=PT3S
cas.authn.ldap[0].pool-passivator=BIND
cas.authn.ldap[0].validate-on-checkout=false
cas.authn.ldap[0].validate-period=PT5M
cas.authn.ldap[0].min-pool-size=3
cas.authn.ldap[0].max-pool-size=10
cas.authn.attribute-repository.ldap[0].ldap-url=${ldap.ldapUrl}
cas.authn.attribute-repository.ldap[0].order=0
cas.authn.attribute-repository.ldap[0].search-filter=${ldap.filter}
cas.authn.attribute-repository.ldap[0].base-dn=${ldap.rootDn}
cas.authn.attribute-repository.ldap[0].bind-dn=${ldap.managerDn}
cas.authn.attribute-repository.ldap[0].bind-credential=${ldap.managerPassword}
cas.authn.attribute-repository.ldap[0].pool-passivator=BIND
cas.authn.attribute-repository.core.default-attributes-to-release=distinguishedName
cas.server.prefix=${cas.server.name}/cas
logging.config=file:/etc/cas/config/log4j2.xml
#cas.authn.accept.enabled=
cas.authn.accept.users=
cas.authn.accept.name=
cas.authn.accept.credentialCriteria=
ldap.ldapUrl=ldap://XXXXXXXXXXXXXX
ldap.rootDn=DC=draco,DC=local
ldap.managerDn=CN=XXXXXXX,OU=DI,OU=Service Accounts,DC=draco,DC=local
ldap.managerPassword=XXXXXXXXXXXXX
ldap.filter=sAMAccountName={user}
ldap.serviceUsername=
ldap.servicePassword=
ldap.domain=
ldap.domainController=
ldap.jcifsServiceName=
cas.authn.ldap[0].ldap-url=ldap://XXXXXXXXXXXXXX
cas.authn.ldap[0].principal-dn-attribute-name=${ldap.managerDn}
cas.authn.ldap[0].principal-attribute-list=cn,givenName,distinguishedName,sAMAccountName,displayName,whenCreated,extensionAttribute8,sAMAccountType,employeeID
cas.authn.ldap[0].base-dn=${ldap.rootDn}
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].order=0
cas.authn.ldap[0].bind-dn=${ldap.managerDn}
cas.authn.ldap[0].bind-credential=${ldap.managerPassword}
cas.authn.ldap[0].search-filter=${ldap.filter}
cas.authn.ldap[0].password-encoder.encoding-algorithm=DEFAULT
cas.authn.ldap[0].password-encoder.type=DEFAULT
cas.tgc.crypto.signing.key=bCJV2hA6k-ucRaLcR40Mrve8eLCzM3o2jEnb5DAuUn5zfUFgd9xavqlCKZRtg7Hvy69s25rEGE0-cVlGdGUBtQ
cas.tgc.crypto.encryption.key=uIUKtPqJJZ3JmHdKXtcPE81uOtIJtiXei8xZcn2gTZs
#cas.adminPagesSecurity.ip=127\.0\.0\.
cas.authn.ldap[0].dn-format=%s...@example.com
cas.authn.ldap[0].block-wait-time=PT3S
cas.authn.ldap[0].pool-passivator=BIND
cas.authn.ldap[0].validate-on-checkout=false
cas.authn.ldap[0].validate-period=PT5M
cas.authn.ldap[0].min-pool-size=3
cas.authn.ldap[0].max-pool-size=10
cas.authn.attribute-repository.ldap[0].ldap-url=${ldap.ldapUrl}
cas.authn.attribute-repository.ldap[0].order=0
cas.authn.attribute-repository.ldap[0].search-filter=${ldap.filter}
cas.authn.attribute-repository.ldap[0].base-dn=${ldap.rootDn}
cas.authn.attribute-repository.ldap[0].bind-dn=${ldap.managerDn}
cas.authn.attribute-repository.ldap[0].bind-credential=${ldap.managerPassword}
cas.authn.attribute-repository.ldap[0].pool-passivator=BIND
cas.authn.attribute-repository.core.default-attributes-to-release=distinguishedName
will appreciate the help very much
Jason Rocks
Aug 17, 2022, 9:42:26 AM8/17/22
to CAS Community, tariqh...@gmail.com
This config works for us for ldap... Note the parenthesis around the search-filter.
cas.authn.ldap[0].order=1
cas.authn.ldap[0].base-dn=OU=blah,dc=blah,dc=blah,dc=blah
cas.authn.ldap[0].bind-credential=blahblahblah
cas.authn.ldap[0].bind-dn=blahblahblah
cas.authn.ldap[0].ldap-url=ldap://ldap.blah.blah.com
cas.authn.ldap[0].search-filter=(sAMAccountName={user})
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].principal-attribute-list=displayName,mail:email,memberOf
cas.authn.ldap[0].principal-dn-attribute-name=sAMAccountName
cas.authn.ldap[0].use-start-tls=false
cas.authn.ldap[0].password-encoder.type=NONE
cas.authn.ldap[0].base-dn=OU=blah,dc=blah,dc=blah,dc=blah
cas.authn.ldap[0].bind-credential=blahblahblah
cas.authn.ldap[0].bind-dn=blahblahblah
cas.authn.ldap[0].ldap-url=ldap://ldap.blah.blah.com
cas.authn.ldap[0].search-filter=(sAMAccountName={user})
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].principal-attribute-list=displayName,mail:email,memberOf
cas.authn.ldap[0].principal-dn-attribute-name=sAMAccountName
cas.authn.ldap[0].use-start-tls=false
cas.authn.ldap[0].password-encoder.type=NONE
Reply all
Reply to author
Forward
0 new messages