CAS 5 + LDAP
878 views
Skip to first unread message
Thiago Fernandes do Nascimento
Jan 25, 2017, 2:18:01 PM1/25/17
to CAS Community
Hi,
Can someone help wifh cas ldap configuration? I want to config ldap server and i receved this error:
WHO: thiago.nascimento
WHAT: Supplied credentials: [thiago.nascimento]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed Jan 25 17:03:11 BRST 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2017-01-25 17:03:11,857 ERROR [org.apereo.cas.web.flow.AuthenticationExceptionHandler] - <Unable to translate handler errors of
the authentication exception org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes. Returning UNKNOWN by
default...>
WHAT: Supplied credentials: [thiago.nascimento]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed Jan 25 17:03:11 BRST 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2017-01-25 17:03:11,857 ERROR [org.apereo.cas.web.flow.AuthenticationExceptionHandler] - <Unable to translate handler errors of
the authentication exception org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes. Returning UNKNOWN by
default...>
my cas.properties
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldap://myserver:389
cas.authn.ldap[0].useSsl=false
#cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].baseDn=cn=Users,dc=cobra,dc=com,dc=br
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].usePasswordPolicy=false
cas.authn.ldap[0].bindDn=thiago.nascimento@xxxxxx.com.br
cas.authn.ldap[0].bindCredential=xxxxxxxxxxxxxxxxxxxxx
# cas.authn.ldap[0].saslMechanism=GSSAPI|DIGEST_MD5|CRAM_MD5|EXTERNAL
# cas.authn.ldap[0].saslRealm=EXAMPLE.COM
# cas.authn.ldap[0].saslAuthorizationId=
# cas.authn.ldap[0].saslMutualAuth=
# cas.authn.ldap[0].saslQualityOfProtection=
# cas.authn.ldap[0].saslSecurityStrength=
# cas.authn.ldap[0].trustCertificates=
# cas.authn.ldap[0].keystore=
# cas.authn.ldap[0].keystorePassword=
# cas.authn.ldap[0].keystoreType=JKS|JCEKS|PKCS12
cas.authn.ldap[0].minPoolSize=3
cas.authn.ldap[0].maxPoolSize=10
cas.authn.ldap[0].validateOnCheckout=true
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=600
#cas.authn.ldap[0].failFast=true
#cas.authn.ldap[0].idleTime=5000
#cas.authn.ldap[0].prunePeriod=5000
#cas.authn.ldap[0].blockWaitTime=5000
#cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
#cas.authn.ldap[0].allowMultipleDns=false
# cas.authn.ldap[0].passwordEncoder.type=NONE|DEFAULT|STANDARD|BCRYPT
# cas.authn.ldap[0].passwordEncoder.characterEncoding=
# cas.authn.ldap[0].passwordEncoder.encodingAlgorithm=
# cas.authn.ldap[0].passwordEncoder.secret=
# cas.authn.ldap[0].passwordEncoder.strength=16
# cas.authn.ldap[0].principalTransformation.suffix=
# cas.authn.ldap[0].principalTransformation.caseConversion=NONE|UPPERCASE|LOWERCASE
# cas.authn.ldap[0].principalTransformation.prefix=
# cas.authn.ldap[0].passwordPolicy.enabled=true
# cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
# cas.authn.ldap[0].passwordPolicy.loginFailures=5
# cas.authn.ldap[0].passwordPolicy.warningAttributeValue=
# cas.authn.ldap[0].passwordPolicy.warningAttributeName=
# cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true
# cas.authn.ldap[0].passwordPolicy.warnAll=true
# cas.authn.ldap[0].passwordPolicy.warningDays=30
# cas.authn.ldap[0].passwordPolicy.url=https://password.example.edu/change
thanks!
Menno en Erla Avegaart
Feb 6, 2017, 7:55:46 AM2/6/17
to CAS Community
The log doesn't contain enough information. Could you set it to debug for org.apereo.cas?
<AsyncLogger name="org.apereo.cas" level="debug" additivity="false">
<AppenderRef ref="casConsole"/>
<AppenderRef ref="casFile"/>
</AsyncLogger>
Op woensdag 25 januari 2017 20:18:01 UTC+1 schreef Thiago Fernandes do Nascimento:
Thiago Fernandes do Nascimento
Feb 10, 2017, 1:27:22 PM2/10/17
to cas-...@apereo.org
Hi,
Thank you! I will try again and before i speak wifh you.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/882f18e1-1c19-4503-a8ab-a8121f0e4aad%40apereo.org.--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
Thiago Fernandes do Nascimento
"Oferece o perdão e recebe a paz"
João Paulo II
"Oferece o perdão e recebe a paz"
João Paulo II
Hao Wu
Feb 13, 2017, 3:01:08 AM2/13/17
to CAS Community
I think cas.authn.ldap[0].type should not be set as AD, try AUTHENTICATED instead, also set cas.authn.ldap[0].userFilter as uid={user}, then input the uid and password. This might be totally right, but works on me.
在 2017年2月11日星期六 UTC+8上午2:27:22,Thiago Fernandes do Nascimento写道:
在 2017年2月11日星期六 UTC+8上午2:27:22,Thiago Fernandes do Nascimento写道:
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/882f18e1-1c19-4503-a8ab-a8121f0e4aad%40apereo.org.
Reply all
Reply to author
Forward
0 new messages