LDAP config: stuck with DefaultAuthenticationManager
192 views
Skip to first unread message
ITT Arisse
Nov 29, 2022, 12:25:16 PM11/29/22
to CAS Community
Hi all,
it seems I cant login with my LDAP Authentication Manager since it seems DefaultAuthenticationManager is the only Authentication Manager configured...
WHO: myuser
WHAT: [UsernamePasswordCredential(username=myuser, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Nov 29 17:34:46 CET 2022
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=============================================================
>
2022-11-29 17:34:46,726 DEBUG [org.springframework.boot.actuate.audit.listener.AuditListener] - <AuditEvent [timestamp=2022-11-29T16:34:46.726185500Z, principal=myuser, type=AUTHENTICATION_FAILED, data={CAS=null, Tue Nov 29 17:34:46 CET 2022=null, 0:0:0:0:0:0:0:1=null, [UsernamePasswordCredential(username=myuser, source=null, customFields={})]}]>
2022-11-29 17:34:46,726 DEBUG [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <0 errors, 0 successes>
org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes
at org.apereo.cas.authentication.DefaultAuthenticationManager.evaluateFinalAuthentication(DefaultAuthenticationManager.java:339) ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
at org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateInternal(DefaultAuthenticationManager.java:317) ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
at org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:69) ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) ~[spring-aop-5.3.24.jar:5.3.24]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198) ~[spring-aop-5.3.24.jar:5.3.24]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.24.jar:5.3.24]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) ~[spring-aop-5.3.24.jar:5.3.24]
at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:178) ~[inspektr-audit-1.8.20.GA.jar:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
WHAT: [UsernamePasswordCredential(username=myuser, source=null, customFields={})]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Nov 29 17:34:46 CET 2022
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=============================================================
>
2022-11-29 17:34:46,726 DEBUG [org.springframework.boot.actuate.audit.listener.AuditListener] - <AuditEvent [timestamp=2022-11-29T16:34:46.726185500Z, principal=myuser, type=AUTHENTICATION_FAILED, data={CAS=null, Tue Nov 29 17:34:46 CET 2022=null, 0:0:0:0:0:0:0:1=null, [UsernamePasswordCredential(username=myuser, source=null, customFields={})]}]>
2022-11-29 17:34:46,726 DEBUG [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <0 errors, 0 successes>
org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 successes
at org.apereo.cas.authentication.DefaultAuthenticationManager.evaluateFinalAuthentication(DefaultAuthenticationManager.java:339) ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
at org.apereo.cas.authentication.DefaultAuthenticationManager.authenticateInternal(DefaultAuthenticationManager.java:317) ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
at org.apereo.cas.authentication.DefaultAuthenticationManager.authenticate(DefaultAuthenticationManager.java:69) ~[cas-server-core-authentication-api-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) ~[spring-aop-5.3.24.jar:5.3.24]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198) ~[spring-aop-5.3.24.jar:5.3.24]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.24.jar:5.3.24]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) ~[spring-aop-5.3.24.jar:5.3.24]
at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:178) ~[inspektr-audit-1.8.20.GA.jar:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
My config is the following:
##
# my Config
#
cas.log.level=trace
spring.security.log.level=trace
spring.webflow.log.level=trace
ldap.log.level=trace
pac4j.log.level=trace
opensaml.log.level=trace
hazelcast.log.level=trace
log.include.location=trace
#cas.authn.accept.enabled=false
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldap-url=ldap://mydomain
cas.authn.ldap[0].base-dn=OU=dom1,DC=dom2,DC=lan
cas.authn.ldap[0].search-filter=(sAMAccountName={user})
cas.authn.ldap[0].bind-dn=myuser@mydomain
cas.authn.ldap[0].bind-credential=mypassword
cas.authn.ldap[0].max-pool-size=5
cas.authn.ldap[0].min-pool-size=0
cas.authn.ldap[0].subtree-search=true
cas.authn.ldap[0].use-start-tls=false
cas.authn.ldap[0].trust-store=JKS
cas.authn.ldap[0].trust-store-password=changeit
cas.authn.ldap[0].trust-store-type=JKS
cas.authn.ldap[0].hostname-verifier=ANY
logging.level.org.springframework.boot.autoconfigure=ERROR
cas.standalone.configuration-directory=../../etc/cas/config
cas.service-registry.ldap.ldap-url=ldap://mydomain
cas.webflow.crypto.encryption.key=key1
cas.tgc.crypto.encryption.key=key2
cas.tgc.crypto.signing.key=key3
#cas.authn.attribute-repository.ldap[0].order=1
cas.authn.attribute-repository.ldap[0].base-dn=OU=dom1,DC=dom2,DC=lan
cas.authn.attribute-repository.ldap[0].bind-dn=myuser@mydomain
cas.authn.attribute-repository.ldap[0].bind-credential=mypassword
cas.authn.attribute-repository.ldap[0].ldap-url=ldap://mydomain:389
cas.authn.attribute-repository.ldap[0].search-filter=(sAMAccountName={user})
#cas.authn.attribute-repository.ldap[0].type=AUTHENTICATED
cas.authn.attribute-repository.ldap[0].hostname-verifier=ANY
cas.authn.attribute-repository.ldap[0].pool-passivator=NONE
#cas.authn.attribute-repository.ldap[0].allow-multiple-principal-attribute-values=true
#cas.authn.attribute-repository.ldap[0].enhance-with-entry-resolver=true
#cas.authn.attribute-repository.ldap[0].principal-attribute-list=displayName,mail:email,memberOf
#cas.authn.attribute-repository.ldap[0].principal-dn-attribute-name=sAMAccountName
#cas.authn.attribute-repository.ldap[0].use-start-tls=false
#cas.authn.attribute-repository.ldap[0].password-encoder.type=NONE
#cas.authn.ldap[0].bind-dn=blahblahblah
cas.person-directory.attribute-resolution-enabled=true
cas.person-directory.active-attribute-repository-ids=ADAUTH
cas.person-directory.principal-attribute=sAMAccountName
cas.person-directory.return-null=false
cas.person-directory.principal-resolution-failure-fatal=true
cas.person-directory.use-existing-principal-id=false
cas.authn.attribute-repository.core.aggregation=CASCADE
cas.authn.attribute-repository.core.merger=MULTIVALUED
cas.authn.attribute-repository.core.default-attributes-to-release=ldap-dn
cas.authn.attribute-repository.ldap[0].id=ADAUTH
cas.authn.attribute-repository.ldap[0].order=0
cas.authn.attribute-repository.ldap[0].attributes.sAMAccountName=uid
cas.authn.attribute-repository.ldap[0].attributes.userAccountControl=user-account-control
cas.authn.attribute-repository.ldap[0].attributes.distinguishedName=ldap-dn
logging.level.org.apereo.cas=debug
logging.level.org.apereo.services.persondir=trace
logging.level.org.apereo.cas.persondir=trace
logging.level.org.apereo.cas.authentication.principal.cache=trace
# my Config
#
cas.log.level=trace
spring.security.log.level=trace
spring.webflow.log.level=trace
ldap.log.level=trace
pac4j.log.level=trace
opensaml.log.level=trace
hazelcast.log.level=trace
log.include.location=trace
#cas.authn.accept.enabled=false
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldap-url=ldap://mydomain
cas.authn.ldap[0].base-dn=OU=dom1,DC=dom2,DC=lan
cas.authn.ldap[0].search-filter=(sAMAccountName={user})
cas.authn.ldap[0].bind-dn=myuser@mydomain
cas.authn.ldap[0].bind-credential=mypassword
cas.authn.ldap[0].max-pool-size=5
cas.authn.ldap[0].min-pool-size=0
cas.authn.ldap[0].subtree-search=true
cas.authn.ldap[0].use-start-tls=false
cas.authn.ldap[0].trust-store=JKS
cas.authn.ldap[0].trust-store-password=changeit
cas.authn.ldap[0].trust-store-type=JKS
cas.authn.ldap[0].hostname-verifier=ANY
logging.level.org.springframework.boot.autoconfigure=ERROR
cas.standalone.configuration-directory=../../etc/cas/config
cas.service-registry.ldap.ldap-url=ldap://mydomain
cas.webflow.crypto.encryption.key=key1
cas.tgc.crypto.encryption.key=key2
cas.tgc.crypto.signing.key=key3
#cas.authn.attribute-repository.ldap[0].order=1
cas.authn.attribute-repository.ldap[0].base-dn=OU=dom1,DC=dom2,DC=lan
cas.authn.attribute-repository.ldap[0].bind-dn=myuser@mydomain
cas.authn.attribute-repository.ldap[0].bind-credential=mypassword
cas.authn.attribute-repository.ldap[0].ldap-url=ldap://mydomain:389
cas.authn.attribute-repository.ldap[0].search-filter=(sAMAccountName={user})
#cas.authn.attribute-repository.ldap[0].type=AUTHENTICATED
cas.authn.attribute-repository.ldap[0].hostname-verifier=ANY
cas.authn.attribute-repository.ldap[0].pool-passivator=NONE
#cas.authn.attribute-repository.ldap[0].allow-multiple-principal-attribute-values=true
#cas.authn.attribute-repository.ldap[0].enhance-with-entry-resolver=true
#cas.authn.attribute-repository.ldap[0].principal-attribute-list=displayName,mail:email,memberOf
#cas.authn.attribute-repository.ldap[0].principal-dn-attribute-name=sAMAccountName
#cas.authn.attribute-repository.ldap[0].use-start-tls=false
#cas.authn.attribute-repository.ldap[0].password-encoder.type=NONE
#cas.authn.ldap[0].bind-dn=blahblahblah
cas.person-directory.attribute-resolution-enabled=true
cas.person-directory.active-attribute-repository-ids=ADAUTH
cas.person-directory.principal-attribute=sAMAccountName
cas.person-directory.return-null=false
cas.person-directory.principal-resolution-failure-fatal=true
cas.person-directory.use-existing-principal-id=false
cas.authn.attribute-repository.core.aggregation=CASCADE
cas.authn.attribute-repository.core.merger=MULTIVALUED
cas.authn.attribute-repository.core.default-attributes-to-release=ldap-dn
cas.authn.attribute-repository.ldap[0].id=ADAUTH
cas.authn.attribute-repository.ldap[0].order=0
cas.authn.attribute-repository.ldap[0].attributes.sAMAccountName=uid
cas.authn.attribute-repository.ldap[0].attributes.userAccountControl=user-account-control
cas.authn.attribute-repository.ldap[0].attributes.distinguishedName=ldap-dn
logging.level.org.apereo.cas=debug
logging.level.org.apereo.services.persondir=trace
logging.level.org.apereo.cas.persondir=trace
logging.level.org.apereo.cas.authentication.principal.cache=trace
I'm completely stuck, any help would be highly appreciated,
thanks a lot!
Stef
Ray Bon
Nov 29, 2022, 1:03:30 PM11/29/22
to cas-...@apereo.org
Stef,
cas.authn.ldap[0].trust-store
should be a path (or is that a typo?).
Ray
On Tue, 2022-11-29 at 08:42 -0800, ITT Arisse wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
ITT Arisse
Nov 30, 2022, 5:05:20 AM11/30/22
to CAS Community, Ray Bon
Hi Ray,
thanks a lot I configured this property to a folder, however it does not fix the issue
Thanks,
Stephane
Ray Bon
Nov 30, 2022, 11:33:00 AM11/30/22
to ai38...@gmail.com, cas-...@apereo.org
Stephane,
Try with the path and file name. I should have been more clear about that.
Ray
Reply all
Reply to author
Forward
0 new messages