[cas-user] ERROR: <[AcceptUsersAuthenticationHandler] exception details: [USER not found in backing map.].>

[Carlos Morales]

good evening, he configures the connection through LDAP through CAS with the following config in cas.properties:

cas.server.name: https://URL:8443
cas.server.prefix: https://URL/cas

cas.adminPagesSecurity.ip=127\.0\.0\.1

logging.config: file:/etc/cas/config/log4j2.xml

cas.authn.ldap[0].order:                0
cas.authn.ldap[0].name:                 Active Directory
cas.authn.ldap[0].type:                 AD
cas.authn.ldap[0].ldapUrl:              ldap://URL
cas.authn.ldap[0].validatePeriod:       270
cas.authn.ldap[0].poolPassivator:       NONE
cas.authn.ldap[0].userFilter:           sAMAccountName={user}
cas.authn.ldap[0].baseDn:               ou=X,dc=X,dc=local
cas.authn.ldap[0].dnFormat:             cn=%s,ou=X,dc=X,dc=local


Once with the configuration and the debugging of the LOG, I notice that with the default user (casuser) the following is shown and registered correctly:

2018-06-28 09:57:31,169 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Attempting authentication internally for transformed credential [UsernamePasswordCredential(username=casuser)]

2018-06-28 09:57:31,169 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording authentication handler result success under key [AcceptUsersAuthenticationHandler]>

On the other hand, with the username and password of the AD the following is shown:

2018-06-28 09:55:43,015 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Attempting authentication internally for transformed credential [UsernamePasswordCredential(username=USER)]>
2018-06-28 09:55:43,015 DEBUG [org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - <[USER] was not found in the map.>
2018-06-28 09:55:43,016 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential
(username=USER)] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
2018-06-28 09:55:43,016 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[AcceptUsersAuthenticationHandler] exception details: [USER not found in backing map.].>
2018-06-28 09:55:43,016 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording authentication handler failure under key [AcceptUsersAuthenticationHandler]>
2018-06-28 09:55:43,021 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

Can you help me?

Thank you!

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ed4684e4-36ef-4657-86e9-7ec7df4dee4d%40apereo.org.

[David Curry]

If you are enabling LDAP as an authentication source, you should be disabling the built-in user store where the casuser/Mellon credential exists. Add this to your cas.properties:

cas.authn.accept.users:

(just the property name with no value).

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAM5E8v05gVPh9ZAF%3DSOb5b0oiZ-Q2dCBupnqpzu0psFxA%40mail.gmail.com.

[Carlos Morales]

Hello David,

Now, when i have this config in cas.properties:

[root@CAS02 config]# cat cas.properties
cas.server.name: https://URL:8443
cas.server.prefix: https://URL:8443/cas

cas.adminPagesSecurity.ip=127\.0\.0\.1

logging.config: file:/etc/cas/config/log4j2.xml

cas.authn.ldap[0].order:                0
cas.authn.ldap[0].name:                 Active Directory
cas.authn.ldap[0].type:                 AD

cas.authn.ldap[0].ldapUrl:              ldap://IP:389

cas.authn.ldap[0].validatePeriod:       270
cas.authn.ldap[0].poolPassivator:       NONE
cas.authn.ldap[0].userFilter:           sAMAccountName={user}

cas.authn.ldap[0].baseDn:               ou=X,dc=X,dc=X
cas.authn.ldap[0].dnFormat:             cn=%s,ou=X,dc=X,dc=X
cas.authn.accept.users:

My TOMCAT answer:

Estado HTTP 404 – Not Found

---

Tipo Informe de estado

mensaje /cas/login

:(

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/46776474-cb7a-4b9a-a6c6-6895e10789bc%40apereo.org.

[David Curry]

Check your Tomcat log files. If /cas/login isn't found, then your application is not deploying correctly.

Is there a reason you're starting with CAS 5.0? The current version (released today) is 5.3, and either 5.2.5 or 5.3 would be a better choice unless 5.0 is a requirement for something.

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMegvaUHz9PeSPmvuYp-ZN1V%2B5s6DfpZVhd3d1VU4rJSQ%40mail.gmail.com.

[Carlos Morales]

version of cas: 3.5.0

Java version:  /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.x86_64/jre

Apache Tomcat: Apache Tomcat Version: Apache Tomcat/8.5.31

###################

Error LOG tomcat:

###################

Error creating bean with name 'casBeanValidationPostProcessor' defined in class path resource [org/apereo/cas/config/CasCoreUtilConfiguration.class]: BeanPostProcessor before instantiation of bean failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'casCoreTicketsConfiguration': Unsatisfied dependency expressed through field 'casProperties'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not bind properties to CasConfigurationProperties (prefix=cas, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.boot.bind.RelaxedBindingNotWritablePropertyException: Failed to bind 'cas.authn.ldap[0].userFilter' from 'applicationProfilesProperties' to 'authn.ldap[0].userFilter' property on 'org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties'>
02-Jul-2018 16:26:39.456 SEVERE [localhost-startStop-1] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start:
 org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas]]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:754)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:730)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:985)
        at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1857)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/344b9087-b5d4-4608-9413-fd6005ad13e2%40apereo.org.

[David Curry]

Do you have 

    <dependency>

        <groupId>org.apereo.cas</groupId>

        <artifactId>cas-server-support-ldap</artifactId>

        <version>${cas.version}</version>

    </dependency>

in your pom.xml? CAS will refuse to accept property names that it doesn't know about, so if you get an error about a property name, either you used the wrong property name, or you didn't include the dependency that enables it.

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP_T-MwdPHy-aVX2yNqZxbsFwnwbyddgZfLV2ntXb5YaQ%40mail.gmail.com.

[Carlos Morales]

Hello David,

Yes, i have the dependency in my pom.xml:

            <dependency>
                 <groupId>org.apereo.cas</groupId>
                <artifactId>cas-server-support-ldap</artifactId>
                <version>${cas.version}</version>
            </dependency>

How can i enable ?

Thank you so much :)

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fa8fc82b-bb75-46f7-b8f4-4edeb6d0f134%40apereo.org.

[David Curry]

I'm not sure what you mean by "enable". Once you have it in pom.xml, you should rebuild the war file and deploy it, and you should be good to go.

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMQ7aDS8Y-i%2B4G_Rfk3H0RMhStOfrkXzEQJacH5AUuSzA%40mail.gmail.com.

[Tom O'Neill]

Carlos,

 

Assuming you’re generating a WAR file:

                mvn clean package

 

Thanks,

 

Tom

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM5PR02MB32764C0325442F268E0D8E0DCB430%40DM5PR02MB3276.namprd02.prod.outlook.com.