[cas-user] LDAP auth failed logging in v3.5.1
91 views
Skip to first unread message
Andrew Morgan
Oct 25, 2012, 1:51:01 PM10/25/12
to cas-...@lists.jasig.org
I am playing around with v3.5.1 in our CAS DEV instance. Previously we
were running v3.4.12. On v3.4.12, I see the following log message when a
user's authentication fails:
2012-10-25 10:43:55,001 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to
authenticate the user which provided the following credentials: [username:
morgan]
On v3.5.1, I get a big Java stack trace error:
2012-10-25 10:26:21,408 ERROR
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - [LDAP: error
code 49 - Invalid Credentials]; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials]; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
at
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:182)
<long stack trace deleted>
Is this the expected behavior? Is there a way to change the logging back
to the old behavior? The stack trace doesn't serve any useful purpose,
but I would still like to see a simple "failed to authenticate user: foo"
message in the log.
Thanks,
Andy
--
You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
were running v3.4.12. On v3.4.12, I see the following log message when a
user's authentication fails:
2012-10-25 10:43:55,001 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to
authenticate the user which provided the following credentials: [username:
morgan]
On v3.5.1, I get a big Java stack trace error:
2012-10-25 10:26:21,408 ERROR
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - [LDAP: error
code 49 - Invalid Credentials]; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials]; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
at
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:182)
<long stack trace deleted>
Is this the expected behavior? Is there a way to change the logging back
to the old behavior? The stack trace doesn't serve any useful purpose,
but I would still like to see a simple "failed to authenticate user: foo"
message in the log.
Thanks,
Andy
--
You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Marvin Addison
Oct 25, 2012, 2:02:01 PM10/25/12
to cas-...@lists.jasig.org
> On v3.5.1, I get a big Java stack trace error:
>
> 2012-10-25 10:26:21,408 ERROR
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - [LDAP: error
> code 49 - Invalid Credentials]; nested exception is
> javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
> Credentials]
Confirmed. I haven't had a chance to investigate, but I noted the
>
> 2012-10-25 10:26:21,408 ERROR
> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - [LDAP: error
> code 49 - Invalid Credentials]; nested exception is
> javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
> Credentials]
change in behavior immediately after our deployment. This behavior is
unacceptable from a sysadmin perspective. Authentication failures are
not exceptional and it's become substantially more difficult to sort
signal from noise from all the stack traces in the logs now. I'd
appreciate your filing a Jira issue and I'll fix it.
M
Andrew Morgan
Oct 25, 2012, 4:41:49 PM10/25/12
to cas-...@lists.jasig.org
On Thu, 25 Oct 2012, Marvin Addison wrote:
>> On v3.5.1, I get a big Java stack trace error:
>>
>> 2012-10-25 10:26:21,408 ERROR
>> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - [LDAP: error
>> code 49 - Invalid Credentials]; nested exception is
>> javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
>> Credentials]
>
> Confirmed. I haven't had a chance to investigate, but I noted the
> change in behavior immediately after our deployment. This behavior is
> unacceptable from a sysadmin perspective. Authentication failures are
> not exceptional and it's become substantially more difficult to sort
> signal from noise from all the stack traces in the logs now. I'd
> appreciate your filing a Jira issue and I'll fix it.
Created!
>> On v3.5.1, I get a big Java stack trace error:
>>
>> 2012-10-25 10:26:21,408 ERROR
>> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - [LDAP: error
>> code 49 - Invalid Credentials]; nested exception is
>> javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
>> Credentials]
>
> Confirmed. I haven't had a chance to investigate, but I noted the
> change in behavior immediately after our deployment. This behavior is
> unacceptable from a sysadmin perspective. Authentication failures are
> not exceptional and it's become substantially more difficult to sort
> signal from noise from all the stack traces in the logs now. I'd
> appreciate your filing a Jira issue and I'll fix it.
https://issues.jasig.org/browse/CAS-1206
Thanks,
Andy
Scott Battaglia
Oct 26, 2012, 2:06:22 AM10/26/12
to cas-...@lists.jasig.org
Is this a duplicate of:
?
On Thu, Oct 25, 2012 at 4:41 PM, Andrew Morgan <mor...@orst.edu> wrote:
On Thu, 25 Oct 2012, Marvin Addison wrote:Created!
On v3.5.1, I get a big Java stack trace error:
2012-10-25 10:26:21,408 ERROR
[org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - [LDAP: error
code 49 - Invalid Credentials]; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
Confirmed. I haven't had a chance to investigate, but I noted the
change in behavior immediately after our deployment. This behavior is
unacceptable from a sysadmin perspective. Authentication failures are
not exceptional and it's become substantially more difficult to sort
signal from noise from all the stack traces in the logs now. I'd
appreciate your filing a Jira issue and I'll fix it.
https://issues.jasig.org/browse/CAS-1206
Thanks,
Andy
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Marvin Addison
Oct 26, 2012, 3:08:04 PM10/26/12
to cas-...@lists.jasig.org
Yes. I recall both that issue and your pull request, but I failed to
confirm whether it had made the 3.5.1 cut. I recalled that it had but
I see now that's incorrect. I've marked CAS-1206 as a dupe and closed
it. Thanks for pointing it out and sorry for the Jira noise.
M
confirm whether it had made the 3.5.1 cut. I recalled that it had but
I see now that's incorrect. I've marked CAS-1206 as a dupe and closed
it. Thanks for pointing it out and sorry for the Jira noise.
M
Andrew Morgan
Oct 26, 2012, 4:18:04 PM10/26/12
to cas-...@lists.jasig.org
On Fri, 26 Oct 2012, Marvin Addison wrote:
>> Is this a duplicate of:
>> https://issues.jasig.org/browse/CAS-1181
>
> Yes. I recall both that issue and your pull request, but I failed to
> confirm whether it had made the 3.5.1 cut. I recalled that it had but
> I see now that's incorrect. I've marked CAS-1206 as a dupe and closed
> it. Thanks for pointing it out and sorry for the Jira noise.
Will the fix get into 3.5.2? Jira says it is resolved in 4.0rc1.
>> Is this a duplicate of:
>> https://issues.jasig.org/browse/CAS-1181
>
> Yes. I recall both that issue and your pull request, but I failed to
> confirm whether it had made the 3.5.1 cut. I recalled that it had but
> I see now that's incorrect. I've marked CAS-1206 as a dupe and closed
> it. Thanks for pointing it out and sorry for the Jira noise.
Andy
Marvin Addison
Oct 26, 2012, 4:45:22 PM10/26/12
to cas-...@lists.jasig.org
> Will the fix get into 3.5.2? Jira says it is resolved in 4.0rc1.
There are no plans at the moment for a 3.5.2, but this could perhaps
be justification. I need it, so I'm willing to do the work. I could
look over recent commits to see if anything else looks like a good fit
for cherry picks into 3.5.x. Anyone else have suggested features to
pull into a potential 3.5.2 release?
M
Andrew Morgan
Oct 26, 2012, 5:03:15 PM10/26/12
to cas-...@lists.jasig.org
On Fri, 26 Oct 2012, Marvin Addison wrote:
>> Will the fix get into 3.5.2? Jira says it is resolved in 4.0rc1.
>
> There are no plans at the moment for a 3.5.2, but this could perhaps
> be justification. I need it, so I'm willing to do the work. I could
> look over recent commits to see if anything else looks like a good fit
> for cherry picks into 3.5.x. Anyone else have suggested features to
> pull into a potential 3.5.2 release?
Are there any LPPE-related fixes? I'm going to be testing that today. :)
>
> There are no plans at the moment for a 3.5.2, but this could perhaps
> be justification. I need it, so I'm willing to do the work. I could
> look over recent commits to see if anything else looks like a good fit
> for cherry picks into 3.5.x. Anyone else have suggested features to
> pull into a potential 3.5.2 release?
Andy
Misagh Moayyed
Oct 26, 2012, 5:24:39 PM10/26/12
to cas-...@lists.jasig.org
There haven't been any LPPE fixes yet, but I have a couple of pretty small
pulls (#147, #148) that if accepted, think might be fair candidates for
3.5.2.
Links:
https://github.com/Jasig/cas/pull/148
https://github.com/Jasig/cas/pull/147
-Misagh
> -----Original Message-----
> From: Andrew Morgan [mailto:mor...@orst.edu]
> Sent: Friday, October 26, 2012 2:03 PM
> To: cas-...@lists.jasig.org
> Subject: Re: [cas-user] LDAP auth failed logging in v3.5.1
>
> On Fri, 26 Oct 2012, Marvin Addison wrote:
>
> >> Will the fix get into 3.5.2? Jira says it is resolved in 4.0rc1.
> >
> > There are no plans at the moment for a 3.5.2, but this could perhaps
> > be justification. I need it, so I'm willing to do the work. I could
> > look over recent commits to see if anything else looks like a good fit
> > for cherry picks into 3.5.x. Anyone else have suggested features to
> > pull into a potential 3.5.2 release?
>
> Are there any LPPE-related fixes? I'm going to be testing that today.
:)
>
> Andy
>
> --
> You are currently subscribed to cas-...@lists.jasig.org as:
> mmoa...@unicon.net To unsubscribe, change settings or access archives,
pulls (#147, #148) that if accepted, think might be fair candidates for
3.5.2.
Links:
https://github.com/Jasig/cas/pull/148
https://github.com/Jasig/cas/pull/147
-Misagh
> -----Original Message-----
> From: Andrew Morgan [mailto:mor...@orst.edu]
> Sent: Friday, October 26, 2012 2:03 PM
> To: cas-...@lists.jasig.org
> Subject: Re: [cas-user] LDAP auth failed logging in v3.5.1
>
> On Fri, 26 Oct 2012, Marvin Addison wrote:
>
> >> Will the fix get into 3.5.2? Jira says it is resolved in 4.0rc1.
> >
> > There are no plans at the moment for a 3.5.2, but this could perhaps
> > be justification. I need it, so I'm willing to do the work. I could
> > look over recent commits to see if anything else looks like a good fit
> > for cherry picks into 3.5.x. Anyone else have suggested features to
> > pull into a potential 3.5.2 release?
>
> Are there any LPPE-related fixes? I'm going to be testing that today.
:)
>
> Andy
>
> --
> You are currently subscribed to cas-...@lists.jasig.org as:
Andrew Morgan
Oct 26, 2012, 5:35:12 PM10/26/12
to cas-...@lists.jasig.org
How about this list, from the LPPE wiki page:
https://issues.jasig.org/secure/IssueNavigator.jspa?reset=true&jqlQuery=project%20=%20CAS%20AND%20%28summary%20~%20LPPE%20OR%20description%20~%20LPPE%20OR%20component%20in%20%28%27LPPE%27%29%20%29%20AND%20status%20in%20%28Open,%20%22In%20Progress%22,%20Reopened,%20%22Pending%20Review%22%29&tempMax=1000
Andy
> You are currently subscribed to cas-...@lists.jasig.org as: mor...@orst.edu
https://issues.jasig.org/secure/IssueNavigator.jspa?reset=true&jqlQuery=project%20=%20CAS%20AND%20%28summary%20~%20LPPE%20OR%20description%20~%20LPPE%20OR%20component%20in%20%28%27LPPE%27%29%20%29%20AND%20status%20in%20%28Open,%20%22In%20Progress%22,%20Reopened,%20%22Pending%20Review%22%29&tempMax=1000
Andy
Andrew Morgan
Nov 27, 2012, 1:16:16 PM11/27/12
to cas-...@lists.jasig.org
On Fri, 26 Oct 2012, Marvin Addison wrote:
>> Will the fix get into 3.5.2? Jira says it is resolved in 4.0rc1.
>
> There are no plans at the moment for a 3.5.2, but this could perhaps
> be justification. I need it, so I'm willing to do the work. I could
> look over recent commits to see if anything else looks like a good fit
> for cherry picks into 3.5.x. Anyone else have suggested features to
> pull into a potential 3.5.2 release?
Is there any news on a 3.5.2 release? We would like to upgrade from
>
> There are no plans at the moment for a 3.5.2, but this could perhaps
> be justification. I need it, so I'm willing to do the work. I could
> look over recent commits to see if anything else looks like a good fit
> for cherry picks into 3.5.x. Anyone else have suggested features to
> pull into a potential 3.5.2 release?
3.4.x, but the LDAP auth failed logging is really annoying in 3.5.1.
Thanks,
Andy
Reply all
Reply to author
Forward
0 new messages