Thanks Dave...I had to format my ldap stuff in the cas.properties
differently
It now looks like this
cas.authn.ldap[0].order: 0
cas.authn.ldap[0].name: Active Directory
cas.authn.ldap[0].type: AD
cas.authn.ldap[0].ldapUrl: ldaps://xxx.campus.bridgew.edu:636
cas.authn.ldap[0].validatePeriod: 270
cas.authn.ldap[0].poolPassivator: NONE
cas.authn.ldap[0].userFilter: sAMAccountName={user}
cas.authn.ldap[0].baseDn: dc=campus,dc=bridgew,dc=edu
#cas.authn.ldap[0].bindDn:
cn=cas5,ou=Users,dc=campus,dc=bridgew,dc=edu
#cas.authn.ldap[0].bindCredential: xxxx
cas.authn.ldap[0].dnFormat: cn=%s,dc=campus,dc=bridgew,dc=edu
and now the page loads, but I still can't log in
When I netstat -anop | grep java
[root@cas3-dev bin]# netstat -anop |grep java
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN
1795/java off (0.00/0/0)
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN
1795/java off (0.00/0/0)
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48450 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48452 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48446 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48448 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48456 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48454 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
unix 3 [ ] STREAM CONNECTED 31497 1795/java
unix 2 [ ] STREAM CONNECTED 31408 1795/java
unix 3 [ ] STREAM CONNECTED 31498 1795/java
unix 3 [ ] STREAM CONNECTED 30719 1795/java
unix 3 [ ] STREAM CONNECTED 30720 1795/java
unix 2 [ ] STREAM CONNECTED 31781 1795/java
so things seem to be bound correctly
Here is my catalina.out grepping for jennifer.lavoie (username)
2018-05-15 13:27:45,866 DEBUG
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
- <Examining credential [jennifer.lavoie] eligibility for authentication
handler [Active Directory]>
2018-05-15 13:27:45,867 DEBUG
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
- <Credential [jennifer.lavoie] eligibility is [Active Directory] for
authentication handler [true]>
2018-05-15 13:27:45,868 DEBUG
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
- <Attempting to encode credential password via
[org.springframework.security.crypto.password.NoOpPasswordEncoder] for
[jennifer.lavoie]>
2018-05-15 13:27:45,868 DEBUG
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
- <Attempting authentication internally for transformed credential
[jennifer.lavoie]>
2018-05-15 13:27:45,869 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting
LDAP authentication for [jennifer.lavoie]. Authenticator pre-configured
attributes are [null], additional requested attributes for this
authentication request are [[]]>
2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.FormatDnResolver] -
<Formatting DN for jennifer.lavoie with cn=%s,dc=campus,dc=bridgew,dc=edu>
2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu with
request=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie,
context=null], returnAttributes=[], controls=null]>
2018-05-15 13:27:45,869 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
criteria=[org.ldaptive.auth.AuthenticationCriteria@157874454::dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie,
context=null], returnAttributes=[], controls=null]]>
2018-05-15 13:27:45,873 DEBUG [org.ldaptive.BindOperation] - <execute
request=[org.ldaptive.BindRequest@632797964::bindDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
saslConfig=null,
controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticality=false,
timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]],
referralHandler=null, intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
connectTimeout=PT5S, responseTimeout=PT5S,
sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null,
trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=true, useStartTLS=false,
connectionInitializer=null,
connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
count=1],
environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory,
com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000},
classLoader=null,
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null,
hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3]>
2018-05-15 13:27:45,874 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@728104502::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
connectTimeout=PT5S, responseTimeout=PT5S,
sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null,
trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=true, useStartTLS=false,
connectionInitializer=null,
connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
count=1],
environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory,
com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000},
classLoader=null,
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null,
hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3],
result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null] for
criteria=[org.ldaptive.auth.AuthenticationCriteria@157874454::dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie,
context=null], returnAttributes=[], controls=null]]>
2018-05-15 13:27:45,874 INFO [org.ldaptive.auth.Authenticator] -
<Authentication failed for dn:
cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu>
2018-05-15 13:27:45,874 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@728104502::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
connectTimeout=PT5S, responseTimeout=PT5S,
sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null,
trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=true, useStartTLS=false,
connectionInitializer=null,
connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
count=1],
environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory,
com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000},
classLoader=null,
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null,
hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3],
result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null] for
dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu with
request=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie,
context=null], returnAttributes=[], controls=null]>
2018-05-15 13:27:45,874 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response:
[[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]],
accountState=null, result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null]]>
2018-05-15 13:27:45,875 DEBUG
[org.apereo.cas.authentication.support.DefaultLdapPasswordPolicyHandlingStrategy]
- <Applying password policy
[[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]],
accountState=null, result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null]] to
[org.apereo.cas.authentication.support.DefaultAccountStateHandler@42608b36]>
2018-05-15 13:27:45,876 DEBUG
[org.apereo.cas.authentication.support.DefaultAccountStateHandler] -
<Attempting to handle LDAP account state for
[[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]],
accountState=null, result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null]]>
2018-05-15 13:27:45,877 ERROR
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authentication has failed. Credentials may be incorrect or CAS cannot find
authentication handler that supports [jennifer.lavoie] of type
[UsernamePasswordCredential]. Examine the configuration to ensure a method
of authentication is defined and analyze CAS logs at DEBUG level to trace
the authentication event.>
WHO: jennifer.lavoie
WHAT: Supplied credentials: [jennifer.lavoie]
[root@cas3-dev bin]#
On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote:
>
> Looks like the CAS webapp isn't starting. catalina.out should tell you
> what happened?
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • [email protected] <javascript:>
>
> [image: The New School]
>
> On Tue, May 15, 2018 at 11:35 AM, Jennifer LaVoie <[email protected]
> <javascript:>> wrote:
>
>> I updated my pom.xml last week to install LDAP, but I didn't redeploy the
>> war file...so I did that today, but now I can't reach
>> https://cas3.xxx.xxx/cas/login
>>
>> I can still see my self signed cert though, so I didn't wipe out my
>> server.xml file...
>>
>> If i go to here
>>
>> https://cas3.xxx.xxx:8443/ I do see the default apache page is loading.
>>
>>
>> HTTP Status 404 – Not Found
>> ------------------------------
>>
>> *Type* Status Report
>>
>> *Message* /cas/login
>>
>> *Description* The origin server did not find a current representation
>> for the target resource or is not willing to disclose that one exists.
>> ------------------------------
>> Apache Tomcat/9.0.7
>>
>> What did I break LOL
>>
>> Thank gods, I made a snapshot
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a32cb4a3-5382-4f5e-a933-de38268b3d12%40apereo.org.
