ok...I will try that :) I want to send you a pizza once I get this working LOL
On Tuesday, May 15, 2018 at 1:49:42 PM UTC-4, David Curry wrote: > > This is a guess, but your dnFormat doesn't look very AD-ish to me. I note > that you have an "ou=Users" in the commented-out bindDn; shouldn't you have > that in dnFormat as well? > > If you can, bring up one of the AD tools (under Windows) and look yourself > up, and copy the DN string exactly. > > --Dave > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • [email protected] <javascript:> > > [image: The New School] > > On Tue, May 15, 2018 at 1:31 PM, Jennifer LaVoie <[email protected] > <javascript:>> wrote: > >> Thanks Dave...I had to format my ldap stuff in the cas.properties >> differently >> >> It now looks like this >> >> cas.authn.ldap[0].order: 0 >> cas.authn.ldap[0].name: Active Directory >> cas.authn.ldap[0].type: AD >> cas.authn.ldap[0].ldapUrl: ldaps:// >> xxx.campus.bridgew.edu:636 >> cas.authn.ldap[0].validatePeriod: 270 >> cas.authn.ldap[0].poolPassivator: NONE >> cas.authn.ldap[0].userFilter: sAMAccountName={user} >> cas.authn.ldap[0].baseDn: dc=campus,dc=bridgew,dc=edu >> #cas.authn.ldap[0].bindDn: >> cn=cas5,ou=Users,dc=campus,dc=bridgew,dc=edu >> #cas.authn.ldap[0].bindCredential: xxxx >> cas.authn.ldap[0].dnFormat: cn=%s,dc=campus,dc=bridgew,dc=edu >> >> and now the page loads, but I still can't log in >> >> When I netstat -anop | grep java >> >> [root@cas3-dev bin]# netstat -anop |grep java >> tcp 0 0 127.0.0.1:8005 0.0.0.0:* >> LISTEN 1795/java off (0.00/0/0) >> tcp 0 0 0.0.0.0:8009 0.0.0.0:* >> LISTEN 1795/java off (0.00/0/0) >> tcp 0 0 0.0.0.0:8443 0.0.0.0:* >> LISTEN 1795/java off (0.00/0/0) >> tcp 0 0 10.20.32.131:48450 10.20.16.65:636 >> ESTABLISHED 1795/java off (0.00/0/0) >> tcp 0 0 10.20.32.131:48452 10.20.16.65:636 >> ESTABLISHED 1795/java off (0.00/0/0) >> tcp 0 0 10.20.32.131:48446 10.20.16.65:636 >> ESTABLISHED 1795/java off (0.00/0/0) >> tcp 0 0 10.20.32.131:48448 10.20.16.65:636 >> ESTABLISHED 1795/java off (0.00/0/0) >> tcp 0 0 10.20.32.131:48456 10.20.16.65:636 >> ESTABLISHED 1795/java off (0.00/0/0) >> tcp 0 0 10.20.32.131:48454 10.20.16.65:636 >> ESTABLISHED 1795/java off (0.00/0/0) >> unix 3 [ ] STREAM CONNECTED 31497 1795/java >> >> unix 2 [ ] STREAM CONNECTED 31408 1795/java >> >> unix 3 [ ] STREAM CONNECTED 31498 1795/java >> >> unix 3 [ ] STREAM CONNECTED 30719 1795/java >> >> unix 3 [ ] STREAM CONNECTED 30720 1795/java >> >> unix 2 [ ] STREAM CONNECTED 31781 1795/java >> >> so things seem to be bound correctly >> >> Here is my catalina.out grepping for jennifer.lavoie (username) >> >> 2018-05-15 13:27:45,866 DEBUG >> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] >> >> - <Examining credential [jennifer.lavoie] eligibility for authentication >> handler [Active Directory]> >> 2018-05-15 13:27:45,867 DEBUG >> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] >> >> - <Credential [jennifer.lavoie] eligibility is [Active Directory] for >> authentication handler [true]> >> 2018-05-15 13:27:45,868 DEBUG >> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] >> >> - <Attempting to encode credential password via >> [org.springframework.security.crypto.password.NoOpPasswordEncoder] for >> [jennifer.lavoie]> >> 2018-05-15 13:27:45,868 DEBUG >> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] >> >> - <Attempting authentication internally for transformed credential >> [jennifer.lavoie]> >> 2018-05-15 13:27:45,869 DEBUG >> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting >> LDAP authentication for [jennifer.lavoie]. Authenticator pre-configured >> attributes are [null], additional requested attributes for this >> authentication request are [[]]> >> 2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.FormatDnResolver] - >> <Formatting DN for jennifer.lavoie with cn=%s,dc=campus,dc=bridgew,dc=edu> >> 2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.Authenticator] - >> <authenticate dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu with >> request=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie, >> >> context=null], returnAttributes=[], controls=null]> >> 2018-05-15 13:27:45,869 DEBUG >> [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate >> criteria=[org.ldaptive.auth.AuthenticationCriteria@157874454::dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, >> >> authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie, >> >> context=null], returnAttributes=[], controls=null]]> >> 2018-05-15 13:27:45,873 DEBUG [org.ldaptive.BindOperation] - <execute >> request=[org.ldaptive.BindRequest@632797964::bindDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, >> >> saslConfig=null, >> controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticality=false, >> >> timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]], >> referralHandler=null, intermediateResponseHandlers=null] with >> connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps:// >> boydendc-prd.campus.bridgew.edu:636, connectTimeout=PT5S, >> responseTimeout=PT5S, >> sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null, >> trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, >> enabledCipherSuites=null, enabledProtocols=null, >> handshakeCompletedListeners=null], useSSL=true, useStartTLS=false, >> connectionInitializer=null, >> connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c], >> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps:// >> boydendc-prd.campus.bridgew.edu:636, count=1], >> environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory, >> >> com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3, >> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, >> java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000}, >> classLoader=null, >> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR, >> >> SERVER_DOWN], properties={}, >> controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0, >> environment=null, tracePackets=null, removeDnUrls=true, >> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, >> PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, >> hostnameVerifier=null]], >> providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3]> >> 2018-05-15 13:27:45,874 DEBUG >> [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate >> response=[org.ldaptive.auth.AuthenticationHandlerResponse@728104502::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps:// >> boydendc-prd.campus.bridgew.edu:636, connectTimeout=PT5S, >> responseTimeout=PT5S, >> sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null, >> trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, >> enabledCipherSuites=null, enabledProtocols=null, >> handshakeCompletedListeners=null], useSSL=true, useStartTLS=false, >> connectionInitializer=null, >> connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c], >> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps:// >> boydendc-prd.campus.bridgew.edu:636, count=1], >> environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory, >> >> com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3, >> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, >> java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000}, >> classLoader=null, >> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR, >> >> SERVER_DOWN], properties={}, >> controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0, >> environment=null, tracePackets=null, removeDnUrls=true, >> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, >> PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, >> hostnameVerifier=null]], >> providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3], >> result=false, resultCode=INVALID_CREDENTIALS, >> message=javax.naming.AuthenticationException: [LDAP: error code 49 - >> 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, >> data 52e, v2580], controls=null] for >> criteria=[org.ldaptive.auth.AuthenticationCriteria@157874454::dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, >> >> authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie, >> >> context=null], returnAttributes=[], controls=null]]> >> 2018-05-15 13:27:45,874 INFO [org.ldaptive.auth.Authenticator] - >> <Authentication failed for dn: >> cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu> >> 2018-05-15 13:27:45,874 DEBUG [org.ldaptive.auth.Authenticator] - >> <authenticate >> response=[org.ldaptive.auth.AuthenticationHandlerResponse@728104502::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps:// >> boydendc-prd.campus.bridgew.edu:636, connectTimeout=PT5S, >> responseTimeout=PT5S, >> sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null, >> trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, >> enabledCipherSuites=null, enabledProtocols=null, >> handshakeCompletedListeners=null], useSSL=true, useStartTLS=false, >> connectionInitializer=null, >> connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c], >> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps:// >> boydendc-prd.campus.bridgew.edu:636, count=1], >> environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory, >> >> com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3, >> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, >> java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000}, >> classLoader=null, >> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR, >> >> SERVER_DOWN], properties={}, >> controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0, >> environment=null, tracePackets=null, removeDnUrls=true, >> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, >> PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, >> hostnameVerifier=null]], >> providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3], >> result=false, resultCode=INVALID_CREDENTIALS, >> message=javax.naming.AuthenticationException: [LDAP: error code 49 - >> 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, >> data 52e, v2580], controls=null] for >> dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu with >> request=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie, >> >> context=null], returnAttributes=[], controls=null]> >> 2018-05-15 13:27:45,874 DEBUG >> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response: >> [[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, >> >> resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, >> ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]], >> accountState=null, result=false, resultCode=INVALID_CREDENTIALS, >> message=javax.naming.AuthenticationException: [LDAP: error code 49 - >> 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, >> data 52e, v2580], controls=null]]> >> 2018-05-15 13:27:45,875 DEBUG >> [org.apereo.cas.authentication.support.DefaultLdapPasswordPolicyHandlingStrategy] >> >> - <Applying password policy >> [[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, >> >> resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, >> ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]], >> accountState=null, result=false, resultCode=INVALID_CREDENTIALS, >> message=javax.naming.AuthenticationException: [LDAP: error code 49 - >> 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, >> data 52e, v2580], controls=null]] to >> [org.apereo.cas.authentication.support.DefaultAccountStateHandler@42608b36]> >> 2018-05-15 13:27:45,876 DEBUG >> [org.apereo.cas.authentication.support.DefaultAccountStateHandler] - >> <Attempting to handle LDAP account state for >> [[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, >> >> resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, >> ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]], >> accountState=null, result=false, resultCode=INVALID_CREDENTIALS, >> message=javax.naming.AuthenticationException: [LDAP: error code 49 - >> 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, >> data 52e, v2580], controls=null]]> >> 2018-05-15 13:27:45,877 ERROR >> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> <Authentication has failed. Credentials may be incorrect or CAS cannot find >> authentication handler that supports [jennifer.lavoie] of type >> [UsernamePasswordCredential]. Examine the configuration to ensure a method >> of authentication is defined and analyze CAS logs at DEBUG level to trace >> the authentication event.> >> WHO: jennifer.lavoie >> WHAT: Supplied credentials: [jennifer.lavoie] >> [root@cas3-dev bin]# >> >> >> >> >> On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote: >>> >>> Looks like the CAS webapp isn't starting. catalina.out should tell you >>> what happened? >>> >>> -- >>> >>> DAVID A. CURRY, CISSP >>> *DIRECTOR OF INFORMATION SECURITY* >>> INFORMATION TECHNOLOGY >>> >>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> >>> +1 212 229-5300 x4728 • [email protected] >>> >>> [image: The New School] >>> >>> On Tue, May 15, 2018 at 11:35 AM, Jennifer LaVoie <[email protected]> >>> wrote: >>> >>>> I updated my pom.xml last week to install LDAP, but I didn't redeploy >>>> the war file...so I did that today, but now I can't reach >>>> https://cas3.xxx.xxx/cas/login >>>> >>>> I can still see my self signed cert though, so I didn't wipe out my >>>> server.xml file... >>>> >>>> If i go to here >>>> >>>> https://cas3.xxx.xxx:8443/ I do see the default apache page is >>>> loading. >>>> >>>> >>>> HTTP Status 404 – Not Found >>>> ------------------------------ >>>> >>>> *Type* Status Report >>>> >>>> *Message* /cas/login >>>> >>>> *Description* The origin server did not find a current representation >>>> for the target resource or is not willing to disclose that one exists. >>>> ------------------------------ >>>> Apache Tomcat/9.0.7 >>>> >>>> What did I break LOL >>>> >>>> Thank gods, I made a snapshot >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a32cb4a3-5382-4f5e-a933-de38268b3d12%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a32cb4a3-5382-4f5e-a933-de38268b3d12%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/51dfe849-550b-456b-8289-a1ce9cc1c524%40apereo.org.
