Are you running the upgrade on a new host? A custom certificate?
You can create a certificate with build.sh gencert and import it with command
at bottom of
https://apereo.github.io/cas/5.3.x/installation/X509-Authentication.html
Ray
On Tue, 2018-11-20 at 09:03 -0800, MD. Fazla Rabby wrote:
We are already using CAS5.2 and password management working fine. But for CAS
version 6 we are getting the ldap referral error
"java.security.cert.CertificateException: Hostname does not match the hostname
in the server's certificate site:stackoverflow.com"
How to get around with this
This is my cas.properties
cas.authn.pm.enabled=true
cas.authn.pm.policyPattern=^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%~()_{}-]).{8,}$
cas.authn.pm.reset.text=Reset your password with this link: %s
cas.authn.pm.reset.subject=Password Reset Request
cas.authn.pm.reset.from=myemail.mydomain.com
#password reset expiry is set to 1 day equivalent minutes
cas.authn.pm.reset.expirationMinutes=1440
cas.authn.pm.reset.emailAttribute=secondaryEmail
cas.authn.pm.reset.securityQuestionsEnabled=true
# Automatically log in after successful password change
cas.authn.pm.autoLogin=false
# Used to sign/encrypt the password-reset link
cas.authn.pm.reset.crypto.encryption.key=asdasdasdasdasdasdasdasdasdasd
cas.authn.pm.reset.crypto.signing.key=asdasdasasdasdasdasdadsadasdasdasdasd
cas.authn.pm.reset.crypto.enabled=true
#Email Submissions
spring.mail.host=smtp.office365.com
spring.mail.port=587
[email protected]
spring.mail.password=pass
spring.mail.testConnection=true
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.starttls.enable=true
#
##LDAP Password management
#
cas.authn.pm.ldap.type=AD
#
cas.authn.pm.ldap.ldapUrl=ldaps://myldap:636
cas.authn.pm.ldap.useSsl=true
cas.authn.pm.ldap.useStartTls=false
cas.authn.pm.ldap.connectTimeout=50000
cas.authn.pm.ldap.baseDn=DC=xx,DC=xx,DC=xx,DC=xx
cas.authn.pm.ldap.searchFilter=cn={user}
cas.authn.pm.ldap.subtreeSearch=true
cas.authn.pm.ldap.bindDn=CN=xx,OU=xx,DC=xx,DC=xx,DC=xx,DC=xx
cas.authn.pm.ldap.bindCredential=pass
# cas.authn.pm.ldap.connectionStrategy=
cas.authn.pm.ldap.trustCertificates=file:/etc/cas/myldap.cer
## cas.authn.pm.ldap.keystore=
## cas.authn.pm.ldap.keystorePassword=
## cas.authn.pm.ldap.keystoreType=JKS|JCEKS|PKCS12
cas.authn.pm.ldap.poolPassivator=BIND
cas.authn.pm.ldap.minPoolSize=3
cas.authn.pm.ldap.maxPoolSize=10
cas.authn.pm.ldap.validateOnCheckout=true
cas.authn.pm.ldap.validatePeriodically=true
cas.authn.pm.ldap.validatePeriod=600
cas.authn.pm.ldap.validateTimeout=5000
cas.authn.pm.ldap.failFast=true
cas.authn.pm.ldap.idleTime=500
cas.authn.pm.ldap.prunePeriod=600
cas.authn.pm.ldap.blockWaitTime=5000
##cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
#
## Attributes that should be fetched to indicate security questions and answers,
## assuming security questions are enabled.
cas.authn.pm.ldap.securityQuestionsAttributes.attributeQuestion1=attributeAnswer1
cas.authn.pm.ldap.securityQuestionsAttributes.attributeQuestion2=attributeAnswer2
cas.authn.pm.ldap.securityQuestionsAttributes.attrQuestion3=attributeAnswer2
#
cas.authn.pm.ldap.validator.type=SEARCH
cas.authn.pm.ldap.validator.baseDn=DC=xx,DC=xx,DC=xx,DC=xx
##cas.authn.pm.ldap.validator.searchFilter=(objectClass=*)
cas.authn.pm.ldap.validator.scope=SUBTREE
--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1542734910.2802.5.camel%40uvic.ca.
