Hi everyone
My scenario ideal is the next: - The user try the page with CAS security - CAS uses spnego por autehtication - If there is an error of authentication, try by LDAP with user/password But Now, I get the next: - The user try the page with CAS security - CAS uses spnego por autehtication - If there is an error (By example, an external user without windows user), Fails. Could you help me? CAS. Properties cas.webflow.autoconfigure=true cas.authn.spnego.order=0 # cas.authn.spnego.mixed-mode-authentication=false # cas.authn.spnego.supported-browsers=MSIE,Trident,Firefox,AppleWebKit # cas.authn.spnego.send401-on-authentication-failure=true # cas.authn.spnego.ntlm-allowed=true # cas.authn.spnego.principal-with-domain-name=false # cas.authn.spnego.name= # cas.authn.spnego.ntlm=false cas.authn.spnego.mixed-mode-authentication=false cas.authn.spnego.ntlm-allowed=true cas.authn.spnego.ntlm=false cas.authn.spnego.send401-on-authentication-failure=true cas.authn.spnego.system.login-conf=./etc/cas/config/login.conf cas.authn.spnego.system.kerberos-conf=./etc/cas/config/krb5.conf cas.authn.spnego.system.kerberos-realm=estepario-win.net cas.authn.spnego.system.kerberos-debug=true cas.authn.spnego.system.use-subject-creds-only=false cas.authn.spnego.system.kerberos-kdc=xxx.xx.xx.xx # cas.authn.spnego.properties[0].cache-policy=600 cas.authn.spnego.properties[0].jcifs-domain-controller=ESTEPARIO-WIN.NET cas.authn.spnego.properties[0].jcifs-domain=estepario-win.net cas.authn.spnego.properties[0].jcifs-password=xxxxxxxxxx cas.authn.spnego.properties[0].jcifs-username=administrator cas.authn.spnego.properties[0].jcifs-service-password=Pass001. cas.authn.spnego.properties[0].timeout=300000 cas.authn.spnego.properties[0] .jcifs-service-principal=HTTP/[email protected] # cas.authn.spnego.properties[0].jcifs-netbios-wins= cas.authn.spnego.host-name-client-action-strategy=hostnameSpnegoClientAction #cas.authn.spnego.mixed-mode-authentication=true # cas.authn.spnego.alternative-remote-host-attribute=alternateRemoteHeader # cas.authn.spnego.ips-to-check-pattern=127.+ # cas.authn.spnego.dns-timeout=2000 # cas.authn.spnego.host-name-pattern-string=.+ cas.authn.spnego.spnego-attribute-name=sAMAccountName cas.authn.spnego.ldap.ldapUrl=ldap://estepario-win01.estepario-win.net cas.authn.spnego.ldap.baseDn=DC=estepario-win,DC=net cas.authn.spnego.ldap.bindDn=CN=Administrator,CN=Users,DC=estepario-win,DC=net cas.authn.spnego.ldap.bindCredential=xxxxxxxxxxxxxxxxxx cas.authn.spnego.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.spnego.ldap.userFilter= sAMAccountName={user} cas.authn.ldap[0].enabled=false cas.authn.ldap[0].order=1 cas.authn.ldap[0].name= Active Directory cas.authn.ldap[0].type= AD cas.authn.ldap[0].ldapUrl= ldap://estepario-win01.estepario-win.net cas.authn.ldap[0].validatePeriod= 270 cas.authn.ldap[0].poolPassivator= NONE cas.authn.ldap[0].userFilter= sAMAccountName={user} cas.authn.ldap[0].baseDn= DC=estepario-win,DC=net cas.authn.ldap[0].dnFormat= cn=%s,CN=Users,DC=estepario-win,DC=net cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,sAMAccountName cas.authn.ldap[0].bindDn=CN=Administrator,CN=Users,DC=estepario-win,DC=net cas.authn.ldap[0].bindCredential=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Log 2021-02-05 20:01:32.686 WARN 128780 --- [nio-8080-exec-1] o.a.c.w.f.SpnegoCredentialsAction : SPNEGO Authorization header is not found under [Authorization] 2021-02-05 20:01:32.688 INFO 128780 --- [nio-8080-exec-1] .AbstractNonInteractiveCredentialsAction : No credentials could be extracted/detected from the current request 2021-02-05 20:01:32.689 INFO 128780 --- [nio-8080-exec-1] o.a.c.w.f.SpnegoCredentialsAction : Action execution disallowed; pre-execution result is 'error' 2021-02-05 20:01:46.510 INFO 128780 --- [nio-8080-exec-2] o.a.i.a.s.Slf4jLoggingAuditTrailManager : Audit trail record BEGIN Thanks in advance If you help me, I will send you Beer, wine or Milk, as you preferred -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7423b393-973b-48a9-ba38-ee589e13e8fbn%40apereo.org.
