I got authentication working against Active Directory and used type=AD.
Below is the config I used in yaml format. I can't say that all the
configuration is necessary and I am not doing much at this point beyond
logging in to cas (using sAMAccountName as username).
I couldn't get spring-boot:run to work with any support dependencies (ldap,
x509, etc) until I made one maven project that builds a war using the stock
overlay plus dependencies like cas-server-support-ldap, etc and I use
another maven module that overlays config and let's me run "mvn
spring-boot:run" using the war built in the first project. I was having
classloading issues trying to do it in one project.
cas:
authn:
accept.users:
ldap:
- type: AD
ldapUrl: ldap://10.123.123.123:389
useSsl: false
useStartTls: false
baseDn: cn=Users,dc=somedomain,dc=org
dnFormat: '%s...@somedomain.org'
userFilter: sAMAccountName={user}
subtreeSearch: true
usePasswordPolicy: false
bindDn: someu...@somedomain.org
bindCredential: someusersP@ssw0rd
principalAttributeId: sAMAccountName
principalAttributePassword: unicodePwd
principalAttributeList: sn, cn, givenName, sAMAccountName
allowMultiplePrincipalAttributeValues: true
additionalAttributes: memberOf
minPoolSize: 0
maxPoolSize: 10
validateOnCheckout: true
validatePeriodically: true
validatePeriod: 600
principalTransformation.caseConversion: LOWERCASE
failFast: false
On Tuesday, December 13, 2016 at 2:51:16 PM UTC-5, mohammad almodallal
wrote:
>
> Hello Richard,
>
> Yes, and many thanks for the greet efforts done.
>
> Regards.
>
> On Tuesday, December 13, 2016 at 5:17:36 PM UTC+3, richard.frovarp wrote:
>>
>> +1
>>
>> I know that documentation is a work in progress, and that patches are
>> welcome. Right now the most difficult part of setting it up is figuring out
>> what each configuration value is used for and how it works. In general this
>> new configuration method is less painful than the XML method, but it does
>> hide some of the details, which did help in figuring things out.
>>
>> On Dec 13, 2016 05:00, mohammad almodallal <mmda...@gmail.com> wrote:
>>
>> Thank you, but I think it needs to be documented.
>>
>> On Tuesday, December 13, 2016 at 1:51:46 PM UTC+3, dkopy...@unicon.net
>> wrote:
>>
>> Basically different ldaptive Authenticator implementation is instantiated
>> under the hood, based on the value.
>>
>> If you want to learn the details there are two options: a) Dive deep into
>> the CAS server code and learn yourself b) higher some CAS experts to do the
>> training and explain all of this to you.
>>
>> Best,
>> D.
>>
>> On Dec 13, 2016, 05:46 -0500, mohammad almodallal <mmda...@gmail.com>,
>> wrote:
>>
>> Hell,
>>
>> it works with cas.authn.ldap[0].type=AUTHENTICATED not with AD
>> what is the difference between them?
>>
>> Thanks.
>>
>> On Tuesday, December 13, 2016 at 1:40:46 PM UTC+3, mohammad almodallal
>> wrote:
>>
>> already set
>> cas.authn.ldap[0].type=AD
>>
>> On Tuesday, December 13, 2016 at 1:38:08 PM UTC+3, dkopy...@unicon.net
>> wrote:
>>
>> You want to make sure that the following property is set:
>> cas.authn.ldap[0].type
>> with either one of these values: AD, AUTHENTICATED, DIRECT, ANONYMOUS,
>> SASL
>>
>> Best,
>> D.
>>
>> On Dec 13, 2016, 04:20 -0500, mohammad almodallal <mmda...@gmail.com>,
>> wrote:
>>
>> Hello Philippe,
>>
>> the cas.properties was containing cas.authn.attributeRepository instead
>> of cas.authn.ldap[0]
>> anyway I'm using Active Directory does this make diffrence?
>> for the cas-server-support-ldap yes it is already included
>>
>> but I still get errors like
>>
>> 2016-12-13 12:14:20,367 INFO
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <AcceptUsersAuthenticationHandler failed authenticating testuser>
>> 2016-12-13 12:14:20,368 WARN
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>> authentication handler that supports [testuser] of type
>> [UsernamePasswordCredential], which suggests a configuration problem.>
>>
>>
>> have you any idea could help?
>>
>> Thanks.
>>
>> 2016-12-13 12:14:20,367 INFO
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <AcceptUsersAuthenticationHandler failed authenticating testuser>
>> 2016-12-13 12:14:20,368 WARN
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>> authentication handler that supports [testuser] of type
>> [UsernamePasswordCredential], which suggests a configuration problem.>
>>
>> On Monday, December 12, 2016 at 2:11:50 PM UTC+3, Philippe MARASSE wrote:
>>
>> Hello,
>>
>> The reference documentation is
>> https://apereo.github.io/cas/development/installation/Configuration-Properties.html#ldap
>>
>> cas.authn.ldap[0].ldapUrl=ldap://ldap1.mydomain.com ldap://
>> ldap2.mydomain.com
>> cas.authn.ldap[0].useSsl=false
>> cas.authn.ldap[0].useStartTls=false
>>
>> cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
>>
>> Others parameters depend upon your AD configuration.
>>
>> According to your log, it seems that LDAP support is not configured. Do
>> you use maven overlay method ? If so, do you have a dependency section like
>> :
>>
>> <dependency>
>> <groupId>org.apereo.cas</groupId>
>> <artifactId>cas-server-support-ldap</artifactId>
>> <version>${cas.version}</version>
>> </dependency>
>>
>> Regards.
>>
>> Le 12/12/2016 à 11:10, mohammad almodallal a écrit :
>>
>> Hello Philippe,
>>
>> also, please I've already configure the cas.properties and still getting
>> the following logs for authentication
>>
>> er.support.HttpBasedServiceCredentialsAuthenticationHandler@6537e53c,
>> org.apereo.cas.authentication.AcceptUsersAuthenticationHandler@594da5db]>
>> 2016-12-12 13:01:13,716 DEBUG
>> [org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] -
>> <testuser was not found in the map.>
>> 2016-12-12 13:01:13,718 INFO
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <AcceptUsersAuthenticationHandler failed authenticating testuser>
>> 2016-12-12 13:01:13,719 DEBUG
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <AcceptUsersAuthenticationHandler exception details: testuser not found in
>> backing map.>
>> 2016-12-12 13:01:13,721 WARN
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <Authentication has failed. Credentials may be incorrect or CAS cannot find
>> authentication handler that supports [testuser] of type
>> [UsernamePasswordCredential], which suggests a configuration problem.>
>> 2016-12-12 13:01:13,722 DEBUG
>> [org.apereo.cas.audit.spi.ThreadLocalPrincipalResolver] - <Resolving
>> principal at audit point [execution(Authentication
>> org.apereo.cas.authentication.AbstractAuthenticationManager.authenticate(AuthenticationTransaction))]
>>
>> with thrown exception
>> [org.apereo.cas.authentication.AuthenticationException: 1 errors, 0
>> successes]>
>>
>> Thanks.
>>
>> On Monday, December 12, 2016 at 12:58:08 PM UTC+3, mohammad almodallal
>> wrote:
>>
>> Hell Philippe,
>>
>> So how to we can configure the LDAP authentication handler?
>>
>> Thanks.
>>
>>
>>
>> On Monday, December 12, 2016 at 12:01:20 PM UTC+3, Philippe MARASSE
>> wrote:
>>
>> Hello,
>>
>> No, it's neither required nor recommended with this version of CAS.
>>
>> Regards
>>
>> Le 12/12/2016 à 08:19, mohammad almodallal a écrit :
>>
>> Hello,
>>
>> should we use the deployerConfigContext.xml in CAS-5.0.0 to integrate
>> with Active Directory?
>>
>> Thanks.
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b613c270-c10a-44c5-ba96-de42a546f57f%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b613c270-c10a-44c5-ba96-de42a546f57f%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>>
>> --
>> Philippe MARASSE
>>
>> Responsable pôle Infrastructures - DSIO
>> Centre Hospitalier Henri Laborit
>> CS 10587 - 370 avenue Jacques Cœur
>> 86021 Poitiers Cedex
>> Tel : 05.49.44.57.19
>>
>>
>> --
>> Philippe MARASSE
>>
>> Responsable pôle Infrastructures - DSIO
>> Centre Hospitalier Henri Laborit
>> CS 10587 - 370 avenue Jacques Cœur
>> 86021 Poitiers Cedex
>> Tel : 05.49.44.57.19
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9cb14d4b-cc9c-4ec6-a8cf-b1afd37e1e7c%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9cb14d4b-cc9c-4ec6-a8cf-b1afd37e1e7c%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0216a7db-bad2-4d5f-bed1-d34288c5dfdc%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0216a7db-bad2-4d5f-bed1-d34288c5dfdc%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>>
>>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0fccf08-ef69-43a2-a756-3666cad80f36%40apereo.org.
