Thanks Dave...I had to format my ldap stuff in the cas.properties
differently
It now looks like this
cas.authn.ldap[0].order: 0
cas.authn.ldap[0].name: Active Directory
cas.authn.ldap[0].type: AD
cas.authn.ldap[0].ldapUrl: ldaps://xxx.campus.bridgew.edu:636
cas.authn.ldap[0].validatePeriod: 270
cas.authn.ldap[0].poolPassivator: NONE
cas.authn.ldap[0].userFilter: sAMAccountName={user}
cas.authn.ldap[0].baseDn: dc=campus,dc=bridgew,dc=edu
#cas.authn.ldap[0].bindDn:
cn=cas5,ou=Users,dc=campus,dc=bridgew,dc=edu
#cas.authn.ldap[0].bindCredential: xxxx
cas.authn.ldap[0].dnFormat: cn=%s,dc=campus,dc=bridgew,dc=edu
and now the page loads, but I still can't log in
When I netstat -anop | grep java
[root@cas3-dev bin]# netstat -anop |grep java
tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN
1795/java off (0.00/0/0)
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN
1795/java off (0.00/0/0)
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48450 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48452 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48446 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48448 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48456 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
tcp 0 0 10.20.32.131:48454 10.20.16.65:636
ESTABLISHED 1795/java off (0.00/0/0)
unix 3 [ ] STREAM CONNECTED 31497 1795/java
unix 2 [ ] STREAM CONNECTED 31408 1795/java
unix 3 [ ] STREAM CONNECTED 31498 1795/java
unix 3 [ ] STREAM CONNECTED 30719 1795/java
unix 3 [ ] STREAM CONNECTED 30720 1795/java
unix 2 [ ] STREAM CONNECTED 31781 1795/java
so things seem to be bound correctly
Here is my catalina.out grepping for jennifer.lavoie (username)
2018-05-15 13:27:45,866 DEBUG
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
- <Examining credential [jennifer.lavoie] eligibility for authentication
handler [Active Directory]>
2018-05-15 13:27:45,867 DEBUG
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
- <Credential [jennifer.lavoie] eligibility is [Active Directory] for
authentication handler [true]>
2018-05-15 13:27:45,868 DEBUG
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
- <Attempting to encode credential password via
[org.springframework.security.crypto.password.NoOpPasswordEncoder] for
[jennifer.lavoie]>
2018-05-15 13:27:45,868 DEBUG
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
- <Attempting authentication internally for transformed credential
[jennifer.lavoie]>
2018-05-15 13:27:45,869 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting
LDAP authentication for [jennifer.lavoie]. Authenticator pre-configured
attributes are [null], additional requested attributes for this
authentication request are [[]]>
2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.FormatDnResolver] -
<Formatting DN for jennifer.lavoie with cn=%s,dc=campus,dc=bridgew,dc=edu>
2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu with
request=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie,
context=null], returnAttributes=[], controls=null]>
2018-05-15 13:27:45,869 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
criteria=[org.ldaptive.auth.AuthenticationCriteria@157874454::dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie,
context=null], returnAttributes=[], controls=null]]>
2018-05-15 13:27:45,873 DEBUG [org.ldaptive.BindOperation] - <execute
request=[org.ldaptive.BindRequest@632797964::bindDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
saslConfig=null,
controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticality=false,
timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]],
referralHandler=null, intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
connectTimeout=PT5S, responseTimeout=PT5S,
sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null,
trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=true, useStartTLS=false,
connectionInitializer=null,
connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
count=1],
environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory,
com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000},
classLoader=null,
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null,
hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3]>
2018-05-15 13:27:45,874 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@728104502::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
connectTimeout=PT5S, responseTimeout=PT5S,
sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null,
trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=true, useStartTLS=false,
connectionInitializer=null,
connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
count=1],
environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory,
com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000},
classLoader=null,
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null,
hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3],
result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null] for
criteria=[org.ldaptive.auth.AuthenticationCriteria@157874454::dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie,
context=null], returnAttributes=[], controls=null]]>
2018-05-15 13:27:45,874 INFO [org.ldaptive.auth.Authenticator] -
<Authentication failed for dn:
cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu>
2018-05-15 13:27:45,874 DEBUG [org.ldaptive.auth.Authenticator] -
<authenticate
response=[org.ldaptive.auth.AuthenticationHandlerResponse@728104502::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
connectTimeout=PT5S, responseTimeout=PT5S,
sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null,
trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=true, useStartTLS=false,
connectionInitializer=null,
connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636,
count=1],
environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory,
com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000},
classLoader=null,
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null,
hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3],
result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null] for
dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu with
request=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie,
context=null], returnAttributes=[], controls=null]>
2018-05-15 13:27:45,874 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response:
[[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]],
accountState=null, result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null]]>
2018-05-15 13:27:45,875 DEBUG
[org.apereo.cas.authentication.support.DefaultLdapPasswordPolicyHandlingStrategy]
- <Applying password policy
[[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]],
accountState=null, result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null]] to
[org.apereo.cas.authentication.support.DefaultAccountStateHandler@42608b36]>
2018-05-15 13:27:45,876 DEBUG
[org.apereo.cas.authentication.support.DefaultAccountStateHandler] -
<Attempting to handle LDAP account state for
[[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu,
ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]],
accountState=null, result=false, resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error,
data 52e, v2580], controls=null]]>
2018-05-15 13:27:45,877 ERROR
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authentication has failed. Credentials may be incorrect or CAS cannot find
authentication handler that supports [jennifer.lavoie] of type
[UsernamePasswordCredential]. Examine the configuration to ensure a method
of authentication is defined and analyze CAS logs at DEBUG level to trace
the authentication event.>
WHO: jennifer.lavoie
WHAT: Supplied credentials: [jennifer.lavoie]
[root@cas3-dev bin]#
On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote:
>
> Looks like the CAS webapp isn't starting. catalina.out should tell you
> what happened?
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu <javascript:>
>
> [image: The New School]
>
> On Tue, May 15, 2018 at 11:35 AM, Jennifer LaVoie <nixge...@gmail.com
> <javascript:>> wrote:
>
>> I updated my pom.xml last week to install LDAP, but I didn't redeploy the
>> war file...so I did that today, but now I can't reach
>> https://cas3.xxx.xxx/cas/login
>>
>> I can still see my self signed cert though, so I didn't wipe out my
>> server.xml file...
>>
>> If i go to here
>>
>> https://cas3.xxx.xxx:8443/ I do see the default apache page is loading.
>>
>>
>> HTTP Status 404 – Not Found
>> ------------------------------
>>
>> *Type* Status Report
>>
>> *Message* /cas/login
>>
>> *Description* The origin server did not find a current representation
>> for the target resource or is not willing to disclose that one exists.
>> ------------------------------
>> Apache Tomcat/9.0.7
>>
>> What did I break LOL
>>
>> Thank gods, I made a snapshot
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a32cb4a3-5382-4f5e-a933-de38268b3d12%40apereo.org.
