Thanks Dave...I had to format my ldap stuff in the cas.properties differently
It now looks like this cas.authn.ldap[0].order: 0 cas.authn.ldap[0].name: Active Directory cas.authn.ldap[0].type: AD cas.authn.ldap[0].ldapUrl: ldaps://xxx.campus.bridgew.edu:636 cas.authn.ldap[0].validatePeriod: 270 cas.authn.ldap[0].poolPassivator: NONE cas.authn.ldap[0].userFilter: sAMAccountName={user} cas.authn.ldap[0].baseDn: dc=campus,dc=bridgew,dc=edu #cas.authn.ldap[0].bindDn: cn=cas5,ou=Users,dc=campus,dc=bridgew,dc=edu #cas.authn.ldap[0].bindCredential: xxxx cas.authn.ldap[0].dnFormat: cn=%s,dc=campus,dc=bridgew,dc=edu and now the page loads, but I still can't log in When I netstat -anop | grep java [root@cas3-dev bin]# netstat -anop |grep java tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 1795/java off (0.00/0/0) tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 1795/java off (0.00/0/0) tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 1795/java off (0.00/0/0) tcp 0 0 10.20.32.131:48450 10.20.16.65:636 ESTABLISHED 1795/java off (0.00/0/0) tcp 0 0 10.20.32.131:48452 10.20.16.65:636 ESTABLISHED 1795/java off (0.00/0/0) tcp 0 0 10.20.32.131:48446 10.20.16.65:636 ESTABLISHED 1795/java off (0.00/0/0) tcp 0 0 10.20.32.131:48448 10.20.16.65:636 ESTABLISHED 1795/java off (0.00/0/0) tcp 0 0 10.20.32.131:48456 10.20.16.65:636 ESTABLISHED 1795/java off (0.00/0/0) tcp 0 0 10.20.32.131:48454 10.20.16.65:636 ESTABLISHED 1795/java off (0.00/0/0) unix 3 [ ] STREAM CONNECTED 31497 1795/java unix 2 [ ] STREAM CONNECTED 31408 1795/java unix 3 [ ] STREAM CONNECTED 31498 1795/java unix 3 [ ] STREAM CONNECTED 30719 1795/java unix 3 [ ] STREAM CONNECTED 30720 1795/java unix 2 [ ] STREAM CONNECTED 31781 1795/java so things seem to be bound correctly Here is my catalina.out grepping for jennifer.lavoie (username) 2018-05-15 13:27:45,866 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Examining credential [jennifer.lavoie] eligibility for authentication handler [Active Directory]> 2018-05-15 13:27:45,867 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Credential [jennifer.lavoie] eligibility is [Active Directory] for authentication handler [true]> 2018-05-15 13:27:45,868 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Attempting to encode credential password via [org.springframework.security.crypto.password.NoOpPasswordEncoder] for [jennifer.lavoie]> 2018-05-15 13:27:45,868 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Attempting authentication internally for transformed credential [jennifer.lavoie]> 2018-05-15 13:27:45,869 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP authentication for [jennifer.lavoie]. Authenticator pre-configured attributes are [null], additional requested attributes for this authentication request are [[]]> 2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.FormatDnResolver] - <Formatting DN for jennifer.lavoie with cn=%s,dc=campus,dc=bridgew,dc=edu> 2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu with request=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie, context=null], returnAttributes=[], controls=null]> 2018-05-15 13:27:45,869 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate criteria=[org.ldaptive.auth.AuthenticationCriteria@157874454::dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie, context=null], returnAttributes=[], controls=null]]> 2018-05-15 13:27:45,873 DEBUG [org.ldaptive.BindOperation] - <execute request=[org.ldaptive.BindRequest@632797964::bindDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, saslConfig=null, controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticality=false, timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]], referralHandler=null, intermediateResponseHandlers=null] with connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636, connectTimeout=PT5S, responseTimeout=PT5S, sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null, trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=true, useStartTLS=false, connectionInitializer=null, connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636, count=1], environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory, com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000}, classLoader=null, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3]> 2018-05-15 13:27:45,874 DEBUG [org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@728104502::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636, connectTimeout=PT5S, responseTimeout=PT5S, sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null, trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=true, useStartTLS=false, connectionInitializer=null, connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636, count=1], environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory, com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000}, classLoader=null, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3], result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580], controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@157874454::dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie, context=null], returnAttributes=[], controls=null]]> 2018-05-15 13:27:45,874 INFO [org.ldaptive.auth.Authenticator] - <Authentication failed for dn: cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu> 2018-05-15 13:27:45,874 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate response=[org.ldaptive.auth.AuthenticationHandlerResponse@728104502::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@588723547::config=[org.ldaptive.ConnectionConfig@1903426706::ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636, connectTimeout=PT5S, responseTimeout=PT5S, sslConfig=[org.ldaptive.ssl.SslConfig@744860926::credentialConfig=null, trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=true, useStartTLS=false, connectionInitializer=null, connectionStrategy=org.ldaptive.DefaultConnectionStrategy@dd9392c], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@601538727::metadata=[ldapUrl=ldaps://boydendc-prd.campus.bridgew.edu:636, count=1], environment={java.naming.ldap.factory.socket=org.ldaptive.ssl.ThreadLocalTLSSocketFactory, com.sun.jndi.ldap.connect.timeout=5000, java.naming.ldap.version=3, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.protocol=ssl, com.sun.jndi.ldap.read.timeout=5000}, classLoader=null, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@947873970::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, controlProcessor=org.ldaptive.provider.ControlProcessor@3dd40ce0, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, hostnameVerifier=null]], providerConnection=org.ldaptive.provider.jndi.JndiConnection@c44eb3], result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580], controls=null] for dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu with request=[org.ldaptive.auth.AuthenticationRequest@1995766693::user=[org.ldaptive.auth.User@720667905::identifier=jennifer.lavoie, context=null], returnAttributes=[], controls=null]> 2018-05-15 13:27:45,874 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <LDAP response: [[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]], accountState=null, result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580], controls=null]]> 2018-05-15 13:27:45,875 DEBUG [org.apereo.cas.authentication.support.DefaultLdapPasswordPolicyHandlingStrategy] - <Applying password policy [[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]], accountState=null, result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580], controls=null]] to [org.apereo.cas.authentication.support.DefaultAccountStateHandler@42608b36]> 2018-05-15 13:27:45,876 DEBUG [org.apereo.cas.authentication.support.DefaultAccountStateHandler] - <Attempting to handle LDAP account state for [[org.ldaptive.auth.AuthenticationResponse@1798662416::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, resolvedDn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu, ldapEntry=[dn=cn=jennifer.lavoie,dc=campus,dc=bridgew,dc=edu[]], accountState=null, result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580], controls=null]]> 2018-05-15 13:27:45,877 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [jennifer.lavoie] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.> WHO: jennifer.lavoie WHAT: Supplied credentials: [jennifer.lavoie] [root@cas3-dev bin]# On Tuesday, May 15, 2018 at 11:38:05 AM UTC-4, David Curry wrote: > > Looks like the CAS webapp isn't starting. catalina.out should tell you > what happened? > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • david.cu...@newschool.edu <javascript:> > > [image: The New School] > > On Tue, May 15, 2018 at 11:35 AM, Jennifer LaVoie <nixge...@gmail.com > <javascript:>> wrote: > >> I updated my pom.xml last week to install LDAP, but I didn't redeploy the >> war file...so I did that today, but now I can't reach >> https://cas3.xxx.xxx/cas/login >> >> I can still see my self signed cert though, so I didn't wipe out my >> server.xml file... >> >> If i go to here >> >> https://cas3.xxx.xxx:8443/ I do see the default apache page is loading. >> >> >> HTTP Status 404 – Not Found >> ------------------------------ >> >> *Type* Status Report >> >> *Message* /cas/login >> >> *Description* The origin server did not find a current representation >> for the target resource or is not willing to disclose that one exists. >> ------------------------------ >> Apache Tomcat/9.0.7 >> >> What did I break LOL >> >> Thank gods, I made a snapshot >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+u...@apereo.org <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a583b953-6589-40a2-a967-919c9dfca886%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a32cb4a3-5382-4f5e-a933-de38268b3d12%40apereo.org.