Hello all, I'm running into problems authenticating with Active Directory in CAS 4.0. What I've done so far: 1) set up the CAS server using this documentation: http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html#active_directory_authentication 2) Installed secure certificates in Tomcat for both SSL (on 8443) and the AD certificate 3) Installed the certs in the default Java Keystore as well - when things didn't work with only Tomcat certs 4) Updated my cas.properties file with the appropriate credentials and attributes.
*The Problem:* CAS loads, but returns with "Invalid Credentials" for every attempt to log in (even though I can query the AD from the command line): *cas.log* file only shows: 2015-06-23 08:45:14,945 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /cas/ 2015-06-23 08:45:14,945 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /cas/ 2015-06-23 08:45:23,607 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: supplied credentials: [michaelseiler+password] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Tue Jun 23 08:45:23 PDT 2015 CLIENT IP ADDRESS: 192.168.72.69 SERVER IP ADDRESS: 192.168.72.160 ============================================================= *catalina.out* only shows the following: 2015-06-23 08:45:23,625 DEBUG [org.springframework.webflow.execution.repository.impl.DefaultFlowExecutionRepository] - <Putting flow execution '[FlowExecutionImpl@7a9e803c flow = 'login', flowSessions = list[[FlowSessionImpl@5a8d59f8 flow = 'login', state = 'viewLoginForm', scope = map['service' -> [null], 'warnCookieValue' -> false, 'credential' -> michaelseiler+password, 'ticketGrantingTicketId' -> [null], 'viewScope' -> map['commandName' -> 'credential'], 'loginTicket' -> 'LT-2-cVte4SctmZucdLkHSNzw0e3mbTgtpi-logintest.fuller.edu']]]]' into repository> *Debugging/Troubleshooting:* 1) The credentials I am using are correct, as I log in with those credentials currently. 2) From the command line with an *ldapsearch* I am able to retrieve the data concerning my account using the same credentials for Admin + Password that I set in the *cas.properties* file. It seems I'm missing something that is keeping my CAS install from actually talking to the AD server. I'm at a point where I'm going circular in my Google searches, so any help or pointers to additional resources would be appreciated. Thanks, Mike -- *Michael Seiler* -------------------------------------------------- Systems Integration Engineer Fuller Theological Seminary Phone: (970) 306-6105 michaelsei...@fuller.edu *Please NOTE:* I respond to email at 8 AM, 1PM, and at 4:30PM. If you need more immediate help, please contact TSS (626.584.5675) and they can route the issue to the appropriate person. If this is a business process life or death emergency, you may call me at the above number. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user