Hi Misagh,
Thanks for the reply.
In terms of configuring password policy I have only followed the LDAP lppe
section. I have only enabled "PasswordPolicyAuthenticationResponseHandler" I
know IBM DS supports those controls and I have confirmed this control is
available via my LDAP: 1.3.6.1.4.1.42.2.27.8.5.1
Is there something else I should be looking at to confirm this on the LDAP
side? On the LDAP side there are no errors and this configuration worked fine
with CAS 4.0.4 though.
<property name="authenticationResponseHandlers">
<util:list>
<bean
class="org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler" />
</util:list>
</property>
I have attached the full logs (clean out identity info) and the entire
deployerconfigcontext.xml. I haven't made any changes to the
lppe-configuration.xml.
Log snippet:
2015-09-24 16:42:23,424 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<resolved dn=<<USER_DN>> for <<USER>>>
2015-09-24 16:42:23,424 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate
dn=<<USER_DN>> with
request=[org.ldaptive.auth.AuthenticationRequest@175166021::<<USER>>,
retAttrs=[uid, mail, displayName, ibm-allgroups]]>
2015-09-24 16:42:23,425 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
criteria=[org.ldaptive.auth.AuthenticationCriteria@2128062242::dn=<<USER_DN>>,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@175166021::<<USER>>,
retAttrs=[uid, mail, displayName, ibm-allgroups]]]>
2015-09-24 16:42:23,425 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<waiting on pool lock for check out 0>
2015-09-24 16:42:23,425 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<retrieve available connection from pool of size 3>
2015-09-24 16:42:23,425 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<waiting on pool lock for retrieve available 0>
2015-09-24 16:42:23,425 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<retrieved available connection:
org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@29a4faef>
2015-09-24 16:42:23,425 TRACE [org.ldaptive.pool.BlockingConnectionPool] - <no
activator configured>
2015-09-24 16:42:23,427 DEBUG [org.ldaptive.BindOperation] - <execute
request=[org.ldaptive.BindRequest@1923049081::bindDn=<<USER_DN>>,
saslConfig=null,
controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticality=false,
timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]]] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@698621160::config=[org.ldaptive.ConnectionConfig@72285845::ldapUrl=ldap://<<LDAP_SERVER>>,
connectTimeout=5000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1338240604::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1493022739::trustCertificates=${ldap.trustedCert},
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@551317208::metadata=[ldapUrl=ldap://<<LDAP_SERVER>>,
count=1], environment={com.sun.jndi.ldap.connect.timeout=5000,
java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@415524842::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4c4fb0f5,
controlProcessor=org.ldaptive.provider.ControlProcessor@74d8ab53,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@45070d5]>
2015-09-24 16:42:23,427 TRACE [org.ldaptive.provider.ControlProcessor] -
<processing request controls: [Lorg.ldaptive.control.RequestControl;@4fe93f85>
2015-09-24 16:42:23,427 TRACE [org.ldaptive.provider.ControlProcessor] -
<produced provider request controls: [javax.naming.ldap.BasicControl@2ffdb2ea]>
2015-09-24 16:42:23,432 TRACE [org.ldaptive.pool.BlockingConnectionPool] - <no
passivator configured>
2015-09-24 16:42:23,432 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<waiting on pool lock for check in 0>
2015-09-24 16:42:23,432 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<returned active connection:
org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@29a4faef>
2015-09-24 16:42:23,433 DEBUG
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [UsernamePasswordCredential] for audit>
I am not certain what I am missing here. It looks like lppe might be expecting
something which it is not getting but I can't figure out what.
-Abhijit
From: Misagh Moayyed [mailto:mmoay...@unicon.net]
Sent: Thursday, September 24, 2015 3:07 PM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] CAS 4.1 LDAP Authentication failed with lppe
Assuming you have configured the passwordPolicy configuration of LPPE, your
logs suggest that you are not actually and fully authenticating. There should
be a full LDAP response in the logs retrieved by CAS. This is likely an issue
with your PasswordPolicyControl setting that may not work well with IBM DS. Set
your Ldaptive log level to TRACE and that should tell you what's happening. Are
you sure your IBM DS is set up for password policy correctly?
P.S: Side issue and for the archives, SAML functionality has nothing to do with
CAS. All you should have to do is to enable component scanning per the docs to
get attributes working.
From: Abhijit Gaikwad [mailto:agaik...@fit.edu]
Sent: Thursday, September 24, 2015 11:42 AM
To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Subject: [cas-user] CAS 4.1 LDAP Authentication failed with lppe
Hello,
I am trying to get LDAP to work with LPPE but am having some issues. This was
working fine with cas 4.0.4. If I enable just LDAP authentication it works
fine, but If I follow the documentation to enable lppe, authentication in CAS
stops working. If I type in a valid username I don't get any response back from
the CAS server, the login page just reloads. If I enter an invalid username I
get an Invalid credentials message. Running this against IBM DS.
I followed the LDAP documentation from:
http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html
1. deployerConfigContext.xml:
AuthenticationManager:
<constructor-arg>
<map>
<entry key-ref="proxyAuthenticationHandler"
value-ref="proxyPrincipalResolver" />
<entry key-ref="ldapAuthenticationHandler" value="#{null}" />
<!-- <entry
key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver"
/>-->
</map>
</constructor-arg>
2. deployerConfigContext.xml - Copied the entire LDAP authenticated search
section.
3. Added pom.xml (Started with the Sample overlay from
https://github.com/UniconLabs/simple-cas4-overlay-template)
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
4. Added ldap.properties and appropriate entry in propertyFileConfigurer.xml
(This was all working fine in 4.0.4)
Without the lppe additions this all works.
5. deployerConfigContext.xml - Added the lppe section changes - (Authentication
stops)
On the LDAP side I can see a successful Bind operation. However CAS just
reloads the login page. Get an ACTION: AUTHENTICATION_FAILED in the logs. It
does not matter if I use LDAP or LDAPS, I get the same results. On another
thread it was suggested that adding SAML support might help, tried it but no
change for me.[ Re: [cas-user] LDAP authentication succeeded but CAS says it's
not]
Any help will be greatly appreciated.
LDAP logs:
AuditV3--2015-09-24-10:56:15.122-4:00DST--V3 Bind--bindDN: <<USER_DN>>--client:
XXX:65349--connectionID: 174417--received:
2015-09-24-10:56:15.118-4:00DST--Success
controlType: 1.3.6.1.4.1.42.2.27.8.5.1
criticality: false
name: <<USER_DN>>
authenticationChoice: simple
with SSL:
AuditV3--2015-09-24-14:08:43.326-4:00DST--V3 SSL Bind--bindDN:
<<USER_DN>>--client: XXX:49485--connectionID: 177883--received:
2015-09-24-14:08:43.307-4:00DST--Success
controlType: 1.3.6.1.4.1.42.2.27.8.5.1
criticality: false
controlType: 1.3.18.0.2.10.19
criticality: false
name: <<USER_DN>>
authenticationChoice: simple
Logs:
2015-09-24 13:55:41,739 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP
authentication for <<USER>>+password>
2015-09-24 13:55:41,739 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<resolve user=<<USER>>>
2015-09-24 13:55:41,739 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<searching for DN using userFilter>
2015-09-24 13:55:41,740 DEBUG [org.ldaptive.SearchOperation] - <execute
request=[org.ldaptive.SearchRequest@2082829999::baseDn=<<BASE_DN>>,
searchFilter=[org.ldaptive.SearchFilter@-1184605399::filter=(&(uid={user})(objectclass=<<USER_CLASS>>)),
parameters={user=<<USER>>}], returnAttributes=[1.1], searchScope=SUBTREE,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@350849609::config=[org.ldaptive.ConnectionConfig@1514762349::ldapUrl=ldap://<<SERVER>>,
connectTimeout=5000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@40180104::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@537913944::trustCertificates=file:D:\<<PATH-TO-CERT>>\cert.cer,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@868634493::bindDn=<<ADMIN_USER_DN>>,
bindSaslConfig=null, bindControls=null]],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@1990995933::metadata=[ldapUrl=ldap://<<SERVER>>,
count=1], environment={com.sun.jndi.ldap.connect.timeout=5000,
java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@843269638::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@40f30d43<mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@40f30d43>,
controlProcessor=org.ldaptive.provider.ControlProcessor@26f3c0c<mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@26f3c0c>,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@41c576b2<mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@41c576b2>]>
2015-09-24 13:55:41,742 DEBUG [org.ldaptive.SearchOperation] - <execute
response=[org.ldaptive.Response@1013188448::result=[org.ldaptive.SearchResult@-287860215::entries=[[dn=<<FULL_USER_DN>>[],
responseControls=null, messageId=-1]], references=[]], resultCode=SUCCESS,
message=null, matchedDn=null, responseControls=null, referralURLs=null,
messageId=-1] for
request=[org.ldaptive.SearchRequest@2082829999::baseDn=<<BASE_DN>>,
searchFilter=[org.ldaptive.SearchFilter@-1184605399::filter=(&(uid={user})(objectclass=<<USER_CLASS>>)),
parameters={user=<<USER>>}], returnAttributes=[1.1], searchScope=SUBTREE,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@350849609::config=[org.ldaptive.ConnectionConfig@1514762349::ldapUrl=ldap://<<SERVER>>,
connectTimeout=5000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@40180104::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@537913944::trustCertificates=file:D:\<<PATH-TO-CERT>>\cert.cer,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@868634493::bindDn=<<ADMIN_USER_DN>>,
bindSaslConfig=null, bindControls=null]],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@1990995933::metadata=[ldapUrl=ldap://<<SERVER>>,
count=1], environment={com.sun.jndi.ldap.connect.timeout=5000,
java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@843269638::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@40f30d43<mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@40f30d43>,
controlProcessor=org.ldaptive.provider.ControlProcessor@26f3c0c<mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@26f3c0c>,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@41c576b2<mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@41c576b2>]>
2015-09-24 13:55:41,742 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<resolved dn=<<FULL_USER_DN>> for user=<<USER>>>
2015-09-24 13:55:41,742 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate
dn=<<FULL_USER_DN>> with
request=[org.ldaptive.auth.AuthenticationRequest@2036768392::user=<<USER>>,
retAttrs=[uid, mail, displayName, ibm-allgroups]]>
2015-09-24 13:55:41,742 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
criteria=[org.ldaptive.auth.AuthenticationCriteria@743412056::dn=<<FULL_USER_DN>>,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@2036768392::user=<<USER>>,
retAttrs=[uid, mail, displayName, ibm-allgroups]]]>
2015-09-24 13:55:41,743 DEBUG [org.ldaptive.BindOperation] - <execute
request=[org.ldaptive.BindRequest@1221944942::bindDn=<<FULL_USER_DN>>,
saslConfig=null,
controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticality=false,
timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]]] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@375183601::config=[org.ldaptive.ConnectionConfig@1368069874::ldapUrl=ldap://<<SERVER>>,
connectTimeout=5000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@40180104::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@537913944::trustCertificates=file:D:\<<PATH-TO-CERT>>\cert.cer,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@49660921::metadata=[ldapUrl=ldap://<<SERVER>>,
count=1], environment={com.sun.jndi.ldap.connect.timeout=5000,
java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@151291549::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@40f30d43<mailto:connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@40f30d43>,
controlProcessor=org.ldaptive.provider.ControlProcessor@2e98becd<mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@2e98becd>,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@3d8099f1<mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@3d8099f1>]>
2015-09-24 13:55:41,749 DEBUG
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [UsernamePasswordCredential] for audit>
2015-09-24 13:55:41,750 DEBUG
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [UsernamePasswordCredential] for audit>
2015-09-24 13:55:41,750 DEBUG
[org.jasig.cas.web.flow.GenerateLoginTicketAction] - <Generated login ticket
LT-3-AbN2D2L0eIHxIvdOJeEYGPpuHSBeaN-cas4.<<DOMAIN>>>
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
mmoay...@unicon.net<mailto:mmoay...@unicon.net>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
agaik...@fit.edu<mailto:agaik...@fit.edu>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-userCLIENT IP ADDRESS: XXX
SERVER IP ADDRESS: XXX
=============================================================
>
2015-09-24 16:41:25,298 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered
services.>
2015-09-24 16:41:25,298 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.>
2015-09-24 16:42:01,573 DEBUG
[org.jasig.cas.support.saml.authentication.principal.SamlService] - <Request
does not specify a TARGET or request body is empty>
2015-09-24 16:42:01,573 DEBUG
[org.jasig.cas.support.saml.web.support.SamlArgumentExtractor] - <Extractor did
not generate service.>
2015-09-24 16:42:01,573 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- <Extractor did not generate service.>
2015-09-24 16:42:17,995 DEBUG
[org.jasig.cas.support.saml.authentication.principal.SamlService] - <Request
does not specify a TARGET or request body is empty>
2015-09-24 16:42:17,995 DEBUG
[org.jasig.cas.support.saml.web.support.SamlArgumentExtractor] - <Extractor did
not generate service.>
2015-09-24 16:42:17,996 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- <Extractor did not generate service.>
2015-09-24 16:42:23,416 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP
authentication for <<USER>>+password>
2015-09-24 16:42:23,417 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<resolve user=<<USER>>>
2015-09-24 16:42:23,417 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<searching for DN using userFilter>
2015-09-24 16:42:23,417 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<waiting on pool lock for check out 0>
2015-09-24 16:42:23,417 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<retrieve available connection from pool of size 3>
2015-09-24 16:42:23,417 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<waiting on pool lock for retrieve available 0>
2015-09-24 16:42:23,417 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<retrieved available connection:
org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@6fda1222>
2015-09-24 16:42:23,418 TRACE [org.ldaptive.pool.BlockingConnectionPool] - <no
activator configured>
2015-09-24 16:42:23,418 DEBUG [org.ldaptive.SearchOperation] - <execute
request=[org.ldaptive.SearchRequest@570310374::baseDn=<<BASE_DN>>,
searchFilter=[org.ldaptive.SearchFilter@-1184605399::filter=(&(uid={user})(objectclass=<<USER>>)),
parameters={<<USER>>}], returnAttributes=[1.1], searchScope=SUBTREE,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1876505627::config=[org.ldaptive.ConnectionConfig@1528115521::ldapUrl=ldap://<<LDAP_SERVER>>,
connectTimeout=5000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1338240604::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1493022739::trustCertificates=${ldap.trustedCert},
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@1295644010::bindDn=<<MANAGER_USER>>,
bindSaslConfig=null, bindControls=null]],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@11855156::metadata=[ldapUrl=ldap://<<LDAP_SERVER>>,
count=1], environment={com.sun.jndi.ldap.connect.timeout=5000,
java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@115858305::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4c4fb0f5,
controlProcessor=org.ldaptive.provider.ControlProcessor@5760ca09,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@47c17efc]>
2015-09-24 16:42:23,422 TRACE [org.ldaptive.provider.jndi.JndiConnection] -
<reading search result: <<PARTIAL_DN>>: null:null:No attributes>
2015-09-24 16:42:23,422 TRACE [org.ldaptive.provider.jndi.JndiConnection] -
<formatting relative dn '<<PARTIAL_DN>>' with baseDn '<<BASE_DN>>'>
2015-09-24 16:42:23,422 TRACE [org.ldaptive.provider.jndi.JndiConnection] -
<formatted dn '<<PARTIAL_DN>>' as '<<USER_DN>>'>
2015-09-24 16:42:23,422 TRACE [org.ldaptive.SearchOperation] - <Received search
item=[org.ldaptive.provider.SearchItem@181453467::searchEntry=[dn=<<USER_DN>>[],
responseControls=null, messageId=-1]]>
2015-09-24 16:42:23,423 DEBUG [org.ldaptive.SearchOperation] - <execute
response=[org.ldaptive.Response@1339182501::result=[org.ldaptive.SearchResult@-287860215::entries=[[dn=<<USER_DN>>[],
responseControls=null, messageId=-1]], references=[]], resultCode=SUCCESS,
message=null, matchedDn=null, responseControls=null, referralURLs=null,
messageId=-1] for
request=[org.ldaptive.SearchRequest@570310374::baseDn=<<BASE_DN>>,
searchFilter=[org.ldaptive.SearchFilter@-1184605399::filter=(&(uid={user})(objectclass=<<USER>>)),
parameters={<<USER>>}], returnAttributes=[1.1], searchScope=SUBTREE,
timeLimit=0, sizeLimit=0, derefAliases=null, typesOnly=false,
binaryAttributes=null, sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, followReferrals=false,
intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1876505627::config=[org.ldaptive.ConnectionConfig@1528115521::ldapUrl=ldap://<<LDAP_SERVER>>,
connectTimeout=5000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1338240604::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1493022739::trustCertificates=${ldap.trustedCert},
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=[org.ldaptive.BindConnectionInitializer@1295644010::bindDn=uid=cas,ou=managers,<<BASE_DN>>,
bindSaslConfig=null, bindControls=null]],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@11855156::metadata=[ldapUrl=ldap://<<LDAP_SERVER>>,
count=1], environment={com.sun.jndi.ldap.connect.timeout=5000,
java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@115858305::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4c4fb0f5,
controlProcessor=org.ldaptive.provider.ControlProcessor@5760ca09,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@47c17efc]>
2015-09-24 16:42:23,424 TRACE [org.ldaptive.pool.BlockingConnectionPool] - <no
passivator configured>
2015-09-24 16:42:23,424 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<waiting on pool lock for check in 0>
2015-09-24 16:42:23,424 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<returned active connection:
org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@6fda1222>
2015-09-24 16:42:23,424 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
<resolved dn=<<USER_DN>> for <<USER>>>
2015-09-24 16:42:23,424 DEBUG [org.ldaptive.auth.Authenticator] - <authenticate
dn=<<USER_DN>> with
request=[org.ldaptive.auth.AuthenticationRequest@175166021::<<USER>>,
retAttrs=[uid, mail, displayName, ibm-allgroups]]>
2015-09-24 16:42:23,425 DEBUG
[org.ldaptive.auth.PooledBindAuthenticationHandler] - <authenticate
criteria=[org.ldaptive.auth.AuthenticationCriteria@2128062242::dn=<<USER_DN>>,
authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@175166021::<<USER>>,
retAttrs=[uid, mail, displayName, ibm-allgroups]]]>
2015-09-24 16:42:23,425 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<waiting on pool lock for check out 0>
2015-09-24 16:42:23,425 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<retrieve available connection from pool of size 3>
2015-09-24 16:42:23,425 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<waiting on pool lock for retrieve available 0>
2015-09-24 16:42:23,425 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<retrieved available connection:
org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@29a4faef>
2015-09-24 16:42:23,425 TRACE [org.ldaptive.pool.BlockingConnectionPool] - <no
activator configured>
2015-09-24 16:42:23,427 DEBUG [org.ldaptive.BindOperation] - <execute
request=[org.ldaptive.BindRequest@1923049081::bindDn=<<USER_DN>>,
saslConfig=null,
controls=[[org.ldaptive.control.PasswordPolicyControl@-350057371::criticality=false,
timeBeforeExpiration=0, graceAuthNsRemaining=0, error=null]]] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@698621160::config=[org.ldaptive.ConnectionConfig@72285845::ldapUrl=ldap://<<LDAP_SERVER>>,
connectTimeout=5000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@1338240604::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@1493022739::trustCertificates=${ldap.trustedCert},
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@551317208::metadata=[ldapUrl=ldap://<<LDAP_SERVER>>,
count=1], environment={com.sun.jndi.ldap.connect.timeout=5000,
java.naming.ldap.version=3,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@415524842::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={},
connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4c4fb0f5,
controlProcessor=org.ldaptive.provider.ControlProcessor@74d8ab53,
environment=null, tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@45070d5]>
2015-09-24 16:42:23,427 TRACE [org.ldaptive.provider.ControlProcessor] -
<processing request controls: [Lorg.ldaptive.control.RequestControl;@4fe93f85>
2015-09-24 16:42:23,427 TRACE [org.ldaptive.provider.ControlProcessor] -
<produced provider request controls: [javax.naming.ldap.BasicControl@2ffdb2ea]>
2015-09-24 16:42:23,432 TRACE [org.ldaptive.pool.BlockingConnectionPool] - <no
passivator configured>
2015-09-24 16:42:23,432 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<waiting on pool lock for check in 0>
2015-09-24 16:42:23,432 TRACE [org.ldaptive.pool.BlockingConnectionPool] -
<returned active connection:
org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@29a4faef>
2015-09-24 16:42:23,433 DEBUG
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [UsernamePasswordCredential] for audit>
2015-09-24 16:42:23,434 INFO
[org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail
record BEGIN
=============================================================
WHO: <<USER>>+password
WHAT: supplied credentials: [<<USER>>+password]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Sep 24 16:42:23 EDT 2015
CLIENT IP ADDRESS: XXX
SERVER IP ADDRESS: XXX
=============================================================
>
2015-09-24 16:42:23,434 INFO
[org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail
record BEGIN
=============================================================
WHO: <<USER>>+password
WHAT: supplied credentials: [<<USER>>+password]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Sep 24 16:42:23 EDT 2015
CLIENT IP ADDRESS: XXX
SERVER IP ADDRESS: XXX
=============================================================
>
2015-09-24 16:42:23,434 DEBUG
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [UsernamePasswordCredential] for audit>
2015-09-24 16:42:23,435 INFO
[org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail
record BEGIN
=============================================================
WHO: <<USER>>+password
WHAT: java.lang.String
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Thu Sep 24 16:42:23 EDT 2015
CLIENT IP ADDRESS: XXX
SERVER IP ADDRESS: XXX
=============================================================
>
2015-09-24 16:42:23,435 INFO
[org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail
record BEGIN
=============================================================
WHO: <<USER>>+password
WHAT: java.lang.String
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Thu Sep 24 16:42:23 EDT 2015
CLIENT IP ADDRESS: XXX
SERVER IP ADDRESS: XXX
=============================================================
>
