Re: [cas-user] Cas5 Ldap Authentication

[yashwanth chowdary]

Hi Manfredo Hopp,

How to send authorities to an application



On Thursday, March 8, 2018 at 11:09:54 AM UTC-6, Manfredo Hopp wrote:
>
> see 
>
>
> https://apereo.github.io/cas/development/installation/Configuring-Custom-Authentication.html
>
> 2018-03-08 11:32 GMT-03:00 yashwanth chowdary  >:
>
>> Dave I have written my .own classes handler,configuration(please refer to 
>>> the attached files).What i observe is My handler is getting registered 
>>> properly but when i give the credentials the method "
>>> authenticateUsernamePasswordInternal" is not getting called. properties 
>>> are same as above .
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8179af60-49fd-44fc-bcb4-6bd00adae092%40apereo.org
>>  
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/263e1b32-85e8-4bb2-9abd-81d2b569cafb%40apereo.org.

Re: [cas-user] Cas5 Ldap Authentication

[Ben Howell-Thomas]

Did you work it out?   But the documentation
suggests
it'll just pick it up and run it (which means I'm doing wrong by overriding
LdapAuthenticationConfiguration, creating much more work for myself on
upgrades).

On 9 March 2018 at 07:33, Alberto Cabello Sánchez  wrote:

> On Thu, 8 Mar 2018 06:32:52 -0800 (PST)
> yashwanth chowdary  wrote:
>
> > I have written my .own classes handler,configuration(please refer to
> > the attached files).What i observe is My handler is getting registered
> > properly but when i give the credentials the method
> > "authenticateUsernamePasswordInternal" is not getting called.
> > Properties are same as above.
>
> How does CAS know that cas.authn.ldap[0].* properties refer to your handler
> rather than a "regular" LDAP handler?
>
> --
> Alberto Cabello Sánchez
> Servicio de Informática
> Universidad de Extremadura
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/20180309083359.da0ed1d9e05b1a1b67a65ee4%
> 40unex.es.
>

-- 
This email is sent on behalf of Northgate Public Services (UK) Limited and 
its associated companies including Rave Technologies (India) Pvt Limited 
(together "Northgate Public Services") and is strictly confidential and 
intended solely for the addressee(s). 
If you are not the intended recipient of this email you must: (i) not 
disclose, copy or distribute its contents to any other person nor use its 
contents in any way or you may be acting unlawfully;  (ii) contact 
Northgate Public Services immediately on +44(0)1442 768445 quoting the name 
of the sender and the addressee then delete it from your system.
Northgate Public Services has taken reasonable precautions to ensure that 
no viruses are contained in this email, but does not accept any 
responsibility once this email has been transmitted.  You should scan 
attachments (if any) for viruses.

Northgate Public Services (UK) Limited, registered in England and Wales 
under number 00968498 with a registered address of Peoplebuilding 2, 
Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, Hertfordshire, HP2 
4NW.  Rave Technologies (India) Pvt Limited, registered in India under 
number 117068 with a registered address of 2nd Floor, Ballard House, Adi 
Marzban Marg, Ballard Estate, Mumbai, Maharashtra, India, 41.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD0p8pv0%3D_FhK6j2wW5p_-bG5LVuPJY%3D0YcOn7mqaUhTkr2c7w%40mail.gmail.com.

Re: [cas-user] Cas5 Ldap Authentication

[Alberto Cabello Sánchez]

On Thu, 8 Mar 2018 06:32:52 -0800 (PST)
yashwanth chowdary  wrote:

> I have written my .own classes handler,configuration(please refer to 
> the attached files).What i observe is My handler is getting registered 
> properly but when i give the credentials the method 
> "authenticateUsernamePasswordInternal" is not getting called.
> Properties are same as above.

How does CAS know that cas.authn.ldap[0].* properties refer to your handler
rather than a "regular" LDAP handler?

-- 
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180309083359.da0ed1d9e05b1a1b67a65ee4%40unex.es.

Re: [cas-user] Cas5 Ldap Authentication

[Man H]

see

https://apereo.github.io/cas/development/installation/Configuring-Custom-Authentication.html

2018-03-08 11:32 GMT-03:00 yashwanth chowdary <
ryashwanthkumarchowd...@gmail.com>:

> Dave I have written my .own classes handler,configuration(please refer to
>> the attached files).What i observe is My handler is getting registered
>> properly but when i give the credentials the method "
>> authenticateUsernamePasswordInternal" is not getting called. properties
>> are same as above .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/8179af60-49fd-44fc-bcb4-
> 6bd00adae092%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5miegFbhMHjKPDNviQ-kaXKM5xLPZLQ6jTiqzhhwXaD5JfA%40mail.gmail.com.

Re: [cas-user] Cas5 Ldap Authentication

[David Curry]

As I said, I have no experience at all with that stuff, sorry. I'm an old
'C' programmer who only writes Java under duress. :-)


David A. Curry,  CISSP
Director of Information Security
The New School - Information Technology
71 Fifth Ave., 9th Fl. ~ New York, NY 10003
+1 212 229-5300 x4728 ~ david.cu...@newschool.edu
Sent from my phone; please excuse typos and inane auto-corrections.


On Mar 8, 2018 09:32, "yashwanth chowdary" <
ryashwanthkumarchowd...@gmail.com> wrote:

> Dave I have written my .own classes handler,configuration(please refer to
>> the attached files).What i observe is My handler is getting registered
>> properly but when i give the credentials the method "
>> authenticateUsernamePasswordInternal" is not getting called. properties
>> are same as above .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/8179af60-49fd-44fc-bcb4-
> 6bd00adae092%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAM8kDsfY-pfeFPL7hY5jn0_Y9YT7H01-%2B3KYWzJ%3DSS%3DiA%40mail.gmail.com.

Re: [cas-user] Cas5 Ldap Authentication

[yashwanth chowdary]

>
> Dave I have written my .own classes handler,configuration(please refer to 
> the attached files).What i observe is My handler is getting registered 
> properly but when i give the credentials the method "
> authenticateUsernamePasswordInternal" is not getting called. properties 
> are same as above .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8179af60-49fd-44fc-bcb4-6bd00adae092%40apereo.org.
package org.apereo.cas.config;

import com.google.common.collect.Multimap;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.LdapAuthenticationHandler;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.support.DefaultLdapLdapAccountStateHandler;
import org.apereo.cas.authentication.support.DefaultLdapPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.support.GroovyLdapPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.support.LdapPasswordPolicyConfiguration;
import org.apereo.cas.authentication.support.LdapPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.support.OptionalWarningLdapLdapAccountStateHandler;
import org.apereo.cas.authentication.support.RejectResultCodeLdapPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.support.password.PasswordEncoderUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.LdapUtils;
import org.ldaptive.auth.AuthenticationResponseHandler;
import org.ldaptive.auth.Authenticator;
import org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler;
import org.ldaptive.auth.ext.EDirectoryAuthenticationResponseHandler;
import org.ldaptive.auth.ext.FreeIPAAuthenticationResponseHandler;
import org.ldaptive.auth.ext.PasswordExpirationAuthenticationResponseHandler;
import org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.core.io.Resource;

import java.time.Period;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Predicate;

/**
 * This is {@link LdapAuthenticationConfiguration} that attempts to create
 * relevant authentication handlers for LDAP.
 *
 * @author Misagh Moayyed
 * @author Dmitriy Kopylenko
 * @since 5.0.0
 */
@Configuration("lTldapAuthenticationConfiguration")
@EnableConfigurationProperties(CasConfigurationProperties.class)
@Slf4j
public class LTLdapAuthenticationConfiguration {


@Autowired
private CasConfigurationProperties casProperties;

@Autowired
@Qualifier("personDirectoryPrincipalResolver")
private PrincipalResolver personDirectoryPrincipalResolver;

@Autowired
@Qualifier("servicesManager")
private ServicesManager servicesManager;

@ConditionalOnMissingBean(name = "ldapPrincipalFactory")
@Bean
public PrincipalFactory ldapPrincipalFactory() {
return new DefaultPrincipalFactory();
}

@ConditionalOnMissingBean(name = "ldapAuthenticationHandlers")
@Bean
@RefreshScope
public Collection ldapAuthenticationHandlers() {
final Collection handlers = new HashSet<>();
System.out.println("");
System.out.println("In Collection Handlers");
System.out.println("==

Re: [cas-user] Cas5 Ldap Authentication

[David Curry]

Other than the CAS documentation, sorry, no. There are probably other
people on the list who can.

We are using out-of-the-box configured-with-plain-old-cas.properties
interfaces only, no custom code.

For what it's worth, the configuration we're running (we're putting it into
production later this month), with step-by-step instructions for
building/configuring it, is documented here:

https://dacurry-tns.github.io/deploying-apereo-cas/


I haven't gotten time to document the user interface branding and addition
of Google Apps SSO support yet, but hope to in the next few weeks.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, Mar 8, 2018 at 8:57 AM, yashwanth chowdary <
ryashwanthkumarchowd...@gmail.com> wrote:

> Dave can you give a ref for writing our own customization handlers and
> configuration classes for Ldap
>
> On Thursday, March 8, 2018 at 6:42:04 PM UTC+5:30, David Curry wrote:
>>
>> It looks right, but I have never used that particular property, so I'm
>> just guessing.
>>
>> In our environment we have to merge attributes from two different
>> directories, so I have the authentication and attribute resolution
>> configured separately and list the attributes out individually.
>>
>> Someone else can probably weigh in on whether that's correct, though. I'm
>> pretty sure others are using that property.
>>
>> --Dave
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> 
>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>
>> [image: The New School]
>>
>> On Thu, Mar 8, 2018 at 7:52 AM, yashwanth chowdary <
>> ryashwanthk...@gmail.com> wrote:
>>
>>> Hi David ,
>>>
>>> Is this the correct way to initialize my principalAttributeList?
>>>
>>> By the way , I am using 5.3.0RC2 version
>>>
>>> On Wednesday, March 7, 2018 at 6:23:27 PM UTC+5:30, David Curry wrote:

 You don't say what version you're using, but the userFilter property
 was renamed to searchFilter between 5.2 and 5.3 as part of the
 property documentation cleanup.

 (Documented here: https://apereo.github.io
 /2017/12/29/530rc1-release/#documentation-cleanup)

 --Dave




 --

 DAVID A. CURRY, CISSP
 *DIRECTOR OF INFORMATION SECURITY*
 INFORMATION TECHNOLOGY

 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
 
 +1 212 229-5300 x4728 • david.cu...@newschool.edu

 [image: The New School]

 On Wed, Mar 7, 2018 at 7:16 AM, yashwanth chowdary <
 ryashwanthk...@gmail.com> wrote:

> I was trying to connect ldap using below properties.Getting an errror
> that failed to bind  authn.ldap[0].userFilter .you can observe the error 
> in
> the attched file.
>
>
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].name=AD
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldaps://***.net
> cas.authn.ldap[0].useSsl=true
> cas.authn.ldap[0].connectTimeout=5000
> cas.authn.ldap[0].baseDn=DC=,DC=**
> cas.authn.ldap[0].userFilter=(sAMAccountName={user})
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].principalAttributeList=sn,givenName,memberOf,cn
> cas.authn.ldap[0].bindDn=CN=wls,CN=users,DC=***,DC=**
> cas.authn.ldap[0].bindCredential=*
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5f03
> 8471-77d5-4465-af36-a30fbad54426%40apereo.org
> 
> .
>

 --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ere

Re: [cas-user] Cas5 Ldap Authentication

[yashwanth chowdary]

Dave can you give a ref for writing our own customization handlers and 
configuration classes for Ldap

On Thursday, March 8, 2018 at 6:42:04 PM UTC+5:30, David Curry wrote:
>
> It looks right, but I have never used that particular property, so I'm 
> just guessing.
>
> In our environment we have to merge attributes from two different 
> directories, so I have the authentication and attribute resolution 
> configured separately and list the attributes out individually.
>
> Someone else can probably weigh in on whether that's correct, though. I'm 
> pretty sure others are using that property.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu 
>
> [image: The New School]
>
> On Thu, Mar 8, 2018 at 7:52 AM, yashwanth chowdary <
> ryashwanthk...@gmail.com > wrote:
>
>> Hi David ,
>>
>> Is this the correct way to initialize my principalAttributeList?
>>
>> By the way , I am using 5.3.0RC2 version
>>
>> On Wednesday, March 7, 2018 at 6:23:27 PM UTC+5:30, David Curry wrote:
>>>
>>> You don't say what version you're using, but the userFilter property 
>>> was renamed to searchFilter between 5.2 and 5.3 as part of the property 
>>> documentation cleanup.
>>>
>>> (Documented here: 
>>> https://apereo.github.io/2017/12/29/530rc1-release/#documentation-cleanup
>>> )
>>>
>>> --Dave
>>>
>>>
>>>
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR OF INFORMATION SECURITY*
>>> INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
>>> 
>>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>>
>>> [image: The New School]
>>>
>>> On Wed, Mar 7, 2018 at 7:16 AM, yashwanth chowdary <
>>> ryashwanthk...@gmail.com> wrote:
>>>
 I was trying to connect ldap using below properties.Getting an errror 
 that failed to bind  authn.ldap[0].userFilter .you can observe the error 
 in 
 the attched file.


 cas.authn.ldap[0].order=0
 cas.authn.ldap[0].name=AD
 cas.authn.ldap[0].type=AUTHENTICATED
 cas.authn.ldap[0].ldapUrl=ldaps://***.net
 cas.authn.ldap[0].useSsl=true
 cas.authn.ldap[0].connectTimeout=5000
 cas.authn.ldap[0].baseDn=DC=,DC=**
 cas.authn.ldap[0].userFilter=(sAMAccountName={user})
 cas.authn.ldap[0].subtreeSearch=true
 cas.authn.ldap[0].principalAttributeList=sn,givenName,memberOf,cn
 cas.authn.ldap[0].bindDn=CN=wls,CN=users,DC=***,DC=**
 cas.authn.ldap[0].bindCredential=*

 -- 
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 --- 
 You received this message because you are subscribed to the Google 
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to cas-user+u...@apereo.org.
 To view this discussion on the web visit 
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/5f038471-77d5-4465-af36-a30fbad54426%40apereo.org
  
 
 .

>>>
>>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e00fd5f-9590-44be-9ab0-cf3ccd5f84bb%40apereo.org
>>  
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7d07d053-7bf9-454b-bb02-0b4c56d3806f%40apereo.org.

Re: [cas-user] Cas5 Ldap Authentication

[David Curry]

It looks right, but I have never used that particular property, so I'm just
guessing.

In our environment we have to merge attributes from two different
directories, so I have the authentication and attribute resolution
configured separately and list the attributes out individually.

Someone else can probably weigh in on whether that's correct, though. I'm
pretty sure others are using that property.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Thu, Mar 8, 2018 at 7:52 AM, yashwanth chowdary <
ryashwanthkumarchowd...@gmail.com> wrote:

> Hi David ,
>
> Is this the correct way to initialize my principalAttributeList?
>
> By the way , I am using 5.3.0RC2 version
>
> On Wednesday, March 7, 2018 at 6:23:27 PM UTC+5:30, David Curry wrote:
>>
>> You don't say what version you're using, but the userFilter property was
>> renamed to searchFilter between 5.2 and 5.3 as part of the property
>> documentation cleanup.
>>
>> (Documented here: https://apereo.github.io/2017/12/29/530rc1-release/#do
>> cumentation-cleanup)
>>
>> --Dave
>>
>>
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> 
>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>
>> [image: The New School]
>>
>> On Wed, Mar 7, 2018 at 7:16 AM, yashwanth chowdary <
>> ryashwanthk...@gmail.com> wrote:
>>
>>> I was trying to connect ldap using below properties.Getting an errror
>>> that failed to bind  authn.ldap[0].userFilter .you can observe the error in
>>> the attched file.
>>>
>>>
>>> cas.authn.ldap[0].order=0
>>> cas.authn.ldap[0].name=AD
>>> cas.authn.ldap[0].type=AUTHENTICATED
>>> cas.authn.ldap[0].ldapUrl=ldaps://***.net
>>> cas.authn.ldap[0].useSsl=true
>>> cas.authn.ldap[0].connectTimeout=5000
>>> cas.authn.ldap[0].baseDn=DC=,DC=**
>>> cas.authn.ldap[0].userFilter=(sAMAccountName={user})
>>> cas.authn.ldap[0].subtreeSearch=true
>>> cas.authn.ldap[0].principalAttributeList=sn,givenName,memberOf,cn
>>> cas.authn.ldap[0].bindDn=CN=wls,CN=users,DC=***,DC=**
>>> cas.authn.ldap[0].bindCredential=*
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/5f038471-77d5-4465-af36-a30fbad544
>>> 26%40apereo.org
>>> 
>>> .
>>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/0e00fd5f-9590-44be-9ab0-
> cf3ccd5f84bb%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANzLimxoVv-pLXoHkw7eHc_S6uSo%2BhQKyC2HOgMD0Pm-Q%40mail.gmail.com.

Re: [cas-user] Cas5 Ldap Authentication

[yashwanth chowdary]

Hi David ,

Is this the correct way to initialize my principalAttributeList?

By the way , I am using 5.3.0RC2 version

On Wednesday, March 7, 2018 at 6:23:27 PM UTC+5:30, David Curry wrote:
>
> You don't say what version you're using, but the userFilter property was 
> renamed to searchFilter between 5.2 and 5.3 as part of the property 
> documentation cleanup.
>
> (Documented here: 
> https://apereo.github.io/2017/12/29/530rc1-release/#documentation-cleanup)
>
> --Dave
>
>
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu 
>
> [image: The New School]
>
> On Wed, Mar 7, 2018 at 7:16 AM, yashwanth chowdary <
> ryashwanthk...@gmail.com > wrote:
>
>> I was trying to connect ldap using below properties.Getting an errror 
>> that failed to bind  authn.ldap[0].userFilter .you can observe the error in 
>> the attched file.
>>
>>
>> cas.authn.ldap[0].order=0
>> cas.authn.ldap[0].name=AD
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl=ldaps://***.net
>> cas.authn.ldap[0].useSsl=true
>> cas.authn.ldap[0].connectTimeout=5000
>> cas.authn.ldap[0].baseDn=DC=,DC=**
>> cas.authn.ldap[0].userFilter=(sAMAccountName={user})
>> cas.authn.ldap[0].subtreeSearch=true
>> cas.authn.ldap[0].principalAttributeList=sn,givenName,memberOf,cn
>> cas.authn.ldap[0].bindDn=CN=wls,CN=users,DC=***,DC=**
>> cas.authn.ldap[0].bindCredential=*
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5f038471-77d5-4465-af36-a30fbad54426%40apereo.org
>>  
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e00fd5f-9590-44be-9ab0-cf3ccd5f84bb%40apereo.org.

Re: [cas-user] Cas5 Ldap Authentication

[David Curry]

You don't say what version you're using, but the userFilter property was
renamed to searchFilter between 5.2 and 5.3 as part of the property
documentation cleanup.

(Documented here:
https://apereo.github.io/2017/12/29/530rc1-release/#documentation-cleanup)

--Dave




--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Wed, Mar 7, 2018 at 7:16 AM, yashwanth chowdary <
ryashwanthkumarchowd...@gmail.com> wrote:

> I was trying to connect ldap using below properties.Getting an errror that
> failed to bind  authn.ldap[0].userFilter .you can observe the error in the
> attched file.
>
>
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].name=AD
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldaps://***.net
> cas.authn.ldap[0].useSsl=true
> cas.authn.ldap[0].connectTimeout=5000
> cas.authn.ldap[0].baseDn=DC=,DC=**
> cas.authn.ldap[0].userFilter=(sAMAccountName={user})
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].principalAttributeList=sn,givenName,memberOf,cn
> cas.authn.ldap[0].bindDn=CN=wls,CN=users,DC=***,DC=**
> cas.authn.ldap[0].bindCredential=*
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/5f038471-77d5-4465-af36-
> a30fbad54426%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOW5VrPfWPqFcXZDa%3DOsTjbxixc8v_yd3RTUvGe1k6-Wg%40mail.gmail.com.

[cas-user] Cas5 Ldap Authentication

[yashwanth chowdary]

I was trying to connect ldap using below properties.Getting an errror that 
failed to bind  authn.ldap[0].userFilter .you can observe the error in the 
attched file.


cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=AD
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://***.net
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].baseDn=DC=,DC=**
cas.authn.ldap[0].userFilter=(sAMAccountName={user})
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].principalAttributeList=sn,givenName,memberOf,cn
cas.authn.ldap[0].bindDn=CN=wls,CN=users,DC=***,DC=**
cas.authn.ldap[0].bindCredential=*

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5f038471-77d5-4465-af36-a30fbad54426%40apereo.org.