[cas-user] Login rejected when using UTF-8 characters in password

2015-10-29 Thread Andres 
Hi,

I'm using CAS 4.0.6, configured (I think) to use UTF-8 end-to-end.

However, passwords with characters like the Spanish "ñ" causes the login to be 
rejected. The password is correct at the LDAP level, I've checked it with a 
client tool.

Example: using the password "otoño", if I debug 
org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler::doAuthentication
 i see the password value is "Otoño".

I've checked the configuration to make sure it's UTF-8 end-to-end:

- in casLoginView.jsp:
<%@ page pageEncoding="UTF-8" %>
<%@ page contentType="text/html; charset=UTF-8" %>

- in cas.properties:
# httprequest.web.encoding=UTF-8
(it's commented out, so it defaults to UTF-8 according to filters.xml)


Any ideas? thank you very much.
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] logout

2015-10-29 Thread Chris Cheltenham 
Hello Everyone,

Has anyone written php code for a logout button in my header.
I am not a web developer yet being asked to do so.

If any has that code to share I would very much appreciate it.

I have tried a number of things without luck googling.

After that I need to run a script to kill the apache session cookie created y 
mod_auth_cas.
But one thing at a time.



Thank You;

Chris Cheltenham
cchelten...@swaintechs.com
SwainTechs
10 Walnut Grove Rd
Suite 110
Horsham, PA
19044

888-905-5767 / X407



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS Ldap Connection

2015-10-29 Thread Lutfi Oduncuoglu 
Hello,

I have just started to use CAS and I want to authenticate users over my
local ldap server. I did the exact configuration at
http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html. I
added that parts to deployerconfig.xml and cas.properties. Tomcat running
in ssl mode, so I connect CAS via https.

However when I try to login CAS does not connect ldap. As you can see from
catalina.out

2015-10-29 15:31:20,466 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -

2015-10-29 15:31:20,466 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2015-10-29 15:31:20,467 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2015-10-29 15:31:21,039 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - 
2015-10-29 15:31:21,039 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - 


My xml files are below.

Thank you very much for help


pom.xml




http://maven.apache.org/POM/4.0.0"; xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="
http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";>
  
org.jasig.cas
cas-server
4.0.0
  
  4.0.0
  cas-server-webapp
  war
  Jasig CAS Web Application
  

  org.jasig.cas
  cas-server-webapp-support
  ${project.version}
  compile


  org.springframework
  spring-expression
  ${spring.version}
  runtime


  javax.servlet
  jstl
  1.1.2
  jar
  runtime


  taglibs
  standard
  1.1.2
  jar
  runtime


  org.jasig.cas
  cas-server-support-ldap
  4.0.0

  

  

  
org.apache.maven.plugins
maven-war-plugin

  cas
  

  ${basedir}/src/main/webapp/WEB-INF
  true
  WEB-INF
  
**/web.xml
  

  

  

  

  
${project.parent.basedir}
  


deployerConfigContext.xml






http://www.springframework.org/schema/beans";
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
   xmlns:p="http://www.springframework.org/schema/p";
   xmlns:c="http://www.springframework.org/schema/c";
   xmlns:tx="http://www.springframework.org/schema/tx";
   xmlns:util="http://www.springframework.org/schema/util";
   xmlns:sec="http://www.springframework.org/schema/security";
   xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
   http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
   http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
   http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd";>





















































ldap://localhost:389";
  p:connectTimeout="3000"
  p:useStartTLS="false"/>
  


























































  
  
  




and cas.properties file

#
# Licensed to Jasig under one or more contributor license
# agreements. See the NOTICE file distributed with this work
# for additional information regarding copyright ownership.
# Jasig licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file
# except in compliance with the License.  You may obtain a
# copy of the License at the following location:
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
#

server.name=http://localhost:8080
server.prefix=${server.name}/cas
# IP address or CIDR subnet allowed to access the /status URI of CAS that
exposes health check information
cas.securityContext.status.allowedSubnet=127.0.0.1


cas.themeResolver.defaultThemeName=cas-theme-default
cas.viewResolver.basename=default_views

##
# Unique CAS node name
# host.name is used to generate unique Service Ticket IDs and
SAMLArtifacts.  This is usually set to the specific
# hostname of the machine running the CAS node, but it could be any label
so long as it is unique in the cluster.
host.name=cas01.

Re: [cas-user] CAS Ldap Connection

2015-10-29 Thread Christopher Myers 
It looks like you might have just copied the config from the examples without 
modifying it to fit your environment; for example, the cas.properties file says 
that your LDAP server is

ldap.url=ldap://localhost:389

and the deployerConfigContext file says that your base DN is
 p:baseDn="ou=users,dc=example,dc=com"

with bind credentials of
ldap.authn.baseDn=ou=Users,dc=example,dc=com
ldap.authn.managerDN=cn=admin,dc=example,dc=com
ldap.authn.managerPassword=qwerty123

so you might want to review the settings and make sure that they've been 
tweaked for your environment.

Chris




>>> Lutfi Oduncuoglu  10/29/15 8:34 AM >>>
Hello,


I have just started to use CAS and I want to authenticate users over my local 
ldap server. I did the exact configuration at 
http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html. I added 
that parts to deployerconfig.xml and cas.properties. Tomcat running in ssl 
mode, so I connect CAS via https.


However when I try to login CAS does not connect ldap. As you can see from 
catalina.out

2015-10-29 15:31:20,466 INFO 
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 

2015-10-29 15:31:20,466 INFO 
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2015-10-29 15:31:20,467 INFO 
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
2015-10-29 15:31:21,039 INFO 
[org.jasig.cas.services.DefaultServicesManagerImpl] - 
2015-10-29 15:31:21,039 INFO 
[org.jasig.cas.services.DefaultServicesManagerImpl] - 




My xml files are below.


Thank you very much for help




pom.xml




http://maven.apache.org/POM/4.0.0"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/maven-v4_0_0.xsd";>
  
org.jasig.cas
cas-server
4.0.0
  
  4.0.0
  cas-server-webapp
  war
  Jasig CAS Web Application
  

  org.jasig.cas
  cas-server-webapp-support
  ${project.version}
  compile


  org.springframework
  spring-expression
  ${spring.version}
  runtime


  javax.servlet
  jstl
  1.1.2
  jar
  runtime


  taglibs
  standard
  1.1.2
  jar
  runtime


  org.jasig.cas
  cas-server-support-ldap
  4.0.0

  

  

  
org.apache.maven.plugins
maven-war-plugin

  cas
  

  ${basedir}/src/main/webapp/WEB-INF
  true
  WEB-INF
  
**/web.xml
  

  

  

  

  
${project.parent.basedir}
  


deployerConfigContext.xml






http://www.springframework.org/schema/beans";
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
   xmlns:p="http://www.springframework.org/schema/p";
   xmlns:c="http://www.springframework.org/schema/c";
   xmlns:tx="http://www.springframework.org/schema/tx";
   xmlns:util="http://www.springframework.org/schema/util";
   xmlns:sec="http://www.springframework.org/schema/security";
   xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
   http://www.springframework.org/schema/tx 
http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
   http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.2.xsd
   http://www.springframework.org/schema/util 
http://www.springframework.org/schema/util/spring-util.xsd";>





















































ldap://localhost:389";
  p:connectTimeout="3000"
  p:useStartTLS="false"/>
  








































 















  

  
  
  





and cas.properties file 

#
# Licensed to Jasig under one or more contributor license
# agreements. See the NOTICE file distributed with this work
# for additional information regarding copyright ownership.
# Jasig licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file
# except in compliance with the License.  You may obtain a
# copy of the License at the following location:
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
#

Re: [cas-user] CAS Ldap Connection

2015-10-29 Thread Lutfi Oduncuoglu 
Hello,

I change those values before I added files to my mail. Actually while doing
mvn package it connects to ldap and confirms the credential and other
stuff. I can send those log if you want.

Regards

On Thu, Oct 29, 2015 at 4:47 PM, Christopher Myers  wrote:

> It looks like you might have just copied the config from the examples
> without modifying it to fit your environment; for example, the
> cas.properties file says that your LDAP server is
>
> ldap.url=ldap://localhost:389
>
> and the deployerConfigContext file says that your base DN is
> p:baseDn="ou=users,dc=example,dc=com"
>
> with bind credentials of
> ldap.authn.baseDn=ou=Users,dc=example,dc=com
> ldap.authn.managerDN=cn=admin,dc=example,dc=com
> ldap.authn.managerPassword=qwerty123
>
> so you might want to review the settings and make sure that they've been
> tweaked for your environment.
>
> Chris
>
>
>
>
> >>> Lutfi Oduncuoglu  10/29/15 8:34 AM >>>
>
> Hello,
>
> I have just started to use CAS and I want to authenticate users over my
> local ldap server. I did the exact configuration at
> http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html. I
> added that parts to deployerconfig.xml and cas.properties. Tomcat running
> in ssl mode, so I connect CAS via https.
>
> However when I try to login CAS does not connect ldap. As you can see from
> catalina.out
>
> 2015-10-29 15:31:20,466 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> 
> 2015-10-29 15:31:20,466 INFO
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: audit:unknown
> WHAT: supplied credentials: [test+password]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Thu Oct 29 15:31:20 EET 2015
> CLIENT IP ADDRESS: 10.6.16.15
> SERVER IP ADDRESS: 10.6.16.16
> =
>
> >
> 2015-10-29 15:31:20,467 INFO
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: audit:unknown
> WHAT: 1 errors, 0 successes
> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
> APPLICATION: CAS
> WHEN: Thu Oct 29 15:31:20 EET 2015
> CLIENT IP ADDRESS: 10.6.16.15
> SERVER IP ADDRESS: 10.6.16.16
> =
>
> >
> 2015-10-29 15:31:21,039 INFO
> [org.jasig.cas.services.DefaultServicesManagerImpl] -  services.>
> 2015-10-29 15:31:21,039 INFO
> [org.jasig.cas.services.DefaultServicesManagerImpl] - 
>
>
> My xml files are below.
>
> Thank you very much for help
>
>
> pom.xml
>
>
> 
>
> http://maven.apache.org/POM/4.0.0"; xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="
> http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd
> ">
>   
> org.jasig.cas
> cas-server
> 4.0.0
>   
>   4.0.0
>   cas-server-webapp
>   war
>   Jasig CAS Web Application
>   
> 
>   org.jasig.cas
>   cas-server-webapp-support
>   ${project.version}
>   compile
> 
> 
>   org.springframework
>   spring-expression
>   ${spring.version}
>   runtime
> 
> 
>   javax.servlet
>   jstl
>   1.1.2
>   jar
>   runtime
> 
> 
>   taglibs
>   standard
>   1.1.2
>   jar
>   runtime
> 
> 
>   org.jasig.cas
>   cas-server-support-ldap
>   4.0.0
> 
>   
>
>   
> 
>   
> org.apache.maven.plugins
> maven-war-plugin
> 
>   cas
>   
> 
>   ${basedir}/src/main/webapp/WEB-INF
>   true
>   WEB-INF
>   
> **/web.xml
>   
> 
>   
> 
>   
> 
>   
>
>   
> ${project.parent.basedir}
>   
> 
>
> deployerConfigContext.xml
>
>
> 
> 
> 
>
> http://www.springframework.org/schema/beans";
>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>xmlns:p="http://www.springframework.org/schema/p";
>xmlns:c="http://www.springframework.org/schema/c";
>xmlns:tx="http://www.springframework.org/schema/tx";
>xmlns:util="http://www.springframework.org/schema/util";
>xmlns:sec="http://www.springframework.org/schema/security";
>xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
>http://www.springframework.org/schema/tx
> http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
>http://www.springframework.org/schema/security
> http://www.springframework.org/schema/security/spring-security-3.2.xsd
>http://www.springframework.org/schema/util
> http://www.springframework.org/schema/util/spring-util.xsd";>
>
> 
>  class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
> 
> 
>

Re: [cas-user] CAS Ldap Connection

2015-10-29 Thread Alex Bouskine 
Hi Lutfi,

In your deployerConfigContext try to replace:

by:


and add the bean:


plus:

 ...


try with uid attribute instead of cn.

an other option in cas.properties, try ldap.useStartTLS=false

Regards,

Alex

Le 29/10/2015 14:57, Lutfi Oduncuoglu a écrit :
> Hello,
>
> I change those values before I added files to my mail. Actually while 
> doing mvn package it connects to ldap and confirms the credential and 
> other stuff. I can send those log if you want.
>
> Regards
>
> On Thu, Oct 29, 2015 at 4:47 PM, Christopher Myers 
> mailto:cmy...@mail.millikin.edu>> wrote:
>
> It looks like you might have just copied the config from the
> examples without modifying it to fit your environment; for
> example, the cas.properties file says that your LDAP server is
>
> ldap.url=ldap://localhost:389
>
> and the deployerConfigContext file says that your base DN is
> p:baseDn="ou=users,dc=example,dc=com"
>
> with bind credentials of
> ldap.authn.baseDn=ou=Users,dc=example,dc=com
> ldap.authn.managerDN=cn=admin,dc=example,dc=com
> ldap.authn.managerPassword=qwerty123
>
> so you might want to review the settings and make sure that
> they've been tweaked for your environment.
>
> Chris
>
>
>
>
> >>> Lutfi Oduncuoglu  > 10/29/15 8:34 AM >>>
>
> Hello,
>
> I have just started to use CAS and I want to authenticate users
> over my local ldap server. I did the exact configuration at
> http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html.
> I added that parts to deployerconfig.xml and cas.properties.
> Tomcat running in ssl mode, so I connect CAS via https.
>
> However when I try to login CAS does not connect ldap. As you can
> see from catalina.out
>
> 2015-10-29 15:31:20,466 INFO
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>  deneme+password>
> 2015-10-29 15:31:20,466 INFO
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> -  =
> WHO: audit:unknown
> WHAT: supplied credentials: [test+password]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Thu Oct 29 15:31:20 EET 2015
> CLIENT IP ADDRESS: 10.6.16.15
> SERVER IP ADDRESS: 10.6.16.16
> =
>
> >
> 2015-10-29 15:31:20,467 INFO
> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> -  =
> WHO: audit:unknown
> WHAT: 1 errors, 0 successes
> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
> APPLICATION: CAS
> WHEN: Thu Oct 29 15:31:20 EET 2015
> CLIENT IP ADDRESS: 10.6.16.15
> SERVER IP ADDRESS: 10.6.16.16
> =
>
> >
> 2015-10-29 15:31:21,039 INFO
> [org.jasig.cas.services.DefaultServicesManagerImpl] -  registered services.>
> 2015-10-29 15:31:21,039 INFO
> [org.jasig.cas.services.DefaultServicesManagerImpl] -  services.>
>
>
> My xml files are below.
>
> Thank you very much for help
>
>
> pom.xml
>
>
> 
>
> http://maven.apache.org/POM/4.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/maven-v4_0_0.xsd";>
>   
> org.jasig.cas
> cas-server
> 4.0.0
>   
>   4.0.0
> cas-server-webapp
>   war
>   Jasig CAS Web Application
>   
> 
>   org.jasig.cas
> cas-server-webapp-support
> ${project.version}
>   compile
> 
> 
> org.springframework
> spring-expression
> ${spring.version}
>   runtime
> 
> 
>   javax.servlet
>   jstl
>   1.1.2
>   jar
>   runtime
> 
> 
>   taglibs
> standard
>   1.1.2
>   jar
>   runtime
> 
> 
>   org.jasig.cas
> cas-server-support-ldap
>   4.0.0
> 
>   
>
>   
> 
>   
> org.apache.maven.plugins
> maven-war-plugin
> 
>   cas
>   
> 
> ${basedir}/src/main/webapp/WEB-INF
> true
> WEB-INF
>   
> **/web.xml
>   
> 
>   
> 
>   
> 
>   
>
>   
> ${project.parent.basedir}
>   
> 
>
> deployerConfigContext.xml
>
>
> 
> 
> 
>
> http://www.springframework.org/schema/beans";
>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>xmlns:p="http://www.springframework.org/schema/p";
>xmlns:c="http://www.springframework.org/schema/c";

RE:[cas-user] logout

2015-10-29 Thread Neil Sabol 
Good morning Chris,

I've used something like the following for logout with phpCAS:

require_once 'CAS.php';
phpCAS::client(CAS_VERSION_2_0, 'your.cas.url', 443, 'yourcascontext');
phpCAS::setNoCasServerValidation();
phpCAS::logout();

You would substitute your own CAS values for your.cas.url and yourcascontext.

I hope it helps.

Thank you,
-Neil

From: Chris Cheltenham [mailto:cchelten...@swaintechs.com]
Sent: Thursday, October 29, 2015 6:26 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] logout

Hello Everyone,

Has anyone written php code for a logout button in my header.
I am not a web developer yet being asked to do so.

If any has that code to share I would very much appreciate it.

I have tried a number of things without luck googling.

After that I need to run a script to kill the apache session cookie created y 
mod_auth_cas.
But one thing at a time.



Thank You;

Chris Cheltenham
cchelten...@swaintechs.com
SwainTechs
10 Walnut Grove Rd
Suite 110
Horsham, PA
19044

888-905-5767 / X407





--

You are currently subscribed to 
cas-user@lists.jasig.org as: 
nssa...@unm.edu

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] CAS Ldap Connection

2015-10-29 Thread Lutfi Oduncuoglu 
Hello,

I did your suggestions but problem still occurs. Now my .xml files are
looks like:










and I added the bean  








Also I set TLS to off in cas.propeties. However, when I am trying to login
I sniffed the traffic on my ldap server with tcpdump and tailed the ldap
log file but there was nothing. CAS server doing no ldap search or bind.
CAS does not do anything with ldap. But I could see some logs during maven
process which are:



Oct 29 16:58:11 ldap slapd[1236]: conn=1195 fd=20 ACCEPT from IP=
10.6.16.16:40967 (IP=0.0.0.0:389)
Oct 29 16:58:11 ldap slapd[1236]: conn=1196 fd=21 ACCEPT from IP=
10.6.16.16:40968 (IP=0.0.0.0:389)
Oct 29 16:58:11 ldap slapd[1236]: conn=1197 fd=22 ACCEPT from IP=
10.6.16.16:40969 (IP=0.0.0.0:389)
Oct 29 16:58:11 ldap slapd[1236]: conn=1198 fd=23 ACCEPT from IP=
10.6.16.16:40970 (IP=0.0.0.0:389)
Oct 29 16:58:11 ldap slapd[1236]: conn=1198 op=0 BIND
dn="cn=admin,dc=example,dc=com" method=128
Oct 29 16:58:11 ldap slapd[1236]: conn=1198 op=0 BIND
dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
Oct 29 16:58:11 ldap slapd[1236]: conn=1198 op=0 RESULT tag=97 err=0 text=
Oct 29 16:58:11 ldap slapd[1236]: conn=1199 fd=24 ACCEPT from IP=
10.6.16.16:40971 (IP=0.0.0.0:389)
Oct 29 16:58:11 ldap slapd[1236]: conn=1199 op=0 BIND
dn="cn=admin,dc=example,dc=com" method=128
Oct 29 16:58:11 ldap slapd[1236]: conn=1199 op=0 BIND
dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
Oct 29 16:58:11 ldap slapd[1236]: conn=1199 op=0 RESULT tag=97 err=0 text=
Oct 29 16:58:11 ldap slapd[1236]: conn=1200 fd=25 ACCEPT from IP=
10.6.16.16:40972 (IP=0.0.0.0:389)
Oct 29 16:58:11 ldap slapd[1236]: conn=1200 op=0 BIND
dn="cn=admin,dc=example,dc=com" method=128
Oct 29 16:58:11 ldap slapd[1236]: conn=1200 op=0 BIND
dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
Oct 29 16:58:11 ldap slapd[1236]: conn=1200 op=0 RESULT tag=97 err=0 text=
Oct 29 16:58:13 ldap slapd[1236]: conn=1195 fd=20 closed (connection lost)


I still got the same error on catalina.out.



Regards



On Thu, Oct 29, 2015 at 5:01 PM, Alex Bouskine 
wrote:

> Hi Lutfi,
>
> In your deployerConfigContext try to replace:
> 
> by:
>  value-ref="usernamePasswordCredentialsResolver" />
>
> and add the bean:
> 
> class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
>
> plus:
>...
>   p:principalIdAttribute="cn"
>   ...
> 
> ...
> 
>
> try with uid attribute instead of cn.
>
> an other option in cas.properties, try ldap.useStartTLS=false
>
> Regards,
>
> Alex
>
> Le 29/10/2015 14:57, Lutfi Oduncuoglu a écrit :
>
> Hello,
>
> I change those values before I added files to my mail. Actually while
> doing mvn package it connects to ldap and confirms the credential and other
> stuff. I can send those log if you want.
>
> Regards
>
> On Thu, Oct 29, 2015 at 4:47 PM, Christopher Myers <
> cmy...@mail.millikin.edu> wrote:
>
>> It looks like you might have just copied the config from the examples
>> without modifying it to fit your environment; for example, the
>> cas.properties file says that your LDAP server is
>>
>> ldap.url=ldap://localhost:389
>>
>> and the deployerConfigContext file says that your base DN is
>> p:baseDn="ou=users,dc=example,dc=com"
>>
>> with bind credentials of
>> ldap.authn.baseDn=ou=Users,dc=example,dc=com
>> ldap.authn.managerDN=cn=admin,dc=example,dc=com
>> ldap.authn.managerPassword=qwerty123
>>
>> so you might want to review the settings and make sure that they've been
>> tweaked for your environment.
>>
>> Chris
>>
>>
>>
>>
>> >>> Lutfi Oduncuoglu < 
>> lutfioduncuo...@gmail.com> 10/29/15 8:34 AM >>>
>>
>> Hello,
>>
>> I have just started to use CAS and I want to authenticate users over my
>> local ldap server. I did the exact configuration at
>> 
>> http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html.
>> I added that parts to deployerconfig.xml and cas.properties. Tomcat running
>> in ssl mode, so I connect CAS via https.
>>
>> However when I try to login CAS does not connect ldap. As you can see
>> from catalina.out
>>
>> 2015-10-29 15:31:20,466 INFO
>> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>> 
>> 2015-10-29 15:31:20,466 INFO
>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail record BEGIN
>> =
>> WHO: audit:unknown
>> WHAT: supplied credentials: [test+password]
>> ACTION: AUTHENTICATION_FAILED
>> APPLICATION: CAS
>> WHEN: Thu Oct 29 15:31:20 EET 2015
>> CLIENT IP ADDRESS: 10.6.16.15
>> SERVER IP ADDRESS: 10.6.16.16
>> =
>>
>> >
>> 2015-10-29 15:31:20,467 INFO
>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail record BEGIN
>>

Re: [cas-user] CAS Ldap Connection

2015-10-29 Thread Lutfi Oduncuoglu 
Hello,

I forgot to mention that I change the "cn" with "uid"











Regards,
Lutfi

On Thu, Oct 29, 2015 at 6:00 PM, Lutfi Oduncuoglu  wrote:

> Hello,
>
> I did your suggestions but problem still occurs. Now my .xml files are
> looks like:
>
>  class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
> 
> 
> 
>  value-ref="proxyPrincipalResolver" />
>  value-ref="primaryPrincipalResolver" />
>  value-ref="usernamePasswordCredentialsResolver" />
> 
>
> and I added the bean  
> 
> class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
>
> 
> class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
> 
> 
> class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"
> >
> 
> 
>
> Also I set TLS to off in cas.propeties. However, when I am trying to login
> I sniffed the traffic on my ldap server with tcpdump and tailed the ldap
> log file but there was nothing. CAS server doing no ldap search or bind.
> CAS does not do anything with ldap. But I could see some logs during maven
> process which are:
>
>
>
> Oct 29 16:58:11 ldap slapd[1236]: conn=1195 fd=20 ACCEPT from IP=
> 10.6.16.16:40967 (IP=0.0.0.0:389)
> Oct 29 16:58:11 ldap slapd[1236]: conn=1196 fd=21 ACCEPT from IP=
> 10.6.16.16:40968 (IP=0.0.0.0:389)
> Oct 29 16:58:11 ldap slapd[1236]: conn=1197 fd=22 ACCEPT from IP=
> 10.6.16.16:40969 (IP=0.0.0.0:389)
> Oct 29 16:58:11 ldap slapd[1236]: conn=1198 fd=23 ACCEPT from IP=
> 10.6.16.16:40970 (IP=0.0.0.0:389)
> Oct 29 16:58:11 ldap slapd[1236]: conn=1198 op=0 BIND
> dn="cn=admin,dc=example,dc=com" method=128
> Oct 29 16:58:11 ldap slapd[1236]: conn=1198 op=0 BIND
> dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
> Oct 29 16:58:11 ldap slapd[1236]: conn=1198 op=0 RESULT tag=97 err=0 text=
> Oct 29 16:58:11 ldap slapd[1236]: conn=1199 fd=24 ACCEPT from IP=
> 10.6.16.16:40971 (IP=0.0.0.0:389)
> Oct 29 16:58:11 ldap slapd[1236]: conn=1199 op=0 BIND
> dn="cn=admin,dc=example,dc=com" method=128
> Oct 29 16:58:11 ldap slapd[1236]: conn=1199 op=0 BIND
> dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
> Oct 29 16:58:11 ldap slapd[1236]: conn=1199 op=0 RESULT tag=97 err=0 text=
> Oct 29 16:58:11 ldap slapd[1236]: conn=1200 fd=25 ACCEPT from IP=
> 10.6.16.16:40972 (IP=0.0.0.0:389)
> Oct 29 16:58:11 ldap slapd[1236]: conn=1200 op=0 BIND
> dn="cn=admin,dc=example,dc=com" method=128
> Oct 29 16:58:11 ldap slapd[1236]: conn=1200 op=0 BIND
> dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
> Oct 29 16:58:11 ldap slapd[1236]: conn=1200 op=0 RESULT tag=97 err=0 text=
> Oct 29 16:58:13 ldap slapd[1236]: conn=1195 fd=20 closed (connection lost)
>
>
> I still got the same error on catalina.out.
>
>
>
> Regards
>
>
>
> On Thu, Oct 29, 2015 at 5:01 PM, Alex Bouskine 
> wrote:
>
>> Hi Lutfi,
>>
>> In your deployerConfigContext try to replace:
>> 
>> by:
>> > value-ref="usernamePasswordCredentialsResolver" />
>>
>> and add the bean:
>> >
>> class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
>>
>> plus:
>> >   ...
>>   p:principalIdAttribute="cn"
>>   ...
>> 
>> ...
>> 
>>
>> try with uid attribute instead of cn.
>>
>> an other option in cas.properties, try ldap.useStartTLS=false
>>
>> Regards,
>>
>> Alex
>>
>> Le 29/10/2015 14:57, Lutfi Oduncuoglu a écrit :
>>
>> Hello,
>>
>> I change those values before I added files to my mail. Actually while
>> doing mvn package it connects to ldap and confirms the credential and other
>> stuff. I can send those log if you want.
>>
>> Regards
>>
>> On Thu, Oct 29, 2015 at 4:47 PM, Christopher Myers <
>> cmy...@mail.millikin.edu> wrote:
>>
>>> It looks like you might have just copied the config from the examples
>>> without modifying it to fit your environment; for example, the
>>> cas.properties file says that your LDAP server is
>>>
>>> ldap.url=ldap://localhost:389
>>>
>>> and the deployerConfigContext file says that your base DN is
>>> p:baseDn="ou=users,dc=example,dc=com"
>>>
>>> with bind credentials of
>>> ldap.authn.baseDn=ou=Users,dc=example,dc=com
>>> ldap.authn.managerDN=cn=admin,dc=example,dc=com
>>> ldap.authn.managerPassword=qwerty123
>>>
>>> so you might want to review the settings and make sure that they've been
>>> tweaked for your environment.
>>>
>>> Chris
>>>
>>>
>>>
>>>
>>> >>> Lutfi Oduncuoglu < 
>>> lutfioduncuo...@gmail.com> 10/29/15 8:34 AM >>>
>>>
>>> Hello,
>>>
>>> I have just started to use CAS and I want to authenticate users over my
>>> local ldap server. I did the exact configuration at
>>> 
>>> http://jasig.github.io/cas/4.0.x/installation/LDAP-Authentication.html.
>>> I added that parts to deployerconfig.xml and cas.properties. Tomcat running
>>> in ssl mode, so I connect CAS

Re: [cas-user] Hazelcast deployment architecture - secure tunnel between nodes?

2015-10-29 Thread Paul B. Henson 
On Mon, Oct 26, 2015 at 11:16:42AM -0400, Waldbieser, Carl wrote:

> For those of you who have deployed Hazelcast, are you using a secure
> tunnel between CAS nodes (e.g. ipsec)?  If so, do you monitor that the
> tunnel stays up, and how do you do that?

I initially tried using the built-in hazelcast encryption but found that
totally unreliable, so we ended up setting up point to point ipsec links
between the nodes. We are using strongswan under linux, it was a bit
tricky to get the configuration just right but once we got it working
it's been really stable. I don't specifically monitor the ipsec tunnel,
but we do have a real time log analyzer watching the cas logs, which
generates alerts if any of the nodes get hazelcast errors (which they
would if the tunnel failed, as the firewall rules only allow node
communication through the tunnel, not directly).


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  hen...@cpp.edu
California State Polytechnic University  |  Pomona CA 91768

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Hazelcast deployment architecture - secure tunnel between nodes?

2015-10-29 Thread Waldbieser, Carl 
Paul,

That is helpful.  We have our CAS logs slurped into Splunk.  I can probably set 
up something to alert us based on hazelcast errors.

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College

- Original Message -
From: "Paul B. Henson" 
To: "cas-user" 
Sent: Thursday, October 29, 2015 3:15:51 PM
Subject: Re: [cas-user] Hazelcast deployment architecture - secure tunnel 
between nodes?

On Mon, Oct 26, 2015 at 11:16:42AM -0400, Waldbieser, Carl wrote:

> For those of you who have deployed Hazelcast, are you using a secure
> tunnel between CAS nodes (e.g. ipsec)?  If so, do you monitor that the
> tunnel stays up, and how do you do that?

I initially tried using the built-in hazelcast encryption but found that
totally unreliable, so we ended up setting up point to point ipsec links
between the nodes. We are using strongswan under linux, it was a bit
tricky to get the configuration just right but once we got it working
it's been really stable. I don't specifically monitor the ipsec tunnel,
but we do have a real time log analyzer watching the cas logs, which
generates alerts if any of the nodes get hazelcast errors (which they
would if the tunnel failed, as the firewall rules only allow node
communication through the tunnel, not directly).


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  hen...@cpp.edu
California State Polytechnic University  |  Pomona CA 91768

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
waldb...@lafayette.edu
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user