Software
 » 
CAS
 » 
CAS Users

CAS unable to authenticate with openldap

View: New views
2 Messages — Rating Filter:   Alert me  

CAS unable to authenticate with openldap

by bhargava v :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hello All,

Before i posted this message, i did extensive google search and combed thru this list archives so i know for sure that my problem wasn't faced by someone before :-).

Ok now to the problem:

I've openldap 2.3.39 + CAS 3.0.7 running on my machine.  I checked  if my  openldap is working properly by using softerra ldap admin software and the connection info is as follows:
connection mechanism : simple
principal: o=sgi,c=us
password: secret
hostname and port and standard.

I'm able to view all the schema using ldap admin.

I want CAS to talk to ldap and get the authentication/authorization info. I've copied all the jars from ldaptemplate from sourceforge and ldap adaptor in the webapps/cas/WEB-INF/lib directory.

My deployercontextconfig looks like this:
 <bean id="authenticationManager"
           class="org.jasig.cas.authentication.AuthenticationManagerImpl">

           <property name="credentialsToPrincipalResolvers">
                   <list>
                           <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />

                           <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
                   </list>
           </property>


        <property name="authenticationHandlers">
        <list>
                <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">

                        <property
                                 name="httpClient"
                                 ref="httpClient" />

                </bean>

                <bean
                        class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
                                <property name="filter" value="uid=%u" />

                                <property name="searchBase" value="c=us,o=sgi" />
                                <property name="contextSource" ref="contextSource" />

                </bean>
        </list>
        </property>

        </bean>

        <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">

                 <property name="userName" value="c=us,o=sgi" />

                 <property name="password" value="secret" />
                 <property name="urls">

                         <list>
                                 <value>my ldap url</value>
                         </list>
                 </property>

                 <property name="baseEnvironmentProperties">
                         <map>
                                 <entry>
                                         <key><value>java.naming.security.authentication</value></key>

                                         <value>simple</value>
                                 </entry>
                        </map>
                </property>
        </bean>

I give the login info at the CAS sign-in page but it says it cannot authenticate. I've turned on the DEBUG for org.springframework in properties file and i get this info:
-----------------------------------------------------------------------------------------------------
Error in object 'credentials': codes [error.authentication.credentials.bad.credentials,error.authentication.credentials.bad]; arguments []; default message [error.authentication.credentials.bad], 'org.springframework.validation.BindException.credentials' -> org.springframework.validation.BindException: org.springframework.validation.BeanPropertyBindingResult: 1 errors
Error in object 'credentials': codes [error.authentication.credentials.bad.credentials,error.authentication.credentials.bad]; arguments []; default message [error.authentication.credentials.bad]], status = Paused]]]': '_c17411DFE-7CF0-3139-DFCD-9A12867433DA_k674FD418-6DFD-2E65-0B0D-C1855E87D2F3'; previous key was '_c17411DFE-7CF0-3139-DFCD-9A12867433DA_k70CCC903-6A3B-986A-B09D-B7E4A96F931E'>
---------------------------------------------------------------------------------------------------------
I'm giving the right username and password at the login page but it still says that credentials are wrong. I'm guessing that the username given in the deployercontextconfig.xml is wrong but i used the same principal to view schema via ldap browser.

What is wrong with my setup?

Thanks in advance for your time and help.
Vemula


_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas

Re: CAS unable to authenticate with openldap

by scott_battaglia :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Your search base
<property name="searchBase" value="c=us,o=sgi" />

appears to be the same as your principal.  Is that how its supposed to be?


On Thu, May 8, 2008 at 1:12 AM, bhargava v <mr.vemula@...> wrote:
Hello All,

Before i posted this message, i did extensive google search and combed thru this list archives so i know for sure that my problem wasn't faced by someone before :-).

Ok now to the problem:

I've openldap 2.3.39 + CAS 3.0.7 running on my machine.  I checked  if my  openldap is working properly by using softerra ldap admin software and the connection info is as follows:
connection mechanism : simple
principal: o=sgi,c=us
password: secret
hostname and port and standard.

I'm able to view all the schema using ldap admin.

I want CAS to talk to ldap and get the authentication/authorization info. I've copied all the jars from ldaptemplate from sourceforge and ldap adaptor in the webapps/cas/WEB-INF/lib directory.

My deployercontextconfig looks like this:
 <bean id="authenticationManager"
           class="org.jasig.cas.authentication.AuthenticationManagerImpl">


           <property name="credentialsToPrincipalResolvers">
                   <list>
                           <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />


                           <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
                   </list>
           </property>



        <property name="authenticationHandlers">
        <list>
                <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">


                        <property
                                 name="httpClient"
                                 ref="httpClient" />

                </bean>

                <bean
                        class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
                                <property name="filter" value="uid=%u" />


                                <property name="searchBase" value="c=us,o=sgi" />
                                <property name="contextSource" ref="contextSource" />


                </bean>
        </list>
        </property>

        </bean>

        <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">


                 <property name="userName" value="c=us,o=sgi" />

                 <property name="password" value="secret" />
                 <property name="urls">

                         <list>
                                 <value>my ldap url</value>
                         </list>
                 </property>

                 <property name="baseEnvironmentProperties">
                         <map>
                                 <entry>
                                         <key><value>java.naming.security.authentication</value></key>


                                         <value>simple</value>
                                 </entry>
                        </map>
                </property>
        </bean>

I give the login info at the CAS sign-in page but it says it cannot authenticate. I've turned on the DEBUG for org.springframework in properties file and i get this info:
-----------------------------------------------------------------------------------------------------
Error in object 'credentials': codes [error.authentication.credentials.bad.credentials,error.authentication.credentials.bad]; arguments []; default message [error.authentication.credentials.bad], 'org.springframework.validation.BindException.credentials' -> org.springframework.validation.BindException: org.springframework.validation.BeanPropertyBindingResult: 1 errors
Error in object 'credentials': codes [error.authentication.credentials.bad.credentials,error.authentication.credentials.bad]; arguments []; default message [error.authentication.credentials.bad]], status = Paused]]]': '_c17411DFE-7CF0-3139-DFCD-9A12867433DA_k674FD418-6DFD-2E65-0B0D-C1855E87D2F3'; previous key was '_c17411DFE-7CF0-3139-DFCD-9A12867433DA_k70CCC903-6A3B-986A-B09D-B7E4A96F931E'>
---------------------------------------------------------------------------------------------------------
I'm giving the right username and password at the login page but it still says that credentials are wrong. I'm guessing that the username given in the deployercontextconfig.xml is wrong but i used the same principal to view schema via ldap browser.

What is wrong with my setup?

Thanks in advance for your time and help.
Vemula


_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas




--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas
Free Forum Powered by Nabble Forum Help