Authentication Exception
Scott Battaglia
scott.battaglia at gmail.com
Mon Mar 5 12:30:52 EST 2007
Turn on DEBUG for org.springframework.ldap (or for the LdapTemplate project
depending on the CAS version). That should help you figure out what is
going on with LDAP.
I believe the JDK also has some LDAP debugging parameters.
-Scott
On 3/1/07, Sandeep Sheth <ssheth at delegata.com> wrote:
>
> *I configured Cas Server 3.0.5 for Ldap authentication and deployed
> cas.war on Tomcat.*
>
> * *
>
> *I always see following message when I try to login to *
>
> * *
>
> The credentials you provided cannot be determined to be authentic.
>
>
>
> I am able to login using ldap using another piece of code with same
> credentials.
>
>
>
> *Please help!!***
>
> * *
>
> *Here is my deployerConfigContext.xml*
>
>
>
> <property name="authenticationHandlers">
>
> <list>
>
> <!--
>
> | This is the
> authentication handler that authenticates services by means of callback via
> SSL, thereby validating
>
> | a server
> side SSL certificate.
>
> +-->
>
> <bean
>
> class="
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> />
>
>
>
> <!--
>
> | This is the
> authentication handler declaration that every CAS deployer will need to
> change before deploying CAS
>
> | into
> production.
>
> | With this
> configuration you will be using LDAP FastBind authentication.
>
> +-->
>
> <bean
>
> class="
> org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" >
>
>
> <property name="filter" value="sAMAccountId=%u, dc=delegata, dc=com" />
>
>
> <property name="contextSource" ref="contextSource" />
>
> </bean>
>
> </list>
>
> </property>
>
> </bean>
>
> <bean id="contextSource"
>
> class="
> org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
>
> <property name="urls">
>
> <list>
>
>
> <value>ldap://ldap.delegata.com:389</value>
>
>
> <value>ldap://ldap2.delegata.com:389</value>
>
> </list>
>
> </property>
>
> </bean>
>
>
>
>
>
> *This is what I see in the console: *
>
>
>
> 2007-03-01 11:55:59,859 INFO [
> org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> <Starting cleaning of expired tickets from ticket registry at [Thu Mar 01
> 11:55:59 PST 2007]>
>
> 2007-03-01 11:55:59,859 INFO [
> org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0
> found to be removed. Removing now.>
>
> 2007-03-01 11:55:59,859 INFO [
> org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> <Finished cleaning of expired tickets from ticket registry at [Thu Mar 01
> 11:55:59 PST 2007]>
>
> 2007-03-01 12:07:37,030 DEBUG [
> org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - <Action
> 'AutomaticCookiePathSetterAction' beginning execution>
>
> 2007-03-01 12:07:37,030 INFO [
> org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - <Setting
> ContextPath for cookies to: /cas>
>
> 2007-03-01 12:07:37,030 DEBUG [
> org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - <Action
> 'AutomaticCookiePathSetterAction' completed execution; result is 'success'>
>
> 2007-03-01 12:07:37,030 DEBUG [
> org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - <Action
> 'TicketGrantingTicketExistsAction' beginning execution>
>
> 2007-03-01 12:07:37,046 DEBUG [
> org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - <Action
> 'TicketGrantingTicketExistsAction' completed execution; result is
> 'noTicketGrantingTicketExists'>
>
> 2007-03-01 12:07:37,046 DEBUG [
> org.jasig.cas.web.flow.GatewayRequestCheckAction] - <Action
> 'GatewayRequestCheckAction' beginning execution>
>
> 2007-03-01 12:07:37,046 DEBUG [
> org.jasig.cas.web.flow.GatewayRequestCheckAction] - <Action
> 'GatewayRequestCheckAction' completed execution; result is
> 'authenticationRequired'>
>
> 2007-03-01 12:07:38,170 DEBUG [
> org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - <Action
> 'AutomaticCookiePathSetterAction' beginning execution>
>
> 2007-03-01 12:07:38,170 DEBUG [
> org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - <Action
> 'AutomaticCookiePathSetterAction' completed execution; result is 'success'>
>
> 2007-03-01 12:07:38,170 DEBUG [
> org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - <Action
> 'TicketGrantingTicketExistsAction' beginning execution>
>
> 2007-03-01 12:07:38,170 DEBUG [
> org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - <Action
> 'TicketGrantingTicketExistsAction' completed execution; result is
> 'noTicketGrantingTicketExists'>
>
> 2007-03-01 12:07:38,186 DEBUG [
> org.jasig.cas.web.flow.GatewayRequestCheckAction] - <Action
> 'GatewayRequestCheckAction' beginning execution>
>
> 2007-03-01 12:07:38,201 DEBUG [
> org.jasig.cas.web.flow.GatewayRequestCheckAction] - <Action
> 'GatewayRequestCheckAction' completed execution; result is
> 'authenticationRequired'>
>
> 2007-03-01 12:09:03,722 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
> 'AuthenticationViaFormAction' beginning execution>
>
> 2007-03-01 12:09:03,722 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing bind>
>
> 2007-03-01 12:09:03,738 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Loading new form
> object>
>
> 2007-03-01 12:09:03,738 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new
> instance of form object class [class
> org.jasig.cas.authentication.principal.UsernamePasswordCredentials]>
>
> 2007-03-01 12:09:03,738 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Setting form object
> of type [class
> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in
> scope [class org.springframework.webflow.ScopeType.Flow (1)] with name
> 'credentials'>
>
> 2007-03-01 12:09:03,769 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor
> registrar set, no custom editors to register>
>
> 2007-03-01 12:09:03,785 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding allowed
> request parameters in map['lt' ->
> '_c098887B4-2F64-6805-90CF-23A7E53A0776_kBE08773B-B693-84EE-4764989E6882',
> '_eventId' -> 'submit', 'password' -> 'sam', 'username' -> 'sam'] to form
> object with name 'credentials', pre-bind formObject toString = null>
>
> 2007-03-01 12:09:03,785 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <(Any field is
> allowed)>
>
> 2007-03-01 12:09:03,800 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding completed
> for form object with name 'credentials', post-bind formObject toString =
> sam>
>
> 2007-03-01 12:09:03,800 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0]
> errors, details: []>
>
> 2007-03-01 12:09:03,800 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Setting form errors
> instance in scope [class org.springframework.webflow.ScopeType.Request(0)]>
>
> 2007-03-01 12:09:03,800 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing validate>
>
> 2007-03-01 12:09:03,800 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Invoking validator
> org.jasig.cas.validation.UsernamePasswordCredentialsValidator at 1a86488>
>
> 2007-03-01 12:09:03,816 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Validation
> completed for form object with name 'credentials'>
>
> 2007-03-01 12:09:03,816 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0]
> errors, details: []>
>
> 2007-03-01 12:09:03,816 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
> 'AuthenticationViaFormAction' completed execution; result is 'success'>
>
> 2007-03-01 12:09:03,816 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
> 'AuthenticationViaFormAction' beginning execution>
>
> 2007-03-01 12:09:03,816 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing form
> object with name 'credentials' of type [class
> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in
> scope [class org.springframework.webflow.ScopeType.Flow (1)]>
>
> 2007-03-01 12:09:03,816 DEBUG [
> org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create
> TicketGrantingTicket for sam>
>
> 2007-03-01 12:09:03,941 INFO [
> org.jasig.cas.authentication.AuthenticationManagerImpl] -
> <AuthenticationHandler:
> org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler failed to
> authenticate the user which provided the following credentials: sam>
>
> 2007-03-01 12:09:03,941 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing form
> object with name 'credentials' of type [class
> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in
> scope [class org.springframework.webflow.ScopeType.Flow (1)]>
>
> 2007-03-01 12:09:03,941 DEBUG [
> org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
> 'AuthenticationViaFormAction' completed execution; result is 'error'>
>
> 2007-03-01 12:09:04,034 DEBUG [
> org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - <Action
> 'AutomaticCookiePathSetterAction' beginning execution>
>
> 2007-03-01 12:09:04,034 DEBUG [
> org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - <Action
> 'AutomaticCookiePathSetterAction' completed execution; result is 'success'>
>
> 2007-03-01 12:09:04,034 DEBUG [
> org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - <Action
> 'TicketGrantingTicketExistsAction' beginning execution>
>
> 2007-03-01 12:09:04,034 DEBUG [
> org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - <Action
> 'TicketGrantingTicketExistsAction' completed execution; result is
> 'noTicketGrantingTicketExists'>
>
> 2007-03-01 12:09:04,034 DEBUG [
> org.jasig.cas.web.flow.GatewayRequestCheckAction] - <Action
> 'GatewayRequestCheckAction' beginning execution>
>
> 2007-03-01 12:09:04,034 DEBUG [
> org.jasig.cas.web.flow.GatewayRequestCheckAction] - <Action
> 'GatewayRequestCheckAction' completed execution; result is
> 'authenticationRequired'>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070305/fa33b32e/attachment.html
More information about the cas
mailing list