Multiple LDAP authentication handlers and bad password returns HTTP 500 Error
Scott Battaglia
scott.battaglia at gmail.com
Thu Sep 18 10:02:10 EDT 2008
That seems rather strange that it wouldn't work (in theory it should ;-)).
Does it work okay if you have one LDAP handler and say the test username
password handler but both fail?
The interesting thing is that LDAP (Active Directory) appears to be throwing
an exception which normally it shouldn't do. So either AD is returning an
exception we weren't expecting or there's some configuration problem with
two ADs and a failed password.
I'm not sure which it is. I don't know if you can do any debugging on your
end (we don't have an AD here that I can use).
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Sep 18, 2008 at 6:12 AM, Chris <c.naslain at lectra.com> wrote:
> Hi all,
>
> I am running a CAS 3.1.1 server on Tomcat 5.5.26. The
> deployerConfigContext.xml is configured to check user authentication on
> 3 M$ Active Directories thru 3 LDAP authentication handlers.
>
> This works fine if the user/password match one of the 3 AD. But if the
> password is mistyped (or a bad username), CAS returns an exception (HTTP
> 500) instead of the default red error message "The credentials you
> provided cannot be determined to be authentic."
>
> I have tested with only 1 LDAP authentication handler and the warning
> message is returned well (No HTTP 500 exception).
>
> As soon as I configure 2 LDAP authentication handlers, the HTTP 500
> exception occurs.
>
> Below is the exception returned when 2 LDAP are configured and when I
> mistype a password + an example of my deployerConfigContext.xml using 2
> LDAP authentication handlers.
>
> Any idea why this HTTP 500 exception occurs? Missing configuration
> parameters?
>
> Best
>
> Chris
>
> ----------------------------
>
> Etat HTTP 500 -
>
> type Rapport d'exception
>
> message
>
> description Le serveur a rencontré une erreur interne () qui l'a empêché
> de satisfaire la requête.
>
> exception
>
> org.springframework.web.util.NestedServletException: Request processing
> failed; nested exception is
> org.springframework.webflow.engine.ActionExecutionException: Exception
> thrown executing [AnnotatedAction at 869470 targetAction =
> org.jasig.cas.web.flow.AuthenticationViaFormAction at 43153c, attributes =
> map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
> action execution attributes were 'map['method' -> 'submit']'; nested
> exception is org.springframework.ldap.UncategorizedLdapException:
> Operation failed; nested exception is
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
> vece�]
>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:487)
>
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
>
> cause mère
>
> org.springframework.webflow.engine.ActionExecutionException: Exception
> thrown executing [AnnotatedAction at 869470 targetAction =
> org.jasig.cas.web.flow.AuthenticationViaFormAction at 43153c, attributes =
> map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' --
> action execution attributes were 'map['method' -> 'submit']'; nested
> exception is org.springframework.ldap.UncategorizedLdapException:
> Operation failed; nested exception is
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
> vece�]
>
> org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:68)
>
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
> org.springframework.webflow.engine.State.enter(State.java:200)
>
> org.springframework.webflow.engine.Transition.execute(Transition.java:229)
>
> org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
> org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
>
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
> org.springframework.webflow.engine.State.enter(State.java:200)
>
> org.springframework.webflow.engine.Transition.execute(Transition.java:229)
>
> org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
> org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
>
> org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245)
>
> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
>
> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172)
>
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
>
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
>
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
>
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
>
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
>
> cause mère
>
> org.springframework.ldap.UncategorizedLdapException: Operation failed;
> nested exception is javax.naming.AuthenticationException: [LDAP: error
> code 49 - 80090308: LdapErr: DSID-0C090334, comment:
> AcceptSecurityContext error, data 525, vece�]
>
> org.springframework.ldap.DefaultNamingExceptionTranslator.translate(DefaultNamingExceptionTranslator.java:93)
>
> org.springframework.ldap.support.AbstractContextSource.createContext(AbstractContextSource.java:204)
>
> org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:104)
> org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
> org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
>
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:67)
>
> org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:56)
>
> org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:58)
>
> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:84)
>
> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:383)
>
> org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:107)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> java.lang.reflect.Method.invoke(Method.java:597)
>
> org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103)
>
> org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136)
>
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
>
> org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
>
> org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61)
>
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
> org.springframework.webflow.engine.State.enter(State.java:200)
>
> org.springframework.webflow.engine.Transition.execute(Transition.java:229)
>
> org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
> org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
>
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
> org.springframework.webflow.engine.State.enter(State.java:200)
>
> org.springframework.webflow.engine.Transition.execute(Transition.java:229)
>
> org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
> org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
>
> org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245)
>
> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
>
> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172)
>
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
>
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
>
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
>
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
>
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
>
> cause mère
>
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
> vece�]
> com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
> com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
> com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
>
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
>
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
>
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
> javax.naming.InitialContext.init(InitialContext.java:223)
>
> javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
>
> org.springframework.ldap.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:59)
>
> org.springframework.ldap.support.AbstractContextSource.createContext(AbstractContextSource.java:193)
>
> org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:104)
> org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
> org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
>
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:67)
>
> org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:56)
>
> org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:58)
>
> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:84)
>
> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:383)
>
> org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:107)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> java.lang.reflect.Method.invoke(Method.java:597)
>
> org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103)
>
> org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136)
>
> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
>
> org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
>
> org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61)
>
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
> org.springframework.webflow.engine.State.enter(State.java:200)
>
> org.springframework.webflow.engine.Transition.execute(Transition.java:229)
>
> org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
> org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
>
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
> org.springframework.webflow.engine.State.enter(State.java:200)
>
> org.springframework.webflow.engine.Transition.execute(Transition.java:229)
>
> org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
> org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
>
> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
>
> org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245)
>
> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
>
> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172)
>
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
>
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
>
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
>
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
>
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
>
> note La trace complète de la cause mère de cette erreur est disponible
> dans les fichiers journaux de Apache Tomcat/5.5.26.
> Apache Tomcat/5.5.26
>
> ------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:p="http://www.springframework.org/schema/p"
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
> <bean id="authenticationManager"
> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
> <property name="credentialsToPrincipalResolvers">
> <list>
> <bean
>
>
> class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> />
> <bean
>
>
> class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> />
> </list>
> </property>
>
> <property name="authenticationHandlers">
> <list>
> <bean
>
> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> p:httpClient-ref="httpClient" />
> <!-- BEGIN: Company AD EUROPE Handler -->
> <bean
> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
> <property name="filter" value="sAMAccountName=%u" />
> <property name="searchBase"
> value="OU=Subsidiaries,DC=eu,DC=company,DC=com" />
> <property name="contextSource" ref="contextSourceEU" />
> <property name="ignorePartialResultException" value="yes" />
> </bean>
> <!-- END: Company AD EUROPE Handler -->
>
> <!-- BEGIN: Company AD AMERICA Handler -->
> <bean
> class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
> <property name="filter" value="sAMAccountName=%u" />
> <property name="searchBase"
> value="OU=Subsidiaries,DC=am,DC=company,DC=com" />
> <property name="contextSource" ref="contextSourceAM" />
> <property name="ignorePartialResultException" value="yes" />
> </bean>
> <!-- END: Company AD AMERICA Handler -->
>
> </list>
> </property>
> </bean>
>
> <!-- BEGIN: Company AD EUROPE AuthenticatedLdapContextSource -->
> <bean id="contextSourceEU"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> <property name="urls">
> <list>
> <value>ldap://sdceuces01.eu.company.com/</value>
> </list>
> </property>
> <property name="userName" value="CN=eu_svc,OU=System
> Services,OU=Users,OU=Users
> Groups,OU=FRA,OU=Subsidiaries,DC=eu,DC=company,DC=com"/>
> <property name="password" value="***********"/>
> <property name="baseEnvironmentProperties">
> <map>
> <entry>
> <key>
> <value>java.naming.security.authentication</value>
> </key>
> <value>simple</value>
> </entry>
> </map>
> </property>
> </bean>
> <!-- END: Company AD EUROPE AuthenticatedLdapContextSource -->
>
> <!-- BEGIN: Company AD AMERICA AuthenticatedLdapContextSource -->
> <bean id="contextSourceAM"
> class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> <property name="urls">
> <list>
> <value>ldap://sdcamces01.am.company.com/</value>
> </list>
> </property>
> <property name="userName" value="CN=am_svc,OU=System
> Services,OU=Users,OU=Users
> Groups,OU=USA,OU=Subsidiaries,DC=am,DC=company,DC=com"/>
> <property name="password" value="**************"/>
> <property name="baseEnvironmentProperties">
> <map>
> <entry>
> <key>
> <value>java.naming.security.authentication</value>
> </key>
> <value>simple</value>
> </entry>
> </map>
> </property>
> </bean>
> <!-- END: Company AD AMERICA AuthenticatedLdapContextSource -->
>
> <bean id="userDetailsService"
> class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
> <property name="userMap">
> <value>
> </value>
> </property>
> </bean>
>
> <bean id="attributeRepository"
> class="org.jasig.services.persondir.support.StubPersonAttributeDao">
> <property name="backingMap">
> <map>
> <entry key="uid" value="uid" />
> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
> <entry key="groupMembership" value="groupMembership" />
> </map>
> </property>
> </bean>
>
> <bean
> id="serviceRegistryDao"
> class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
> </beans>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080918/bde556c4/attachment.html
More information about the cas
mailing list