[03:48:24 CDT(-0500)] <andrei_> Hi everyone, I configured CAS to connect to MySQL database. Password is encrypted with MD5 and I need to configure CAS to encrypt password. Here http://pastebin.com/jKTHmtR5 is my deployerConfigContext.xml and here http://pastebin.com/nd9zRRbM is Tomcat errors related to this config. When I remove line "<property name="passwordEncoder" ref="passwordEncoder" />" from deployerConfigContext.xml tomcat does not give errors
[03:48:41 CDT(-0500)] <andrei_> But I can login with MD5 hash as password
[03:49:06 CDT(-0500)] <andrei_> I don't understand if this is a config problem or something related to CAS dependencies. I'm not a JAVA developer so its a little bit hard for me to track this error
[12:07:43 CDT(-0500)] <brandon> hey serac
[12:07:49 CDT(-0500)] <serac> hi
[12:07:54 CDT(-0500)] <brandon> you were helping me with ldap yesterday
[12:08:04 CDT(-0500)] <serac> yes
[12:08:29 CDT(-0500)] <brandon> i have my certificates in order and I'm not seeing any SSL errors now
[12:08:35 CDT(-0500)] <brandon> but it still won't authenticate
[12:09:01 CDT(-0500)] <serac> Are you seeing errors of any kind?
[12:09:01 CDT(-0500)] <brandon> only thing in the logs is an INFO message: uthentication.AuthenticationManagerImpl.[] - AuthenticationHandler: org.jasig.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler failed to authenticate the user which provided the following credentials: [username: staff147]
[12:09:29 CDT(-0500)] <brandon> i was wondering, should it be sending any other credentials besides username?
[12:09:56 CDT(-0500)] <serac> It uses the password as well but it's not logged to avoid disclosure.
[12:10:11 CDT(-0500)] <serac> Send me a pastebin of logs for auth attempt.
[12:11:54 CDT(-0500)] <brandon> http://pastebin.com/3eszESKB
[12:13:20 CDT(-0500)] <serac> You may have to begin troubleshooting on the AD side.
[12:13:35 CDT(-0500)] <serac> This is pretty clearly an authentication failure at this point.
[12:13:59 CDT(-0500)] <serac> You may try authentication using a tool like LDP or whatever its modern equivalent is.
[12:14:06 CDT(-0500)] <brandon> ok, here's my deployerConfigContext.xml file
[12:14:08 CDT(-0500)] <brandon> http://pastebin.com/7AfFvnrF
[12:14:16 CDT(-0500)] <serac> A Microsoft-specific LDAP tool may provide better diagnostics.
[12:14:25 CDT(-0500)] <brandon> the only changes i made were what was in the tutorial on the wiki
[12:14:33 CDT(-0500)] <brandon> does it look like there are any errors?
[12:15:20 CDT(-0500)] <serac> Try one thing real quick:
[12:15:55 CDT(-0500)] <serac> Add the following to your LdapContextSource bean:
[12:15:55 CDT(-0500)] <serac> <property name="baseEnvironmentProperties"> <map> <
| Wiki Markup |
|---|
!-- Three seconds is an eternity to users. --> <entry key="com.sun.jndi.ldap.connect.timeout" value="3000" /> <entry key="com.sun.jndi.ldap.read.timeout" value="3000" /> <! |
-- Explained at http://download.oracle.com/javase/1.3/docs/api/javax/naming/Context.html#SECURITY_AUTHENTICATION --> <entry key="java.naming.securi
[12:16:10 CDT(-0500)] <serac> I just copied and pasted from https://wiki.jasig.org/display/CASUM/LDAP.
[12:16:34 CDT(-0500)] <serac> The intent is to explicitly request simple authentication.
[12:17:57 CDT(-0500)] <brandon> ok
[12:23:45 CDT(-0500)] <brandon> nope, still didn't authenticate
[12:24:09 CDT(-0500)] <serac> Time to diagnose on the AD side, then.
[12:24:13 CDT(-0500)] <serac> Good luck.
[12:25:06 CDT(-0500)] <brandon> ok, thanks
[20:32:04 CDT(-0500)] <Guest241> hi
[20:32:09 CDT(-0500)] <Guest241> anyone here?
[21:47:28 CDT(-0500)] <Guest241> hi , ?