Help with LDAP authentication
Rod Widdowson
rdw at steadingsoftware.com
Fri Nov 16 11:38:38 EST 2012
Which version of Java (and which version windows) ? There was a rumour a few months back that this was java version dependant. I
have not been able to reproduce this but I mention it.
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Wynne, David
Sent: 16 November 2012 15:24
To: users at shibboleth.net
Subject: Help with LDAP authentication
I've beenn trying for about a week to get this working.
I'm trying to authenticate with our Microsoft Active Directory service, so the following configs are relevant:
login-config
edu.vt.middleware.ldap.jaas.LdapLoginModule required
ldapUrl="ldap://bydc1.jmu.ac.uk"
baseDn="ou=people, dc=jmu, dc=ac, dc=uk"
ssl="false"
// 16/11/2012 D.Wynne Have to BIND with correct user credentials
bindDn`"cn=XXXXXXXX at jmu.ac.uk"
bindCredential="XXXXXXXX"
With our AD you have to have a valid account in this file as it doesn't allow anonymous binding. If I leave this out I get a java
exception error in idp-process.log. Took me a while to figure that out.
Now I'e uploaded the XML file to testshib & I can access our login page ( login.jsp ). No matter what I type in the Username /
Password field I always get
Credentials not recognised.
I've had a self signed certificate for our Apache server for years but it's different from the IDP build. How do I make the idp one
the same ? Could this be the cause ?
Thanks in advance. Any help appreciated.
There aren't any errors the idp-process.log & I have DEBUG logging for the LDAP connection:
14:38:20.989 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service
shibboleth.AttributeResolver
14:38:21.027 - INFO
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing
configuration for PrincipalConnector plugin with ID: shibTransient
14:38:21.027 - INFO
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing
configuration for PrincipalConnector plugin with ID: saml1Unspec
14:38:21.027 - INFO
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing
configuration for PrincipalConnector plugin with ID: saml2Transient
14:38:21.034 - INFO
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing
configuration for DataConnector plugin with ID: myLDAP
14:38:21.043 - INFO
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing
configuration for AttributeDefinition plugin with ID: email
14:38:21.050 - INFO
[edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing
configuration for AttributeDefinition plugin with ID: transientId
14:38:21.092 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] - Bind with the following parameters:
14:38:21.092 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] - authtype = simple
14:38:21.093 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:76] - dn = XXXXXXXX at jmu.ac.uk
14:38:21.093 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:83] - credential = <suppressed>
14:38:21.385 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:74] - Bind with the following parameters:
14:38:21.386 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:75] - authtype = simple
14:38:21.386 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:76] - dn = XXXXXXXX at jmu.ac.uk
14:38:21.386 - DEBUG [edu.vt.middleware.ldap.handler.DefaultConnectionHandler:83] - credential = <suppressed>
14:38:21.390 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:180] - shibboleth.AttributeResolver service
loaded new configuration
14:38:21.401 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service
shibboleth.AttributeFilterEngine
14:38:21.422 - INFO
[edu.internet2.middleware.shibboleth.common.config.attribute.filtering.AttributeFilterPolicyBeanDefinitionParser:72] - Parsing
configuration for attribute filter policy releaseTransientIdToAnyone
14:38:21.446 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:180] - shibboleth.AttributeFilterEngine service
loaded new configuration
14:38:21.452 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service
shibboleth.SAML1AttributeAuthority
14:38:21.458 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service
shibboleth.SAML2AttributeAuthority
14:38:21.465 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service
shibboleth.RelyingPartyConfigurationManager
14:38:21.541 - INFO
[edu.internet2.middleware.shibboleth.common.config.relyingparty.RelyingPartyConfigurationBeanDefinitionParser:73] - Parsing
configuration for relying party with id: anonymous
14:38:21.541 - INFO
[edu.internet2.middleware.shibboleth.common.config.relyingparty.RelyingPartyConfigurationBeanDefinitionParser:73] - Parsing
configuration for relying party with id: default
14:38:21.564 - INFO [edu.internet2.middleware.shibboleth.common.config.security.AbstractX509CredentialBeanDefinitionParser:63] -
Parsing configuration for X509Filesystem credential with id: IdPCredential
14:38:21.784 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ChainingSignatureTrustEngineBeanDefinitionParser:59]
- Parsing configuration for SignatureChaining trust engine with id: shibboleth.SignatureTrustEngine
14:38:21.785 - INFO
[edu.internet2.middleware.shibboleth.common.config.security.MetadataExplicitKeySignatureTrustEngineBeanDefinitionParser:50] -
Parsing configuration for MetadataExplicitKeySignature trust engine with id: shibboleth.SignatureMetadataExplicitKeyTrustEngine
14:38:21.786 - INFO
[edu.internet2.middleware.shibboleth.common.config.security.MetadataPKIXSignatureTrustEngineBeanDefinitionParser:52] - Parsing
configuration for MetadataPKIXSignature trust engine with id: shibboleth.SignatureMetadataPKIXTrustEngine
14:38:21.787 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ChainingTrustEngineBeanDefinitionParser:59] -
Parsing configuration for Chaining trust engine with id: shibboleth.CredentialTrustEngine
14:38:21.787 - INFO
[edu.internet2.middleware.shibboleth.common.config.security.MetadataExplicitKeyTrustEngineBeanDefinitionParser:48] - Parsing
configuration for MetadataExplicitKey trust engine with id: shibboleth.CredentialMetadataExplictKeyTrustEngine
14:38:21.788 - INFO
[edu.internet2.middleware.shibboleth.common.config.security.MetadataPKIXX509CredentialTrustEngineBeanDefinitionParser:52] - Parsing
configuration for MetadataPKIXX509Credential trust engine with id: shibboleth.CredentialMetadataPKIXTrustEngine
14:38:21.789 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] -
Parsing configuration for SecurityPolicyType security policy with id: shibboleth.ShibbolethSSOSecurityPolicy
14:38:21.794 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] -
Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML1AttributeQuerySecurityPolicy
14:38:21.798 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] -
Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML1ArtifactResolutionSecurityPolicy
14:38:21.800 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] -
Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2SSOSecurityPolicy
14:38:21.803 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] -
Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2AttributeQuerySecurityPolicy
14:38:21.804 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] -
Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2ArtifactResolutionSecurityPolicy
14:38:21.806 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] -
Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2SLOSecurityPolicy
14:38:22.429 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:180] -
shibboleth.RelyingPartyConfigurationManager service loaded new configuration
14:38:22.435 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service
shibboleth.HandlerManager
14:38:22.448 - INFO [edu.internet2.middleware.shibboleth.common.config.profile.JSPErrorHandlerBeanDefinitionParser:46] - Parsing
configuration for JSP error handler.
14:38:22.449 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: Status
14:38:22.450 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: SAMLMetadata
14:38:22.453 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: ShibbolethSSO
14:38:22.454 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: SAML1AttributeQuery
14:38:22.455 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: SAML1ArtifactResolution
14:38:22.457 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: SAML2SSO
14:38:22.458 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: SAML2SSO
14:38:22.458 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: SAML2SSO
14:38:22.458 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: SAML2SSO
14:38:22.459 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: SAML2ECP
14:38:22.460 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: SAML2AttributeQuery
14:38:22.461 - INFO
[edu.internet2.middleware.shibboleth.common.config.profile.AbstractRequestURIMappedProfileHandlerBeanDefinitionParser:43] - Parsing
configuration for profile handler: SAML2ArtifactResolution
14:38:22.602 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:180] - shibboleth.HandlerManager service loaded
new configuration
14:38:40.654 - INFO [Shibboleth-Access:74] - 20121116T143840Z|150.204.48.5|java.cms.livjm.ac.uk:443|/profile/SAML2/Redirect/SSO|
Dave Wynne
Senior Technical Officer
School Of Computing & Maths
James Parsons Building
Liverpool John Moores University
Byrom Street
Liverpool L3 3AF
_____
Important Notice: the information in this email and any attachments is for the sole use of the intended recipient(s). If you are not
an intended recipient, or a person responsible for delivering it to an intended recipient, you should delete it from your system
immediately without disclosing its contents elsewhere and advise the sender by returning the email or by telephoning a number
contained in the body of the email. No responsibility is accepted for loss or damage arising from viruses or changes made to this
message after it was sent. The views contained in this email are those of the author and not necessarily those of Liverpool John
Moores University.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121116/11647ea8/attachment-0001.html
More information about the users
mailing list