AD Shibboleth Authentication
IAM David Bantz
dabantz at alaska.edu
Fri Oct 18 13:52:06 EDT 2019
I use the JAAS config to AD as well.
The logger org.ldaptive.auth provides detail about the AD responses to
authN requests if set to DEBUG
(including, IIRC, detail data code that indicates the reason for authN
failure - 532=expired pwd, 52e=bad pwd, 701=expired acct, etc.).
David Bantz
UA OIT IAM
On Fri, Oct 18, 2019 at 9:06 AM Peter Schober <peter.schober at univie.ac.at>
wrote:
> * Christopher Bland <chris at fdu.edu> [2019-10-18 18:31]:
> > I have a cluster of IDPs which use the JAAS config to authenticate
> > users against AD. My jaas.config uses bindDN with bindCredential
> > and works fine. My question is on the AD side. I am not seeing any
> > kind of log for authentication being create in AD. I am wondering
> > what kind of experiences other admins have with regard to tracking
> > user authentications in AD?
>
> No idea but with non-JAAS you have logs for those events from the IDP
> itself:
>
> 2019-10-18 17:03:35,132 - $IPADDR - INFO
> [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:166]
> - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by '$USER'
> failed
>
> 2019-10-18 17:03:40,218 - $IPADDR - INFO
> [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:152]
> - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by '$USER'
> succeeded
>
> -peter
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191018/19e9e370/attachment.html>
More information about the users
mailing list