I'm using 5.3 version and I've configured CAS for delegating authentication to an external Oauth server. My cas.properties looks like:
cas.authn.pac4j.oauth2[0].clientName=oauth1
cas.authn.pac4j.oauth2[0].id=
cas.authn.pac4j.oauth2[0].secret=
cas.authn.pac4j.oauth2[0].authUrl=https://xxxxxxxxxxx/sso/oauth/controller/Server/action/authorize/
cas.authn.pac4j.oauth2[0].tokenUrl=https://xxxxxxxx/sso/oauth/controller/Server/action/token/
cas.authn.pac4j.oauth2[0].profileUrl=https://xxxxxxxx/sso/oauth/controller/Server/action/profile/?fields=username
cas.authn.pac4j.oauth2[0].principalAttributeId=username
In terms of service (JSON) this is the configuration:
{
#class: org.apereo.cas.services.RegexRegisteredService
serviceId: ID
name: name
theme: default
id: 1
description: name
logoutType: FRONT_CHANNEL
attributeReleasePolicy:
{
"#class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
logoutUrl: https://yyyyyy/logout
accessStrategy:
{
#class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
order: 0
enabled: true
ssoEnabled: true
delegatedAuthenticationPolicy:
{
"#class": "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy"
"allowedProviders" : [ "java.util.ArrayList", [ "oauth1" ] ]
}
requireAllAttributes: false
caseInsensitive: false
}
}
CAS is able to get properly the information from Oauth protocol but when it tries to get the Principal, the answer is always:`
2019-10-31 14:37:41,070 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording authentication handler result success under key [ClientAuthenticationHandler]>
2019-10-31 14:37:41,070 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication handler [ClientAuthenticationHandler] successfully authenticated [ClientCredential(typedIdUsed=false, userProfile=#OAuth20Profile# | id: null | attributes: {access_token=8b2eaaa3c8d3d51233df5da4047889c8530a7df4, username=apotheke_alphega} | roles: [] | permissions: [] | isRemembered: false | clientName: oauth1 | linkedId: null |, credentials=#OAuth20Credentials# | code: 5f0d498cfc347b66de544d98ce309d5f1f200716 | accessToken: com.github.scribejava.core.model.OAuth2AccessToken#3b3a98c |, clientName=oauth1)]>
2019-10-31 14:37:41,074 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Configured single-row JDBC attribute repository for [jdbc:mysql://b2bde-uat-db02.mysql.database.azure.com/lr_b2b_core?useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC&useSSL=true]>
2019-10-31 14:37:41,086 WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[ClientAuthenticationHandler] is configured to use [ChainingPrincipalResolver(principalFactory=org.apereo.cas.authentication.principal.DefaultPrincipalFactory#1, chain=[EchoingPrincipalResolver(), PersonDirectoryPrincipalResolver(attributeRepository=org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl#63f2c17b, principalFactory=org.apereo.cas.authentication.principal.DefaultPrincipalFactory#1, returnNullIfNoAttributes=true, principalNameTransformer=org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver$$Lambda$130/1783977388#2488625b, principalAttributeNames=username, useCurrentPrincipalId=true)])] but it does not support [ClientCredential(typedIdUsed=false, userProfile=#OAuth20Profile# | id: null | attributes: {access_token=8b2eaaa3c8d3d51233df5da40478df4, username=user} | roles: [] | permissions: [] | isRemembered: false | clientName: oauth1 | linkedId: null |, credentials=#OAuth20Credentials# | code: 5f0d498cfc347b66de544d98ce30916 | accessToken: com.github.scribejava.core.model.OAuth2AccessToken#3b3a98c |, clientName=oauth1)], which suggests a configuration problem.>
2019-10-31 14:37:41,087 WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Principal resolution handled by [$Proxy401] produced a null principal. This is likely due to misconfiguration or missing attributes; CAS will attempt to use the principal produced by the authentication handler, if any.>
2019-10-31 14:37:41,087 WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Principal resolution for authentication by [ClientAuthenticationHandler] produced a null principal.>
2019-10-31 14:37:41,087 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Final principal resolved for this authentication event is [null]>
Could you help me? I'm very block and I can't find any real example
Kind Regards
Related
I am using the following python code to create a service group
import json
import requests
url = 'http://localhost:4041/iot/services'
headers = {'Content-Type': "application/json", 'fiware-service': "openiot", 'fiware-servicepath': "/mtp"}
data = {
"services": [
{
"apikey": "456dgffdg56465dfg",
"cbroker": "http://orion:1026",
"entity_type": "Door",
#resource attribute is left blank since HTTP communication is not being used
"resource": ""
}
]
}
res = requests.post(url, json=data, headers=headers)
#print(res.status_code)
if res.status_code == 201:
print("Created")
elif res.status_code == 409:
print("A resource cannot be created because it already exists")
else:
print (res.raise_for_status())
But when trying to provision an actuator I get a bad request 400 error with the code below:
import json
import requests
url = 'http://localhost:4041/iot/devices'
headers = {'Content-Type': "application/json", 'fiware-service': "openiot", 'fiware-servicepath': "/mtp"}
data = {
"devices": [
{
"device_id": "door003",
"entity_name": "urn:ngsi-ld:Door:door003",
"entity_type": "Door",
"protocol": "PDI-IoTA-UltraLight",
"transport": "MQTT",
"commands": [
{"name": "unlock","type": "command"},
{"name": "open","type": "command"},
{"name": "close","type": "command"},
{"name": "lock","type": "command"}
],
"attributes": [
{"object_id": "s", "name": "state", "type":"Text"}
]
}
]
}
res = requests.post(url, json=data, headers=headers)
#print(res.status_code)
if res.status_code == 201:
print("Created")
elif res.status_code == 409:
print("Entity cannot be created because it already exists")
else:
print (res.raise_for_status())
Here is the error message I get in console.
iot-agent | time=2021-02-17T11:39:44.132Z | lvl=DEBUG | corr=16f27639-49c2-4419-a926-2433805dbdb3 | trans=16f27639-49c2-4419-a926-2433805dbdb3 | op=IoTAgentNGSI.GenericMiddlewares | from=n/a | srv=smartdoor | subsrv=/mtp | msg=Error [BAD_REQUEST] handling request: Request error connecting to the Context Broker: 501 | comp=IoTAgent
iot-agent | time=2021-02-17T11:39:44.133Z | lvl=DEBUG | corr=390f5530-f537-4efa-980a-890a44153811 | trans=390f5530-f537-4efa-980a-890a44153811 | op=IoTAgentNGSI.DomainControl | from=n/a | srv=smartdoor | subsrv=/mtp | msg=response-time: 29 | comp=IoTAgent
What is strange is that if a remove the commands from the payload the device provisioning works fine. Is there something am I doing wrong while trying to provision an actuator (not a sensor)?
IoT Agent version:
{"libVersion":"2.14.0-next","port":"4041","baseRoot":"/","version":"1.15.0-next"}
Orion version:
{
"orion" : {
"version" : "2.2.0",
"uptime" : "0 d, 0 h, 59 m, 18 s",
"git_hash" : "5a46a70de9e0b809cce1a1b7295027eea0aa757f",
"compile_time" : "Thu Feb 21 10:28:42 UTC 2019",
"compiled_by" : "root",
"compiled_in" : "442fc4d225cf",
"release_date" : "Thu Feb 21 10:28:42 UTC 2019",
"doc" : "https://fiware-orion.rtfd.io/en/2.2.0/"
}
}
My docker-compose file looks as follows:
iot-agent:
image: fiware/iotagent-ul:latest
hostname: iot-agent
container_name: iot-agent
restart: unless-stopped
depends_on:
- mongo-db
networks:
- default
expose:
- "4041"
ports:
- "4041:4041"
environment:
- IOTA_CB_HOST=orion
- IOTA_CB_PORT=1026
- IOTA_NORTH_PORT=4041
- IOTA_REGISTRY_TYPE=mongodb
- IOTA_LOG_LEVEL=DEBUG
- IOTA_TIMESTAMP=true
- IOTA_CB_NGSI_VERSION=v2
- IOTA_AUTOCAST=true
- IOTA_MONGO_HOST=mongo-db
- IOTA_MONGO_PORT=27017
- IOTA_MONGO_DB=iotagentul
- IOTA_PROVIDER_URL=http://iot-agent:4041
- IOTA_MQTT_HOST=mosquitto
- IOTA_MQTT_PORT=1883
Thanks in advance.
Regards,
I have parse-server and parse-dashboard installed with pm2 in docker container in my synology nas as below:
+------+ +-------------+
| +NIC1 (192.168.1.100) <--> Router <--> (192.168.1.2) NIC1 + |
| PC | | DSM |
| +NIC2 (10.10.0.100) <--Peer-2-Peer---> (10.10.0.2) NIC2 + |
+------+ | [DOCKER] |
|(172.17.0.2) |
+-------------+
for reference: for pm2 setup, i'm following: this tutorial
here is my parse-server and parse-dashboard pm2 ecosystem (defined in pm2's ecosystem.json):
{
"apps" : [{
"name" : "parse-wrapper",
"script" : "/usr/bin/parse-server",
"watch" : true,
"merge_logs" : true,
"cwd" : "/home/parse",
"args" : "--serverURL http://localhost:1337/parse",
"env": {
"PARSE_SERVER_CLOUD_CODE_MAIN": "/home/parse/cloud/main.js",
"PARSE_SERVER_DATABASE_URI": "mongodb://localhost/test",
"PARSE_SERVER_APPLICATION_ID": "aeb932b93a9125c19df2fcaf3fd69fcb",
"PARSE_SERVER_MASTER_KEY": "358898112f354f8db593ea004ee88fed",
}
},{
"name" : "parse-dashboard-wrapper",
"script" : "/usr/bin/parse-dashboard",
"watch" : true,
"merge_logs" : true,
"cwd" : "/home/parse/parse-dashboard",
"args" : "--config /home/parse/parse-dashboard/config.json --allowInsecureHTTP=1"
}]
}
here is my parse-dashboard config: /home/parse/parse-dashboard/config.json
{
"apps": [{
"serverURL": "http://172.17.0.2:1337/parse",
"appId": "aeb932b93a9125c19df2fcaf3fd69fcb",
"masterKey": "358898112f354f8db593ea004ee88fed",
"appName": "Parse Server",
"iconName": "",
"primaryBackgroundColor": "",
"secondaryBackgroundColor": ""
}],
"users": [{
"user": "user",
"pass": "1234"
}],
"iconsFolder": "icons"
}
once you run: pm2 start ecosystem.json
here is parse-server log: pm2 logs 0
masterKey: ***REDACTED***
serverURL: http://localhost:1337/parse
masterKeyIps: []
logsFolder: ./logs
databaseURI: mongodb://localhost/test
userSensitiveFields: ["email"]
enableAnonymousUsers: true
allowClientClassCreation: true
maxUploadSize: 20mb
customPages: {}
sessionLength: 31536000
expireInactiveSessions: true
revokeSessionOnPasswordReset: true
schemaCacheTTL: 5000
cacheTTL: 5000
cacheMaxSize: 10000
objectIdSize: 10
port: 1337
host: 0.0.0.0
mountPath: /parse
scheduledPush: false
collectionPrefix:
verifyUserEmails: false
preventLoginWithUnverifiedEmail: false
enableSingleSchemaCache: false
jsonLogs: false
verbose: false
level: undefined
[1269] parse-server running on http://localhost:1337/parse
here is parse-dashboard log: pm2 logs 1
The dashboard is now available at http://0.0.0.0:4040/
once it's run, i can access 192.168.1.2:1337/parse (which will return {"error":"unauthorized"})
and i can access 192.168.1.2:4040
but it return:
Server not reachable: unable to connect to server
i see a lot of this issue can be solve by changing parse-dashboard config "serverURL": "http://localhost:1337/parse" to "serverURL": "http://172.17.0.2:1337/parse"
but to me, it's still no luck...
any idea what i've been missing here?
so apparently, my /home/parse/parse-dashboard/config.json:
"serverURL": "http://172.17.0.2:1337/parse"
should point to my DSM machine which is:
"serverURL": "http://192.168.1.2:1337/parse"
org.springframework.security.access.AccessDeniedException: Access is denied
at grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager.decide(AuthenticatedVetoableDecisionManager.java:43)
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:53)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Getting this error while trying to view different pages on the website.
Whenever after logging in I try to visit one of the pages I get this error in the log window in IntelliJ Idea ultimate. I am using secured annotation.
2015-12-28 09:48:54,527 [http-bio-8080-exec-12] DEBUG intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /list.html; Attributes: [_DENY_]
2015-12-28 09:48:54,527 [http-bio-8080-exec-12] DEBUG intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken#fec5dc2f: Principal: grails.plugin.springsecurity.userdetails.GrailsUser#586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails#2eb76: RemoteIpAddress: 127.0.0.1; SessionId: B3587266591A115997973363DF758EB8; Granted Authorities: ROLE_USER, ROLE_ADMIN
2015-12-28 09:48:54,527 [http-bio-8080-exec-12] DEBUG hierarchicalroles.RoleHierarchyImpl - getReachableGrantedAuthorities() - From the roles [ROLE_USER, ROLE_ADMIN] one can reach [ROLE_USER, ROLE_ADMIN] in zero or more steps.
2015-12-28 09:48:54,557 [http-bio-8080-exec-12] DEBUG access.ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandler
Message: Access is denied
Line | Method
->> 43 | decide in grails.plugin.springsecurity.access.vote.AuthenticatedVetoableDecisionManager
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 53 | doFilter in grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter
| 62 | doFilter in grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter
| 1142 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 617 | run . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run in java.lang.Thread
2015-12-28 09:48:54,559 [http-bio-8080-exec-12] DEBUG filter.UrlMappingsFilter - Executing URL mapping filter...
2015-12-28 09:48:54,649 [http-bio-8080-exec-12] DEBUG filter.UrlMappingsFilter - Matched URI [/login/denied] to URL mapping [/(*)/(*)?/(*)?(.(*))?], forwarding to [/grails/login/denied.dispatch] with response [class org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper]
2015-12-28 09:48:54,649 [http-bio-8080-exec-12] DEBUG context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed.
Can anyone please tell me what I can look at to check for the issue. I have tried to change the config.groovy files, URLmapping.groovy files.
Here is my config.groovy
grails.app.context='/'
// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.dtech.security.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.dtech.security.UserRole'
grails.plugin.springsecurity.authority.className = 'com.dtech.security.Role'
grails.plugin.springsecurity.failureHandler.defaultFailureUrl='/?login_error=1'
grails.plugin.springsecurity.auth.loginFormUrl='/' //send to index page for login
//redirect to Dynics home page on logout
grails.plugin.springsecurity.logout.afterLogoutUrl='http://www.google.com'
//grails.plugin.springsecurity.failureHandler.useForward=false
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/' : ['permitAll'],
'/index' : ['permitAll'],
'/index.gsp' : ['permitAll'],
'/assets/**' : ['permitAll'],
'/**/js/**' : ['permitAll'],
'/**/css/**' : ['permitAll'],
'/**/images/**' : ['permitAll'],
'/**/favicon.ico' : ['permitAll'],
//'/api/**' : ['permitAll'],
'/rmalog/**' : ['ROLE_ADMIN','ROLE_USER'],
'/api/rmalog/**' : ['ROLE_ADMIN','ROLE_USER'],
Here is my controller with the annotation
package com.dtech.controllers
import com.dtech.PagedRestfulController
import com.dtech.domain.Rmalog
import grails.plugin.springsecurity.annotation.Secured
import org.codehaus.groovy.grails.commons.GrailsApplication
#Secured(['ROLE_ADMIN','ROLE_USER'])
class RmalogController extends PagedRestfulController {
def exportService
GrailsApplication grailsApplication
RmalogController(){
super(Rmalog)
}
def export(){
if(params?.formatRequest && params.formatRequest != "html"){
if(!params.max) params.max = 15000 //set max for records export
response.contentType = grailsApplication.config.grails.mime.types[params.formatRequest]
response.setHeader("Content-disposition", "attachment; filename=rmalog.${params.extension}")
def exportData = loadPagedResults(params);
exportService.export(params.formatRequest,
response.outputStream, exportData, [:], [:])
}
}
}
Here is my viewSource for rmalog
<!DOCTYPE html>
<html>
<head>
<meta name="layout" content="angular"/>
<asset:javascript src="dynics-app/rmalog/module"/>
</head>
<body ng-app="dynicsApp.rmalog">
</body>
</html>
By default access is denied to all URLs unless there's a rule for the requested URL. Read the docs for more info.
Your error indicates that access to /list.html was denied, which makes sense because nothing in the staticRules map covers that URL, and you didn't mention any annotation in the controller that handles that URL.
I am trying neo4j plugin and I created a simple test as follows:
package com.iibs.graph
import groovy.util.GroovyTestCase
import com.iibs.graph.Node
public class NodeTests extends GroovyTestCase {
void testCRUD() {
Node.deleteAll(Node.list())
Node node = new Node(name: "Name")
node.save(flush: true, failOnError: true)
Node found = Node.findByName("Name")
assert found instanceof Node
assert found.getName() == "Name"
assert found.node instanceof org.neo4j.graphdb.Node
}
}
Based on the documentation: http://projects.spring.io/grails-data-mapping/neo4j/manual/ref/Additional%20Gorm%20Methods/getNode.html
this test is expected to pass without any problems, however I am getting the following error:
| Failure: testCRUD(com.iibs.graph.NodeTests)
| Assertion failed:
assert found.node instanceof org.neo4j.graphdb.Node
| | |
| null false
com.iibs.graph.Node(Name)
at com.iibs.graph.NodeTests.testCRUD(NodeTests.groovy:20)
at junit.framework.TestCase.runTest(TestCase.java:176)
at junit.framework.TestCase.runBare(TestCase.java:141)
at junit.framework.TestResult$1.protect(TestResult.java:122)
at junit.framework.TestResult.runProtected(TestResult.java:142)
at junit.framework.TestResult.run(TestResult.java:125)
at junit.framework.TestCase.run(TestCase.java:129)
at junit.framework.TestSuite.runTest(TestSuite.java:255)
at junit.framework.TestSuite.run(TestSuite.java:250)
| Completed 1 integration test, 1 failed in 0m 1s
Am I using the API in a wrong way?
Also, if I changing the last assertion line to:
assert found.getNode() instanceof org.neo4j.graphdb.Node
The error is different:
Failure: testCRUD(com.iibs.graph.NodeTests)
| groovy.lang.MissingMethodException: No signature of method: com.iibs.graph.Node.getNode() is applicable for argument types: () values: []
Possible solutions: getName(), getId(), setName(java.lang.String), getMongo(), getAll(), getCount()
at com.iibs.graph.NodeTests.testCRUD(NodeTests.groovy:20)
at junit.framework.TestCase.runTest(TestCase.java:176)
at junit.framework.TestCase.runBare(TestCase.java:141)
at junit.framework.TestResult$1.protect(TestResult.java:122)
at junit.framework.TestResult.runProtected(TestResult.java:142)
at junit.framework.TestResult.run(TestResult.java:125)
at junit.framework.TestCase.run(TestCase.java:129)
at junit.framework.TestSuite.runTest(TestSuite.java:255)
at junit.framework.TestSuite.run(TestSuite.java:250)
| Completed 1 integration test, 1 failed in 0m 2s
As shown in the error, one of the proposed solutions is to use getMongo. What does it have to do with mongo. Here is my entity:
package com.iibs.graph
import groovy.transform.ToString;
#ToString(includes='name')
class Node {
String name
static mapWith = "neo4j"
static constraints = {
}
}
Thanks,
The docs for the plugin have not yet been updated for 2.x - it's the first milestone.
In short, domain instances no longer have a node property since we're relying on Cypher internally only. The id property of the domain instance refers to the __id__ property on the node in the graph.
I have a Grails application with spring-security-ldap plugin installed and configured with Active Directory specific options.
Grails version: 2.1.1.
spring-security-core plugin version: 2.0-RC2
spring-security-ldap plugin version: 2.0-RC2
Everything works fine: users log in to the application validating against the Active Directory and their groups are retrieved in order to control the access to the different pages.
My problem: "remember me" option doesn't work. I have configured the application in order to use "remember me" option and I have run the s2-create-persistent-token command. I have also activated the specific traces.
Everything works fine: the user successfully logs in to the application with the "remember me" option checked, the token is created and the cookie is sent to the client. The user closes the browser and then reopens it. At this point, the application successfully validates that the user in the cookie matches with the user in the persistent token.
Then I can see this in the log
userdetails.LdapUserDetailsManager - Loading user 'sAMAccountName' with DN 'cn=sAMAccountName,dc=company,dc=country'
rememberme.PersistentTokenBasedRememberMeServices - Remember-me login was valid but corresponding user not found.
Message: User sAMAccountName not found
Line | Method
->> 49 | doFilter in grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 82 | doFilter in grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter
| 886 | runTask in java.util.concurrent.ThreadPoolExecutor$Worker
| 908 | run in ''
^ 619 | run . . in java.lang.Thread
Caused by NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=company,DC=country'
The first log line shows a not valid DN for the user. The DN for the user is something like this
cn=name,ou=a group,ou=a super group,dc=company,dc=country
Could be that the problem? How can I solve it?
My configuration
// Spring Security
grails.plugin.springsecurity.logout.postOnly = false
// Spring Security LDAP
grails.plugin.springsecurity.ldap.context.managerDn = 'CN="a user",OU="a group",DC="company",DC="country"'
grails.plugin.springsecurity.ldap.context.managerPassword = '"password"'
grails.plugin.springsecurity.ldap.context.server = 'ldap://"server":389'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base = 'dc="company",dc="country"'
grails.plugin.springsecurity.ldap.search.filter="sAMAccountName={0}"
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.ldap.search.attributesToReturn = ['dn', 'cn', 'ou', 'givenName', 'sn', 'department']
grails.plugin.springsecurity.ldap.authenticator.attributesToReturn = ['dn', 'cn', 'ou', 'givenName', 'sn', 'department']
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider', 'rememberMeAuthenticationProvider']
// role-specific LDAP config
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'dc="company",dc="country"'
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = '(member:1.2.840.113556.1.4.1941:={0})' // Active Directory specific
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/home'
grails.plugin.springsecurity.rememberMe.persistent = true
grails.plugin.springsecurity.rememberMe.persistentToken.domainClassName = 'censo.auth.PersistentLogin'
grails.plugin.springsecurity.ldap.useRememberMe = true
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.groupMemberAttributeName = 'member'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.groupRoleAttribute = 'CN'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.groupSearchBase = 'OU="another group",dc="company",dc="country"'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.passwordAttributeName = 'userPassword'
grails.plugin.springsecurity.ldap.rememberMe.usernameMapper.userDnBase = 'dc="company",dc="country"'
grails.plugin.springsecurity.ldap.rememberMe.usernameMapper.usernameAttribute = 'cn'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.attributesToRetrieve = null
Thank you in advance