I don’t think that actually works the way you describe. You are telling CAS that the only way an authentication event can success is if handler X succeeds. In your case, it never does.
If your use case is, “I only want this handler to run for this service, and that handler for that service”, then that does not exist in CAS yet. It’s on the roadmap. https://wiki.jasig.org/display/CAS/CAS+4.3+Roadmap#CAS4.3Roadmap-AuthenticationPerService <https://wiki.jasig.org/display/CAS/CAS+4.3+Roadmap#CAS4.3Roadmap-AuthenticationPerService> - Misagh > On Dec 1, 2015, at 9:43 AM, Artur Stöcklin <[email protected]> wrote: > > hello community > > I currently fight with the following problem: > > 1. in classpath:/services/service1.json I put the following file: > > { > "@class" : "org.jasig.cas.services.RegexRegisteredService", > "serviceId" : "^(http|https)://localhost.*", > "description" : "cool service", > "name" : "coolService", > "id" : 1, > "theme" : "testtheme", > "logoutType" : "BACK_CHANNEL", > "evaluationOrder" : 1, > "accessStrategy" : { > "@class" : > "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", > "enabled" : true, > "ssoEnabled" : true > }, > "requiredHandlers" : [ "java.util.HashSet", [ "hfcAuthenticationHandler2" ] > ] > > } > > CAS reads the file and creates the associated service. I can see the service > in the JsonServiceRegistryDao. There is also the "hfcAuthenticationHandler2" > name in the Set of given requiredHandlers. > > > 2. The deployerConfigContext.xml file looks like this one: > > <bean id="authenticationManager" > class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> > <constructor-arg> > <map> > <!-- > | IMPORTANT > | Every handler requires a unique name. > | If more than one instance of the same handler class is > configured, you must explicitly > | set its name to something other than its default name > (typically the simple class name). > --> > <entry key-ref="proxyAuthenticationHandler" > value-ref="proxyPrincipalResolver" /> > <!-- <entry key-ref="primaryAuthenticationHandler" > value-ref="primaryPrincipalResolver" /> --> > > <entry key-ref="hfcAuthenticationHandler" > value-ref="primaryPrincipalResolver" /> > <entry key-ref="hfcAuthenticationHandler2" > value-ref="primaryPrincipalResolver" /> > </map> > </constructor-arg> > > <!-- Uncomment the metadata populator to capture the password. > <property name="authenticationMetaDataPopulators"> > <util:list> > <bean > class="org.jasig.cas.authentication.CacheCredentialsMetaDataPopulator"/> > </util:list> > </property> > --> > > <!-- > | Defines the security policy around authentication. Some > alternative policies that ship with CAS: > | > | * NotPreventedAuthenticationPolicy - all credential must either > pass or fail authentication > | * AllAuthenticationPolicy - all presented credential must be > authenticated successfully > | * RequiredHandlerAuthenticationPolicy - specifies a handler that > must authenticate its credential to pass > --> > <property name="authenticationPolicy"> > <bean > class="org.jasig.cas.authentication.RequiredHandlerAuthenticationPolicy" > c:requiredHandlerName="hfcAuthenticationHandler" > p:tryAll="false"/> > </property> > > <!-- > <property name="authenticationPolicy"> > <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" > /> > </property> > --> > </bean> > <bean id="hfcAuthenticationHandler" > class="ch.cas.authentication.handler.HFCAuthenticationHandler" > p:name="hfcAuthenticationHandler"> > </bean> > > <bean id="hfcAuthenticationHandler2" > class="ch.cas.authentication.handler.HFCAuthenticationHandler2" > p:name="hfcAuthenticationHandler2"> > </bean> > > <bean id="serviceRegistryDao" > class="org.jasig.cas.services.JsonServiceRegistryDao" > c:configDirectory="${service.registry.config.location}" /> > > When I request the CAS Login page with a CAS client (webapp) which uses the > defined CAS Service (Point 1) the required Handler > (hfcAuthenticationHandler2) is called and returns "success". But CAS still > returns "bad credentials" because the "hfcAuthenticationHandler" defined in > the authenticationPolicy returns "failed". > > When I read the documentation > (http://jasig.github.io/cas/4.1.x/installation/Service-Management.html) I > understand that with the requiredHandlers parameter in the service json file > I can define which handler should return "success" for the given service. If > the defined service handler returns "success" the user should be logged in. > Only when I change the authenticationPolicy to > "c:requiredHandlerName="hfcAuthenticationHandler2" the service login > successes. > > How should I define the requiredHandlers in the json file if I want to > specify the hfcAuthenticationHandler2 for my service which should return > "success" independet from any other AuthenticationHandler defined in > deployerConfigContext.xml which also can return "success"? > I want only the one handler be triggered if the defined CAS client requests > the CAS service from json. > > Thanks in advance > > Artur > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > Visit this group at http://groups.google.com/a/apereo.org/group/cas-user/ > <http://groups.google.com/a/apereo.org/group/cas-user/>. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at http://groups.google.com/a/apereo.org/group/cas-user/.
