Share logs please.
From: Claude Viéville [mailto:[email protected]] Sent: Monday, June 13, 2016 11:19 AM To: jasig-cas-user <[email protected]> Cc: [email protected]; [email protected] Subject: Re: [cas-user] JSON Service for CAS Client does not follow success message of required Handler Hello Community, I would like to continue this discussion as I think I have observed the same behavior. Cas Version 4.2 Tomcat 8 In my case, Cas is configured with jpaServiceRegistryDao instead of jsonServiceRegistryDao. I also have 2 UserNamePasswordHandlers declared in deployerConfigContext.xml (ldapAuthenticationHandler and L1ldapAuthenticationHandler) <util:map id="authenticationHandlersResolvers"> <entry key-ref="ldapAuthenticationHandler" value="#{null}" /> <entry key-ref="L1ldapAuthenticationHandler" value="#{null}" /> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> </util:map> I declared the anyAuthenticationPolicy <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" />said by And this factory : <alias name="requiredHandlerAuthenticationPolicyFactory" alias="authenticationPolicyFactory" /> Moreover, the boolean tryAll is set to true to enforce PolicyBasedAuthenticationManager to try all the handler before returning. The policy could be written like that : with the credential submitted by the web form, try to authenticate with the two handlers and if, for a given service (let say S) the handler ldapAuthenticationHandler is satisfied then return true But, as Artur said in this thread the behavior is not the one I hope. Only the first handler is tried and the authentication result is always false. To day,I inspected the code and It seems that I could be an error : the policy returns true only if number of success added to number of failures equals number of credentials BUT NUMBER OF CREDENTIALS IS ALWAYS 1. Do you thing it is an error or I made a misunderstanding.? I followed my investgation by modifying the code of the PolicyBasedAuthenticationManager in order to add to the builder one credential by handler s upporting the credential (in my case 2. And, making that, the authentication process works fine in the different cas I tested ! Here is the piece of cod I modified protected AuthenticationBuilder authenticateInternal(final Collection<Credential> credentials) throws AuthenticationException { final AuthenticationBuilder builder = new DefaultAuthenticationBuilder(NullPrincipal.getInstance()); /* initialize builder with credential only if it is unique for each handler supporting this type of Credential * as to ensure authentication.credentials.size() == total of authentication attemps ! */ if(credentials.size()==1) { Credential credential = (Credential)(credentials.toArray()[0]); for (final Map.Entry<AuthenticationHandler, PrincipalResolver> entry : this.handlerResolverMap.entrySet()) { if(entry.getKey().supports(credential)) builder.addCredential(new BasicCredentialMetaData(credential)); } } else { for (final Credential c : credentials) { builder.addCredential(new BasicCredentialMetaData(c)); } } Do you think I am in the truth or I am completly wrong ? Thank you for your answer Have a good day, Claude -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/01c401d1c5a9%24fc54dd20%24f4fe9760%24%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
