We use ldap and it does process each entry until it finds a successful match.
Set cas log level to debug and you should see db queries being made.
Ray
On Wed, 2024-02-28 at 21:09 -0800, 폴폴 wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
I am using Apereo CAS version 6.6.15. Currently, I'm trying to use a
database-driven authentication method by sending queries to multiple databases.
In the official documentation, it looks like cas.authn.jdbc.query[0], so I
intuitively wrote query[1]. This is my application.yml file.
cas:
authn:
jdbc:
query[0]:
driver-class: "com.mysql.cj.jdbc.Driver"
url: "jdbc:mysql://{my public
IP}:3306/test?autoReconnect=true&allowMultiQuries=true&serverTimezone=UTC"
sql: "select id, login_id, login_pw from test.sso where login_id = ?;"
user: "mysql"
password: "root"
field-password: "login_pw"
password-encoder:
type: "NONE"
query[1]:
driver-class: "com.mysql.cj.jdbc.Driver"
url: "jdbc:mysql://{my public
IP}:3306/test2?autoReconnect=true&allowMultiQueries=true&serverTimezone=UTC"
sql: "select id, username, password from test2.kva_user where username
= ?;"
user: "mysql"
password: "root"
field-password: "password"
password-encoder:
type: "NONE"
User in test DB: ks3254
User in test2 DB: ks32541007
The test DB user corresponding to query[0] is logged in normally, but the test2
DB user corresponding to query[1] gets a message that there is no user.
I looked up the official documentation and found that
"CAS's authentication policy consists of multiple handlers, and if
authentication fails in one handler, it will be passed to the next handler."
Based on this sentence, I thought that if there is no value corresponding to
query[0], it does not execute query[1], but just terminates the handler and
moves on to the next handler.
But what I'm puzzled about here is that the developer was led to believe that
it was an array, making them feel like they could create query[1], and then
query[1] wasn't sent, and I don't understand why the database-driven
authentication failed based on the results of query[0] and query[1], the first
of which was query[0].
To my intuition, this seems very odd and it would make more sense to at least
run all the queries you set in application.yml before moving on to the next
handler.
Is my hypothesis correct? Isn't CAS supposed to be able to connect to multiple
databases and fire off multiple queries?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dd42d2a5d9a8f106d8609c6adce6fc60967bf7e5.camel%40uvic.ca.
