[Cas 6.0.7] Surrogate authentication not working through REST

[Michele Melluso]

Hi,

I'm using CAS to authenticate both with web interface and rest calls.

While trying to configure Surrogate authentication, it works with web interface but it doesn't with rest.

e.g.

  

  curl -k -X POST \

  https://local.host.it:8444/cas/v1/tickets/ \

  -H 'Content-Type: application/x-www-form-urlencoded' \

  -H 'cache-control: no-cache' \

  -d 'token=true&username=myuser&password=mypwd'

it works

while

  

  curl -k -X POST \

  https://local.host.it:8444/cas/v1/tickets/ \

  -H 'Content-Type: application/x-www-form-urlencoded' \

  -H 'cache-control: no-cache' \

  -d 'token=true&username=myuser+myprincipal&password=myprincipalpwd'

returns 401 (even with url-encoded parameters) with the following log:

2019-12-16 14:34:03,861 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=myuser+myprincipal, source=null)] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>

2019-12-16 14:34:03,862 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[QueryDatabaseAuthenticationHandler] exception details: [myuser+myprincipal not found with SQL query].>

2019-12-16 14:34:03,862 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: myuser+myprincipal

WHAT: Supplied credentials: [UsernamePasswordCredential(username=myuser+myprincipal, source=null)]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Mon Dec 16 14:34:03 CET 2019

any experience with this?

thanks in advance

Michele