Mongodb Authentication won't work if no attributes given in CAS 6.1.1
24 views
Skip to first unread message
Andy Ng
Nov 3, 2019, 11:11:31 PM11/3/19
to CAS Community
Hi all,
Today I am testing out CAS using MongoDB authentication, and found out a behavior for MongoDB Authentication:
> if no attribute was given in cas.authn.mongo.attributes, the authentication will failed by No serialized profile found.
Here an example:
cas.yml:
cas.authn.mongo:
host: ${AUTHENTICATION_MONGODB}
userId: root
password: ThisIsThePasswordForRoot
databaseName: ${AUTHENTICATION_MONGODB}
authenticationDatabaseName: admin
MongoDB users:
db.users.insertMany([
{
_id: xxxx
username: "mongodb",
password: "Mellon",
},
]),
logs
cas_1 | 2019-11-04 04:02:37,780 ERROR [org.apereo.cas.integration.pac4j.authentication.handler.support.AbstractWrapperAuthenticationHandler] - <Failed to validate credentials>
cas_1 | org.pac4j.core.exception.TechnicalException: No serialized profile found. You should certainly define the explicit attribute names you want to retrieve
cas_1 | at org.pac4j.core.profile.service.AbstractProfileService.convertAttributesToProfile(AbstractProfileService.java:245) ~[pac4j-core-4.0.0-RC1.jar!/:?]
cas_1 | at org.pac4j.core.profile.service.AbstractProfileService.validate(AbstractProfileService.java:300) ~[pac4j-core-4.0.0-RC1.jar!/:?]
cas_1 | at org.pac4j.core.profile.service.AbstractProfileService.validate(AbstractProfileService.java:27) ~[pac4j-core-4.0.0-RC1.jar!/:?]
cas_1 | at org.apereo.cas.integration.pac4j.authentication.handler.support.AbstractWrapperAuthenticationHandler.doAuthentication(AbstractWrapperAuthenticationHandler.java:76) ~[cas-server-support-pac4j-authentication-6.1.1.jar!/:6.1.1]
cas_1 | at org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:43) ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
cas_1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
cas_1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
cas_1 | at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
cas_1 | at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
cas_1 | at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279) ~[spring-core-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.0.RC1.jar!/:2.2.0.RC1]
cas_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at com.sun.proxy.$Proxy159.authenticate(Unknown Source) ~[?:?]
cas_1 | at org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateAndResolvePrincipal(PolicyBasedAuthenticationManager.java:198) ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:308) ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:136) ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke(<generated>) ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:769) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:135) ~[inspektr-audit-1.8.6.GA.jar!/:1.8.6.GA]
cas_1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
cas_1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
cas_1 | at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
cas_1 | at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
cas_1 | at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:644) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:633) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:93) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:689) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$EnhancerBySpringCGLIB$$e665702a.authenticate(<generated>) ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apereo.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:31) ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:53) ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleInitialAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:34) ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver.resolveInternal(DefaultCasDelegatingWebflowEventResolver.java:57) ~[cas-server-core-webflow-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:110) ~[cas-server-core-webflow-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:115) ~[cas-server-core-webflow-api-6.1.1.jar!/:6.1.1]
cas_1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
cas_1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
cas_1 | at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
cas_1 | at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
cas_1 | at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279) ~[spring-core-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.0.RC1.jar!/:2.2.0.RC1]
cas_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at com.sun.proxy.$Proxy208.resolveSingle(Unknown Source) ~[?:?]
cas_1 | at org.apereo.cas.web.flow.actions.AbstractAuthenticationAction.doExecute(AbstractAuthenticationAction.java:56) ~[cas-server-core-webflow-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at jdk.internal.reflect.GeneratedMethodAccessor130.invoke(Unknown Source) ~[?:?]
cas_1 | at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
cas_1 | at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
cas_1 | at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279) ~[spring-core-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.0.RC1.jar!/:2.2.0.RC1]
cas_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at com.sun.proxy.$Proxy199.execute(Unknown Source) ~[?:?]
cas_1 | at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.Transition.execute(Transition.java:228) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:231) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.ViewState.resume(ViewState.java:195) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.Flow.resume(Flow.java:537) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:259) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:168) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
cas_1 | at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
cas_1 | at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
cas_1 | at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
cas_1 | at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279) ~[spring-core-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.0.RC1.jar!/:2.2.0.RC1]
cas_1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at com.sun.proxy.$Proxy210.resumeExecution(Unknown Source) ~[?:?]
cas_1 | at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:254) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE]
cas_1 | at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) ~[spring-webmvc-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) ~[spring-webmvc-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) ~[spring-webmvc-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:665) ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
cas_1 | at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28) ~[cas-server-core-web-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:411) ~[cas-server-core-web-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:215) ~[cas-server-core-web-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:67) ~[cas-server-core-web-api-6.1.1.jar!/:6.1.1]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) ~[spring-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) ~[spring-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108) ~[spring-boot-actuator-2.2.0.RELEASE.jar!/:2.2.0.RELEASE]
cas_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
cas_1 | at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:99) ~[cas-server-core-logging-6.1.1.jar!/:6.1.1]
cas_1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.27.jar!/:9.0.27]
However, if I change add `_id` into the attributes (no need to be _id, is just easier for me to manage)
Working cas.yml
cas.authn.mongo:
host: ${AUTHENTICATION_MONGODB}
userId: root
password: ThisIsThePasswordForRoot
databaseName: ${AUTHENTICATION_MONGODB}
authenticationDatabaseName: admin
# This is added V
attributes: _id
Mongo Authentication works as expected
Would like to ask:
- Is this an intended behavior(i.e. At least one attribute should be added when using MongoDB Authentication)?
- If yes, then this behavior should be added to the documentation
- If no, maybe we can find the bug and fix it?
Thanks
Cheers!
- Andy
Jérôme LELEU
Nov 4, 2019, 2:01:46 AM11/4/19
to cas-...@apereo.org
Hi,
Yes, this is the expected behavior in pac4j. There are two modes (http://www.pac4j.org/docs/authenticators/mongodb.html): either you define the attributes and they are used for the profile OR you don't and a serializedprofile attribute is expected to store the whole serialized profile.
In the CAS server, defining the attributes is what makes sense.
Thanks.
Best regards,
Jérôme
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d87e97f-dfbf-4db1-a4a3-fa4ef7e78f20%40apereo.org.
Andy Ng
Nov 4, 2019, 2:24:00 AM11/4/19
to CAS Community
Hi Jérôme
Oh nice, thanks for your explanation :)
I think we should document that requirement on attribute on https://apereo.github.io/cas/6.1.x/installation/MongoDb-Authentication.html
Since the authentication experience is differs from other Authentication authenticationMethod, (e.g. JDBCAuthenticaiontHandler), it seems beneficial to document the behavior on CAS page.
What do you think?
Cheers!
- Andy
Jérôme LELEU
Nov 4, 2019, 2:25:47 AM11/4/19
to cas-...@apereo.org
Sure. The documentation needs to be complemented here...
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/87b65beb-ef10-4d77-a4ca-5b0094c8d224%40apereo.org.
Andy Ng
Nov 4, 2019, 2:50:16 AM11/4/19
to CAS Community
PR is made: https://github.com/apereo/cas/pull/4404 -Andy
Andy Ng
Nov 4, 2019, 3:51:49 AM11/4/19
to CAS Community
Hi Jérôme,
PR was declined because Moayyed considered this behavior as something need to be fixed in pac4j, see this:
Should I bring this discussion to pac4j group instead? Thanks.
PR was declined because Moayyed considered this behavior as something need to be fixed in pac4j, see this:
Since defining attributes is necessary for pac4j to work when using MongoDB Authentication, the attributes properties is necessary here. However, this behavior of requiring attributes is different from other authentication methods (e.g.JDBC), so I proposed to add an warning here for clarity sake. See if agree.
Thanks for the patch but none of this sounds right.
Attribute support is always optional. All authentication methods in CAS work with or without presence of attributes in the authentication source. A design choice or limitation of a library should not have to contract consistent behavior elsewhere. Changes need to be done on pac4j to allow attribute-less authentication.
Should I bring this discussion to pac4j group instead? Thanks.
Cheers!
- Andy
Jérôme LELEU
Nov 4, 2019, 11:26:59 AM11/4/19
to cas-...@apereo.org
Hi,
I saw his answer. I understand the concern and the need for consistency in CAS, but the same is worth for pac4j as well: I could change the default behavior in pac4j, but this would impact users just to accommodate with the consistency of CAS.
My feeling is that the default behavior of pac4j should be kept, but changed when used in CAS to have consistency in both systems (alone or bundle).
Here is my proposal: by default, in CAS, the id,username,password attributes are defined, which makes things consistent in CAS: no need to define the attributes, consistent in pac4j and things will work properly. What do you think?
Thanks.
Best regards,
Jérôme
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/84c1396e-647e-484c-b2db-1325250b621f%40apereo.org.
Andy Ng
Nov 4, 2019, 8:13:21 PM11/4/19
to CAS Community
Hi Jérôme,
Yes that will be the best.
Cheers!
- Andy
Reply all
Reply to author
Forward
0 new messages