Multiple JAAS realms - CAS 6.5
58 views
Skip to first unread message
cm
Sep 15, 2022, 4:05:29 PM9/15/22
to CAS Community
Hello, I'm trying to to use multiple jaas realms, one for my development environment and one for my production environment. If my first jaas realm fails to authenticate (cas.authn.jaas[0]) I want it to try my other realm (cas.authn.jaas[1]). However when testing, my second realm is never evaluated. Is it possible to fallback to cas.authn.jaas[1] if cas.authn.jaas[0] fails to authenticate?
Thanks in advance!
cas.properties:
#JAAS DEV
cas.authn.jaas[0].realm=DevLogin
cas.authn.jaas[0].login-config-type=JavaLoginConfig
cas.authn.jaas[0].login-configuration-file=/opt/apache-tomcat-9.0.60/conf/jaas.conf
cas.authn.jaas[0].password-encoder.encoding-algorithm=MD5
cas.authn.jaas[0].password-encoder.type=NONE
#JAAS PROD
cas.authn.jaas[1].realm=ProdLogin
cas.authn.jaas[1].login-config-type=JavaLoginConfig
cas.authn.jaas[1].login-configuration-file=/opt/apache-tomcat-9.0.60/conf/jaas.conf
cas.authn.jaas[1].password-encoder.encoding-algorithm=MD5
cas.authn.jaas[1].password-encoder.type=NONE
jaas.conf:
//DEV ENV
DevLogin {
someorg.auth.dev.MyLogin required
debug="true"
DataSourceName="jdbc/DEVDB" ;
} ;
//PROD ENV
ProdLogin {
someorg.auth.prod.MyLogin required
debug="true"
DataSourceName="jdbc/PRODDB" ;
} ;
Thanks in advance!
cas.properties:
#JAAS DEV
cas.authn.jaas[0].realm=DevLogin
cas.authn.jaas[0].login-config-type=JavaLoginConfig
cas.authn.jaas[0].login-configuration-file=/opt/apache-tomcat-9.0.60/conf/jaas.conf
cas.authn.jaas[0].password-encoder.encoding-algorithm=MD5
cas.authn.jaas[0].password-encoder.type=NONE
#JAAS PROD
cas.authn.jaas[1].realm=ProdLogin
cas.authn.jaas[1].login-config-type=JavaLoginConfig
cas.authn.jaas[1].login-configuration-file=/opt/apache-tomcat-9.0.60/conf/jaas.conf
cas.authn.jaas[1].password-encoder.encoding-algorithm=MD5
cas.authn.jaas[1].password-encoder.type=NONE
jaas.conf:
//DEV ENV
DevLogin {
someorg.auth.dev.MyLogin required
debug="true"
DataSourceName="jdbc/DEVDB" ;
} ;
//PROD ENV
ProdLogin {
someorg.auth.prod.MyLogin required
debug="true"
DataSourceName="jdbc/PRODDB" ;
} ;
cm
Sep 16, 2022, 3:45:38 PM9/16/22
to CAS Community, cm
I figured it out.
Added a name to my jaas definition -
cas.properties:
#JAAS DEV
#JAAS DEV
cas.authn.jaas[0].name=jaas_dev
cas.authn.jaas[0].realm=DevLogin
cas.authn.jaas[0].login-config-type=JavaLoginConfig
cas.authn.jaas[0].login-configuration-file=/opt/apache-tomcat-9.0.60/conf/jaas.conf
cas.authn.jaas[0].password-encoder.encoding-algorithm=MD5
cas.authn.jaas[0].password-encoder.type=NONE
#JAAS PROD
cas.authn.jaas[0].name=jaas_prod
cas.authn.jaas[1].realm=ProdLogin
cas.authn.jaas[1].login-config-type=JavaLoginConfig
cas.authn.jaas[1].login-configuration-file=/opt/apache-tomcat-9.0.60/conf/jaas.conf
cas.authn.jaas[1].password-encoder.encoding-algorithm=MD5
cas.authn.jaas[1].password-encoder.type=NONE
cas.authn.jaas[1].login-config-type=JavaLoginConfig
cas.authn.jaas[1].login-configuration-file=/opt/apache-tomcat-9.0.60/conf/jaas.conf
cas.authn.jaas[1].password-encoder.encoding-algorithm=MD5
cas.authn.jaas[1].password-encoder.type=NONE
Added authenticationPolicy to my service definitions -
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: ^https://(somesite|192.168.1.2)/.*
name: dev
theme: dev
id: 8675309
proxyTicketExpirationPolicy:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy
}
serviceTicketExpirationPolicy:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy
}
evaluationOrder: 2
attributeReleasePolicy:
{
@class: org.apereo.cas.services.ReturnAllAttributeReleasePolicy
}
authenticationPolicy:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy
requiredAuthenticationHandlers:
[
java.util.HashSet
[
jaas_dev
]
]
criteria:
{
@class: org.apereo.cas.services.AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria
Reply all
Reply to author
Forward
0 new messages