CAS 5.3.12, Groovy Multifactor Policy, anyone successfully used logger/LOGGER for debugging,
66 views
Skip to first unread message
randomuser878
Sep 26, 2019, 9:57:48 AM9/26/19
to CAS Community
Hello
Attempting to write Groovy MFA that could filter MFA returned value based on some selection. At this point stuck on how to get the logger output in order to debug and get the solution in play.
Error message " WARN [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] - <No such property: LOGGER for class: GroovyMultifactorPolicy
Attempting to write Groovy MFA that could filter MFA returned value based on some selection. At this point stuck on how to get the logger output in order to debug and get the solution in play.
Tried: LOGGER.debug("MFA USER Section");
Error message " WARN [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] - <No such property: LOGGER for class: GroovyMultifactorPolicy
Possible solutions: logger>
groovy.lang.MissingPropertyException: No such property: LOGGER for class: GroovyMultifactorPolicy
Possible solutions: logger
Tried: logger.debug("MFA USER Section");
WARN [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] - <Cannot invoke method debug() on null object>
WARN [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] - <Cannot invoke method debug() on null object>
java.lang.NullPointerException: Cannot invoke method debug() on null object
Tried: logger.debug "MFA USER Section"
Tried: logger.debug "MFA USER Section"
WARN [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] - <Cannot invoke method debug() on null object>
java.lang.NullPointerException: Cannot invoke method debug() on null object
I must be missing something fundamental here.
Multi group selection works just need to debug/log anything under getMultifactorAuthenticationProviders and do some more customization/troubleshooting
Sample so far (there are more import than probably needed but not sure which helps)
Sample so far (there are more import than probably needed but not sure which helps)
--------------------------- groovy file ----------------------------------------
import java.util.*
import org.apereo.inspektr.common.web.*;
import org.apereo.cas.services.*;
import org.apereo.cas.authentication.principal.*;
import org.springframework.webflow.execution.RequestContext;
import org.apereo.cas.web.support.WebUtils;
// Thought it provided LOGGER object
import org.slf4j.Logger;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import org.apereo.cas.authentication.AuthenticationHandlerResolver;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.MultifactorAuthenticationCredential;
class GroovyMultifactorPolicy extends DefaultRegisteredServiceMultifactorPolicy {
String mfaGroupPattern = "cn=something";
@Override
Set<String> getMultifactorAuthenticationProviders() {
final Authentication authentication = WebUtils.getInProgressAuthentication();
final String A = authentication.getPrincipal().getId();
// STUCK POINT
logger.debug "MFA USER Section"
logger.debug "MFA USER Section"
/* ******* IF someone has a sample code that works and fits this idea also it is greatly appreciated,
def memberOf = authentication.principal.attributes['memberOf'];
// logger.info "DOING MFA group";
for (String group : memberOf) {
if (group.contains(mfaGroupPattern)) {
// logger.info "In MFA group";
return "mfa-yubikey";
}
// and other checks
}
********** */
// default if above fails
["mfa-gauth"];
}
@Override
RegisteredServiceMultifactorPolicy.FailureModes getFailureMode() {
// RegisteredServiceMultifactorPolicy.FailureModes.OPEN
RegisteredServiceMultifactorPolicy.FailureModes.PHANTOM;
}
@Override
String getPrincipalAttributeNameTrigger() {
"groupMembership";
// "Test"
}
@Override
String getPrincipalAttributeValueToMatch() {
// "(groupA|groupB)";
"(cn=groupA,ou=....,o=..|cn=groupB,ou=...,o=...)";
// "TestMatch"
}
@Override
boolean isBypassEnabled() {
// true
false;
}
}
Many thanks for your time in looking at this.
Dmitriy Kopylenko
Sep 26, 2019, 10:40:43 AM9/26/19
to cas-...@apereo.org
There is no logger instance available to your Groovy class. You’ll have to create an instance yourself e.g.
static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(GroovyMultifactorPolicy)
Best,
D.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e270dd04-dec6-460f-9d53-a0cf25c71cfe%40apereo.org.
randomuser878
Sep 26, 2019, 2:20:27 PM9/26/19
to CAS Community
Greetings Dmitriy
import org.slf4j.Logger;
...
and in cas log4j.xml config
Many thanks for the hint.
This worked for me
This worked for me
import org.slf4j.Logger;
...
static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(DefaultRegisteredServiceMultifactorPolicy);
...
...
log.debug("MFA GroovyMultifactorPolicy.getMultifactorAuthenticationProviders USER ID=[{}]",thisUser);
and in cas log4j.xml config
<AsyncLogger name="org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy" level="debug">
<AppenderRef ref="casFile"/>
</AsyncLogger>
Thanks again.
Reply all
Reply to author
Forward
0 new messages