CAS 5.1.x MySql authentication problem !!
331 views
Skip to first unread message
noumann.f
Dec 4, 2017, 10:30:13 AM12/4/17
to CAS Community
Hi,
What are the keys in the cas.properties file should I assign these cipher keys to?
I'm trying to deploy the CAS 5.1.x using Maven overlay from here: https://github.com/apereo/cas-overlay-template/tree/5.1
I want to activate the Database authentication from MySql database following up the formal documentation.
It fails to authenticate me with the following WARN in the log:
WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [user1] of type [UsernamePasswordCredential], which suggests a configuration problem.>
Here is the modifications in the POM file:
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<!-- <version>${cas.version}</version> -->
<version>4.2.7</version>
<scope>runtime</scope>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-jsr223</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc-drivers</artifactId>
<version>${cas.version}</version>
</dependency>
- It didn't work with the <version>${cas.version}</version> for the cas-server-support-jdbc dependency! I used the latest version on the repository.
- It didn't work without excluding the org.apache.logging.log4j and org.codehaus.groovy from the cas-server-support-jdbc dependency!
Here is the cas.properties file:
DEFAULT SETTINGS HERE
.
.
.
cas.tgc.crypto.enabled=true
cas.tgc.crypto.encryption.key=W7t ... DHg
cas.tgc.crypto.signing.key=fa6 ... jrQ
cas.webflow.crypto.signing.key=Du_ ... sow
cas.webflow.crypto.encryption.key=IQv ... 6Sw
cas.authn.jdbc.query[0].sql=SELECT * FROM cas.credentials WHERE `username`=?
cas.authn.jdbc.query[0].healthQuery=SELECT 1 FROM cas.credentials
cas.authn.jdbc.query[0].url=jdbc:mysql://localhost:3306/cas
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQL5InnoDBDialect
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=****
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].fieldPassword=`password-plain`
# cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
# cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5
# cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
logging.level.org.apereo=DEBUG
cas.authn.accept.users=In the log I still find these WARNs:
2017-12-04 17:10:43,352 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for signing is not defined. CAS will attempt to auto-generate the signing key>
2017-12-04 17:10:43,353 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated signing key [jiH ... 4Ug] of size [512]. The generated key MUST be added to CAS settings.>
2017-12-04 17:10:43,353 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <No encryption key is defined. CAS will attempt to auto-generate keys>
2017-12-04 17:10:43,353 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated encryption key [SYr ... nqI] of size [16]. The generated key MUST be added to CAS settings.>
What are the keys in the cas.properties file should I assign these cipher keys to?
Is there anyway to debug more what's happening after entering the username and password in the form? I'd <Property name="cas.log.level" >debug</Property> in the log4j2.xml file!!!
any help is appreciated!!
Ray Bon
Dec 4, 2017, 12:46:31 PM12/4/17
to cas-...@apereo.org
There are two questions here, MySql and encryption key warnings.
For MySql, use cas version in the pom and report on the errors for that config.
For encryption key warnings, your field names for cas.tgc... and cas.webflow... are different than what is in the docs, https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#.
Perhaps you are using values from CAS 4.x?
Ray
-- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca
jm t
Dec 4, 2017, 12:56:55 PM12/4/17
to CAS Community
Hi,
You should explicit the value of:
# cas.authn.jdbc.query[0].passwordEncoder.type=NONE|DEFAULT|STANDARD|BCRYPT|SCRYPT|PBKDF2|com.example.CustomPasswordEncoder
In your cause set it to none. That's a synonym of plain text.
cas.authn.jdbc.query[0].passwordEncoder.type=NONE
jm
noumann.f
Dec 4, 2017, 2:58:08 PM12/4/17
to CAS Community
Thanks Ray,
- Bringing in new fresh version from the overlay template solved the JDBC issues,
- and setting v 5.1.x fields names in the cas.properties files solved the encryption issues,
- BUT still not authenticating correct against the DB ! the following warning appears in the log:
WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [user1] of type [UsernamePasswordCredential], which suggests a configuration problem.>
How can I debug it?
noumann.f
Dec 4, 2017, 3:03:16 PM12/4/17
to CAS Community
Thanks jm,
I did set this to none but still can't authenticate to the DB and a warning appears:
WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [user1] of type [UsernamePasswordCredential], which suggests a configuration problem.>
Here is the cas.properties I'm using:
#Query Database Authentication
##################################################
cas.authn.jdbc.query[0].sql=SELECT * FROM credentials WHERE `username`=?
cas.authn.jdbc.query[0].healthQuery=SELECT 1 FROM cas.credentials
cas.authn.jdbc.query[0].url=jdbc:mysql://localhost:3306/cas?serverTimezone=UTC
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQL5InnoDBDialect
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=*********
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].fieldPassword=`password-plain`
cas.authn.jdbc.query[0].passwordEncoder.type=NONE
noumann.f
Dec 4, 2017, 6:24:09 PM12/4/17
to CAS Community
Solved ...
Removing the grave accent ` characters in the fieldPassword value solved the problem.
Best regards
Reply all
Reply to author
Forward
0 new messages