queryDatabaseAuthenticationHandler not being called (CAS 4.2.2)

John Rellis

unread,

Jun 3, 2016, 10:10:12 AM6/3/16

to CAS Community

Hello!

CAS version 4.2.2

I am following the documentation to try and configure a database authentication hander but it looks as though the AcceptUsersAuthenticationHandler is the only one being called (logs below)

Here's my propertyFileDescriptor.xml. I've been looking at examples online that actually define beans for queryDatabaseAuthenticationHandler but since this is not in the docs I am assuming this done on older versions (apologies, I've mainly been working in grails so my spring config experience is non-existent). Thanks in advance for any pointers here, I feel like I've hit a wall with the docs.

I have also set these :

cas.authn.password.encoding.char=UTF-8

cas.authn.password.encoding.alg=SHA-256

cas.jdbc.authn.query.sql=select password_hash from shiro_user where username = ?

<beans xmlns="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:p="http://www.springframework.org/schema/p"

xmlns:context="http://www.springframework.org/schema/context"

xmlns:util="http://www.springframework.org/schema/util"

xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd

http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

This file lets CAS know where you've stored the cas.properties file which details some of the configuration options

that are specific to your environment. You can specify the location of the file here. You may wish to place the file outside

of the Servlet context if you have options that are specific to a tier (i.e. test vs. production) so that the WAR file

can be moved between tiers without modification.

</description>

<util:properties id="casProperties" location="file:/home/john/cas/cas-overlay-template/etc/cas.properties" />

<context:property-placeholder properties-ref="casProperties" />

<bean id="dataSource"

class="com.mchange.v2.c3p0.ComboPooledDataSource"

p:driverClass="${database.driverClass}"

p:jdbcUrl="${database.url}"

p:user="${database.user}"

p:password="${database.password}"

p:initialPoolSize="${database.pool.minSize}"

p:minPoolSize="${database.pool.minSize}"

p:maxPoolSize="${database.pool.maxSize}"

p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"

p:checkoutTimeout="${database.pool.maxWait}"

p:acquireIncrement="${database.pool.acquireIncrement}"

p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"

p:acquireRetryDelay="${database.pool.acquireRetryDelay}"

p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"

p:preferredTestQuery="${database.pool.connectionHealthQuery}" />

</beans>

2016-06-03 14:40:07,885 [http-nio-8080-exec-1] DEBUG org.jasig.cas.util.RegexUtils - Pattern http://localhost:8080/CasTest/shiro-cas is a valid regex.

2016-06-03 14:40:07,886 [http-nio-8080-exec-1] DEBUG org.jasig.cas.services.web.RegisteredServiceThemeBasedViewResolver - View resolved: /WEB-INF/view/jsp/default/ui/casLoginView.jsp

2016-06-03 14:40:07,948 [http-nio-8080-exec-1] INFO org.jasig.cas.authentication.PolicyBasedAuthenticationManager - AcceptUsersAuthenticationHandler failed authenticating admin

2016-06-03 14:40:07,948 [http-nio-8080-exec-1] DEBUG org.jasig.cas.authentication.PolicyBasedAuthenticationManager - AcceptUsersAuthenticationHandler exception details: No user can be accepted because none is defined

2016-06-03 14:40:07,953 [http-nio-8080-exec-1] DEBUG org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver - Resolving argument [AuthenticationTransaction] for audit

2016-06-03 14:40:07,954 [http-nio-8080-exec-1] DEBUG org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver - Resolving argument [UsernamePasswordCredential] for audit

2016-06-03 14:40:07,957 [http-nio-8080-exec-1] INFO org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager - Audit trail record BEGIN

=============================================================

WHO: admin

WHAT: Supplied credentials: [admin]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Fri Jun 03 14:40:07 IST 2016

CLIENT IP ADDRESS: 10.5.5.30

SERVER IP ADDRESS: 10.5.5.50

=============================================================

2016-06-03 14:40:07,961 [http-nio-8080-exec-1] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - 1 errors, 0 successes

org.jasig.cas.authentication.AuthenticationException: 1 errors, 0 successes

Misagh Moayyed

unread,

Jun 3, 2016, 11:11:23 AM6/3/16

to CAS Community

Compare your configuration with this:

https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/45c51101-265a-4b44-b636-e3027304189a%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

John Rellis

unread,

Jun 3, 2016, 11:21:07 AM6/3/16

to CAS Community, mmoa...@unicon.net

Thanks but that doesn't use queryDatabaseAuthenticationHandler :(

Dmitriy Kopylenko

unread,

Jun 3, 2016, 11:26:51 AM6/3/16

to John Rellis, CAS Community, Misagh Moayyed

You mentioned ‘propertyFileDescriptor.xml’. Is that where you define your beans shown below? Where do you place this file?

D.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fbd50f6-e9ce-426d-bfd6-c93c0ce239c9%40apereo.org.

Dmitriy Kopylenko

unread,

Jun 3, 2016, 11:40:49 AM6/3/16

to John Rellis, CAS Community

Place the custom handler definitions and aliases into WEB-INF/deployerConfigContext.xml As Misagh showed in that link in the previous message. Just get the entire file from the CAS repository, place it in your overlay and override the custom bits.

Just an aside note - that kind of local customization will be much easier in CAS v5 ;-)

Cheers,

D.

On Jun 3, 2016, at 11:35 AM, John Rellis <john.d...@gmail.com> wrote:

Hi Dimitry,

I am using https://github.com/apereo/cas-overlay-template to create a war and yes propertyFileDescriptor.xml is where I have copied that xml from.

Once deployed it is in apache-tomcat-8.0.33/webapps/cas/WEB-INF/spring-configuration/propertyFileConfigurer.xml

Do you need any more info?

Thanks!
John

Dmitriy Kopylenko

unread,

Jun 3, 2016, 11:55:07 AM6/3/16

to John Rellis, CAS Community

Just leave the propertyFileConfigurer.xml alone and customize the deployerConfigContext.xml in your overlay.

And check this doc out: http://apereo.github.io/cas/4.2.x/installation/Maven-Overlay-Installation.html

D.

On Jun 3, 2016, at 11:50 AM, John Rellis <john.d...@gmail.com> wrote:

Thanks Dmitriy,

Are you saying that I need to move propertyFileConfigurer.xml from where the cas-overlay-template mvn pakage puts it?

I'll try customising what Misagh linked to, thanks to you both. Hopefully I won't have to come back with more questions.

Thanks,
John

John Rellis

unread,

Jun 3, 2016, 11:56:13 AM6/3/16

to Dmitriy Kopylenko, CAS Community

Excellent, thank you!

John Rellis

unread,

Jun 10, 2016, 4:50:31 AM6/10/16

to Dmitriy Kopylenko, CAS Community

Thanks, that worked! Once I figured out there was a default deployerConfigContext.xml created by the overlay I edited that and got myself up and running using the following. I still have some customisations to make but I can login from the db now! Thanks to you both for you help! Free beer for all!

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:context="http://www.springframework.org/schema/context"

xmlns:p="http://www.springframework.org/schema/p"

xmlns:c="http://www.springframework.org/schema/c"

xmlns:aop="http://www.springframework.org/schema/aop"

xmlns:tx="http://www.springframework.org/schema/tx"

xmlns:util="http://www.springframework.org/schema/util"

xmlns:sec="http://www.springframework.org/schema/security"

xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd

http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd

http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd

http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd

http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

Nothing yet - work in progress

</description>

<util:map id="authenticationHandlersResolvers">

</util:map>

<bean id="dataSource"

class="com.mchange.v2.c3p0.ComboPooledDataSource"

p:driverClass="${database.driverClass}"

p:jdbcUrl="${database.url}"

p:user="${database.user}"

p:password="${database.password}"

p:initialPoolSize="${database.pool.minSize}"

p:minPoolSize="${database.pool.minSize}"

p:maxPoolSize="${database.pool.maxSize}"

p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"

p:checkoutTimeout="${database.pool.maxWait}"

p:acquireIncrement="${database.pool.acquireIncrement}"

p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"

p:acquireRetryDelay="${database.pool.acquireRetryDelay}"

p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"

p:preferredTestQuery="${database.pool.connectionHealthQuery}"/>

<util:list id="authenticationMetadataPopulators">

</util:list>

<bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"

p:backingMap-ref="attrRepoBackingMap" />

<util:map id="attrRepoBackingMap">

<entry>

<key><value>memberOf</value></key>

<list>

<value>faculty</value>

<value>staff</value>

</list>

</entry>

</util:map>

<bean id="auditTrailManager"

class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager"

p:entrySeparator="${cas.audit.singleline.separator:|}"

p:useSingleLine="${cas.audit.singleline:false}"/>

<util:list id="monitorsList">

</util:list>

</beans>

Cross Zheng

unread,

Jun 13, 2016, 1:52:46 AM6/13/16

to CAS Community, dkopy...@unicon.net

Hi John

I copied your deployerConfigContext.xml, I still can not get myself passed the authentication. Always saying "ACTION: AUTHENTICATION_FAILED"

Could you please copy the deployerConfigContext.xml from cas repository (v4.2.2) and highlight where you modified?

I've did this, but with your modification, Jetty returns some jvm errors.

Thanks,

Cross

John Rellis

unread,

Jun 15, 2016, 5:26:46 AM6/15/16

to CAS Community, dkopy...@unicon.net

Hi Cross,

Can you post the exact lines of the log? Also, is there an exception, there usually is if auth failed from what I've seen over the last couple of weeks.

Attached are my current src/main/web-app/WEB-INF/spring-configuration/propertyFileConfigurer.xml , src/main/web-app/WEB-INF/deployerConfigContext.xml and my cas.properties and contents of /etc/services where test-1001.json lives. Also pom.xml

Note, I am still testing and some of these settings are not optimal and not production ready

deployerConfigContext.xml

test-10001.json

pom.xml

cas.properties

Cross Zheng

unread,

Jun 16, 2016, 5:19:44 AM6/16/16

to CAS Community, dkopy...@unicon.net

Hi John,

I switched log4j to DEBUG level, then figured out my Mysql data problem. This kind of error is not printed any clues into the default log files. Now everything goes fine. thanks.

Cross

Reply all

Reply to author

Forward