CAS User connection with MSSQL database and ASP.NET client

[Valentine Rouzaud]

I've recently taken interest in the CAS system for a work project using ASP.NET MVC applications. So I made a simple test project following MVC and I am now trying to link my MSSQL database (generated with Entity Framework of Visual Studio 2015 Pro) and my CAS so that the CAS server can check my project's database for users when they try to log in.

I am using CAS 4.0.1 so I've followed this tutorial: https://jasig.github.io/cas/4.0.x/installation/Database-Authentication.html which ends up looking like the following code:

In the "deployerConfigContext.xml"

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
    <constructor-arg>
        <map>
            <entry key-ref="primaryAuthenticationHandler" value-ref="dbAuthHandler"/>
        </map>
    </constructor-arg>
    <property name="authenticationPolicy">
        <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
    </property>
</bean>
<bean id="passwordEncoder"
      class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
      c:encodingAlgorithm="MD5"
      p:characterEncoding="UTF-8" />
<bean id="dbAuthHandler"
      class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:passwordEncoder-ref="passwordEncoder"
      p:tableUsers="Users"
      p:fieldUser="Username"
      p:fieldPassword="PassWord"/>
<bean id="dataSource"
      class="org.apache.tomcat.jdbc.pool"
      p:driverClass="${database.driverClass}"
      p:jdbcUrl="${database.url}"
      p:user="${database.user}"
      p:password="${database.password}" />

In the "cas.properties" file

database.driverClass=com.microsoft.jdbc.sqlserver
database.url=jdbc:sqlserver://localhost:59228;DatabaseName=ConnectionTest.Models.DatabaseContext
database.user=casAdmin
database.password=casPwd

And in the pom.xml file

    <dependencies>
        <dependency>
            <groupId>org.jasig.cas</groupId>
            <artifactId>cas-server-webapp</artifactId>
            <version>${cas.version}</version>
            <type>war</type>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.jasig.cas</groupId>
            <artifactId>cas-server-support-jdbc</artifactId>
            <version>${cas.version}</version>
        </dependency>
        <dependency>
            <groupId>com.microsoft.sqlserver</groupId>
            <artifactId>sqljdbc4</artifactId>
            <version>4.0</version>
        </dependency>
        <dependency>
            <groupId>c3p0</groupId>
            <artifactId>c3p0</artifactId>
            <version>0.9.1.2</version>
        </dependency>
     <-- I tried with Tomcat JDBC driver instead of C3P0
         but it didn't seem to have changed anything -->
        <dependency>
            <groupId>org.apache.tomcat</groupId>
            <artifactId>tomcat-jdbc</artifactId>
            <version>9.0.0.M4</version>
        </dependency>
    </dependencies>
    <properties>
        <cas.version>4.0.1</cas.version>
    </properties>

I'm not getting any errors when building with Maven (3.3.9) nor when deploying with Tomcat (9.0.0.M4) but when I try to log in on the CAS with some of my DB's credentials it just tells me that my crendentials are invalid. After some advice, I've found what seems to be the correct MSSQL driver but I'm still not sure about the exact formatting given that I still cannot log in with users from my DB. I'm suspecting the database URL to be written with the wrong syntax but I'm not sure how to write it otherwise. 

Any help is appreciated, thanks.

Regards,

   Valentine

[Dmitriy Kopylenko]

I'm just speculating here since you did not provide any detailed logs: are you storing the password values in the password column for your users in plain text? If so, the DB authn handler delegates to the password encoder to hash the provided credentials and compare it to the password value stored in DB resulting in a rightful comparison failure, etc. 

Cheers,

D.

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a3771230-f565-4821-a0f1-50f5dfab3ef6%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[Valentine Rouzaud]

Hello,

I used my own MD5 encoder method to populate my database and I thought the issue could come from here but I ended up creating three users with password as such:

username : "test1" password : "test"

username : "test2" password : "09-8F-6B-CD-46-21-D3-73-CA-DE-4E-83-26-27-B4-F6"

username : "test3" password : "098f6bcd4621d373cade4e832627b4f6"

And I'm testing all three users each time to make sure it's not an encoder problem...

Regardless of this possible issue, which log would you need to know more ? And where would it be located ?

Thank you,

    Valentine

[Dmitriy Kopylenko]

https://jasig.github.io/cas/4.0.x/installation/Logging.html

D.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/860f9127-f19b-4f54-9302-bf5494dc6687%40apereo.org.

[Valentine Rouzaud]

Alright so when I try to login as one of my db users I get this

2016-04-19 14:39:41,164 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - Beginning ticket cleanup.
2016-04-19 14:39:41,167 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 0 tickets found to be removed.
2016-04-19 14:39:41,167 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - Finished ticket cleanup.
2016-04-19 14:40:00,022 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - AcceptUsersAuthenticationHandler failed authenticating test1+password
2016-04-19 14:40:00,026 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: supplied credentials: [test1+password]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Apr 19 14:40:00 CEST 2016
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: x.x.x.x
=============================================================

2016-04-19 14:40:00,027 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: 1 errors, 0 successes
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Tue Apr 19 14:40:00 CEST 2016
CLIENT IP ADDRESS:  x.x.x.x
SERVER IP ADDRESS: x.x.x.x
=============================================================

[Dmitriy Kopylenko]

OK, the hint is right there: [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - AcceptUsersAuthenticationHandler failed authenticating test1+password

Your current deployment is configured with the wrong (not the DB handler that you wish to use) authentication handler. You could examine the deployerConfigContext.xml of your deployed cas.war to verify it.

But first and foremost, I’d suggest that you make sure that you use the proper build model of maven war overlay as described here: https://jasig.github.io/cas/4.2.x/installation/Maven-Overlay-Installation.html

and I’d also suggest that you use the latest CAS server version which is 4.2.1 at the moment.

Best,

D.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3119674a-18cb-4c4f-84df-e47e0d4fa6ef%40apereo.org.

[Valentine Rouzaud]

Well, I've tried upgrading to the 4.2.1 version before but then I can't even seem to access the CAS login page anymore. I'm guessing the code changed enough that maybe the Dot Net Cas Client isn't compatible with the newer versions of CAS.

I'll try fixing the AuthentificationHandler problem you pointed out though, thank you!

Regards,

   Valentine

[Valentine Rouzaud]

I've found what's wrong, basically it doesn't matter what Authentification Handler I change or add in my deployerConfigContext.xml, it will always only allow the "casuser" "Mellon" (the default Authentification Handler.) 

I tried commenting the whole default authentification handler (AcceptUsersAuthenticationHandler ) or even deleting it completely from the deployerConfigContext and yet in the cas.log I still read the same error you pointed out:

[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - AcceptUsersAuthenticationHandler failed authenticating test1+password

It's like it's been hardcoded somewhere else or that maybe I need to change a setting somewhere to allow custom authentification handlers. I'll keep looking for something.