cas 5.2.1 Problem with trusted authentication
234 views
Skip to first unread message
pascal m
Jan 2, 2018, 9:42:05 AM1/2/18
to CAS Community
Hi,
I'm trying to configure CAS Server (5.2.1) with trusted authentication, username extract from request header.
The username is found in request ( PrincipalFromRequestHeaderNonInteractiveCredentialsAction getRemotePrincipalId) but looks this method return remoteUser instead of header value for remotePrincipalHeader.
I've just configure dependency cas-server-support-trusted-webflow and add cas.authn.trusted.remotePrincipalHeader=x-app-auth-userid
May be i do miss configuration?
Thanks
Pascal
deejam
Jul 25, 2018, 2:22:55 AM7/25/18
to CAS Community
Hi Pascal,
I am having this same issue. Did you ever get this working? I think you are right. It seems like a bug, or i am missing something as well.
I have been working with 5.3.1 the past few days (trying to re-platform an older cas install) and just came across this tonight.
I am having this same issue. Did you ever get this working? I think you are right. It seems like a bug, or i am missing something as well.
I have been working with 5.3.1 the past few days (trying to re-platform an older cas install) and just came across this tonight.
Auth handler Configured with:
cas.authn.trusted.remotePrincipalHeader=oam_remote_user
cas.authn.trusted.remotePrincipalHeader=oam_remote_user
Here are what i am seeing in my logs.
2018-07-25 00:41:52,874 DEBUG [org.apereo.cas.adaptors.trusted.web.flow.PrincipalFromRequestHeaderNonInteractiveCredentialsAction] - <Available request headers are [ <headers snipped from message>]. Locating first header value for [oam_remote_user]> (it actually finds the header i am interested in within the request)
2018-07-25 00:41:52,876 DEBUG [org.apereo.cas.adaptors.trusted.web.flow.PrincipalFromRequestHeaderNonInteractiveCredentialsAction] - <Remote user [testuser1] found in [oam_remote_user] header> (it extracts the proper user from the interesting header)
2018-07-25 00:41:52,877 DEBUG [org.apereo.cas.adaptors.trusted.web.flow.BasePrincipalFromNonInteractiveCredentialsAction] - <No user found in HttpServletRequest> (The next step could not find the use since remoteUser was blank since it was returned with no value. It seems like the proper value was in a variable name "header")
2018-07-25 00:41:52,877 WARN [org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction] - <No credentials detected. Navigating to error...>
Looking at the 5.3.1 code here: https://github.com/apereo/cas/blob/v5.3.1/support/cas-server-support-trusted/src/main/java/org/apereo/cas/adaptors/trusted/web/flow/PrincipalFromRequestHeaderNonInteractiveCredentialsAction.java
It seems like line 60 should be changed from "return remoteUser" to "return header".
if (StringUtils.isNotBlank(this.remotePrincipalHeader)) { final Map<String, List<String>> headers = getAllRequestHeaderValues(request); LOGGER.debug("Available request headers are [{}]. Locating first header value for [{}]", headers, this.remotePrincipalHeader); if (headers.containsKey(this.remotePrincipalHeader)) { final String header = headers.get(this.remotePrincipalHeader).get(0); LOGGER.debug("Remote user [{}] found in [{}] header", header, this.remotePrincipalHeader); return remoteUser; } }I need to work on building this from source to test. Its been a while. Anyone have any thoughts on this and whether is the right path?
Thanks,
Majeed
Majeed
Reply all
Reply to author
Forward
0 new messages