CAS 6.6.x Service Registry with MongoDB

[Diego Gimenez]

Hello,

I am having trouble with reading the specific attribute of multifactorPolicy when using CAS with MongoDB as my Service Registry database. There are two problems, but the main one is that all the attributes at the registered services are perfectly understood by CAS, except the multifactorPolicy attribute. The question is: Is it possible that CAS has a problem with multifactorPolicy attribute being read from MongoDB?

I tried using other attributes such as attributeReleasePolicy and it didn't have any problem reading it, the test were made using a Groovy script that prints all the attributes the registered service has.

The other problem is that when I use the definition provided by CAS documentation of a service, it defines an attribute named "@class", the problem with this is that if I define a service this way, CAS does not understand the class this registry belongs to, but when I define it with "_class" and the same value (org.apereo.cas.services.CasRegisteredService) it works and CAS can understand it. I did some research and I didn't find anything that can tell me why this happens. If you know anything and can tell or have an insight of what might be happening would be much appreciated.

Diego

[Diego Gimenez]

Hello,

I would like to clarify some things that I didn't say in the message above.

First of all. We were using MongoDB the way is shown for four years, and it never happened something like this. That is why I decided to initiate the conversation here. It is extremely rare that the only attribute it's not reading is this particular one.

Second. I tried using a local defined json files to test and those ones reads perfectly the attribute (using "@class" instead of "_class" in those definitions).

Diego

[Petr Bodnár]

Hi Diego,

the reason why multifactorPolicy is not picked up by CAS 6.6.x seems to be trivial: the attribute was renamed to multifactorAuthenticationPolicy in this commit. So your problem doesn't seem to be related just to MongoDB.

Regarding the MongoDB's usage of "_class" instead of "@class", I've googled it for a while and it looks like this is the way how MongoDB stores Java objects in its "own" JSON format. I wonder if there are also some other differences from the "regular" JSON file format which CAS documentation commonly uses in the examples.

I hope this helps

Petr

[Diego Gimenez]

Hi Petr,

thank you very much for your response! Changing the name from multifactorPolicy to multifactorAuthenticationPolicy worked, I just followed the documentation and the attribute has the name I was trying to use. That's why I thought it was a bug, I did not expect it was a simple rename!

Diego

[Petr Bodnár]

Hi Diego,

glad to help. :)

But it looks like I need to correct myself a bit: the field was renamed, yet an annotation @JsonProperty("multifactorPolicy") was added to the class field at the same time. That's why the documentation is still generally correct when writing about multifactorPolicy. But MongoDB doesn't seem to support this annotation out of the box (see @JsonProperty annotation is getting ignored in mongodb collection).

So I just wonder now, how do you actually manage the records within the MongoDB? I couldn't find any hint in the CAS documentation on this. Do you write the records to the MongoDB directly? Provided you would use the CAS Management webapp, would it automatically take care of the corresponding transformations?

Regards

Petr