Possible to have more than one QueryDatabaseAuthenticationHandlers with diff properties?

[John Rellis]

Hey folks,

I need to authenticate against more than one database, each database has different schema and some have different password hash schemes.  Authenticating against any one of these should equal a success.

Is it possible to have more than one QueryDatabaseAuthenticationHandler with different properties for the following??

cas.authn.password.encoding.alg=SHA-256

cas.jdbc.authn.query.sql=select password_hash from shiro_user where username = ?

Many thanks in advance!

Currently this is snippet of my deployer

    <!-- Copied from https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml -->

    <util:map id="authenticationHandlersResolvers">

        <!-- https://apereo.github.io/cas/4.2.x/installation/Configuring-Principal-Resolution.html#principalresolver-vs-authenticationhandler we want to use the -->

        <!-- we want to use the value returned from queryDatabaseAuthenticationHandler -->

        <entry key-ref="primaryAuthenticationHandler" value="#{null}"/>

    </util:map>

    <!-- https://apereo.github.io/cas/4.2.x/installation/Configuring-Authentication-Components.html#default-encoder -->

    <alias name="defaultPasswordEncoder" alias="passwordEncoder"/>

    <!-- https://apereo.github.io/cas/4.2.x/installation/Database-Authentication.html -->

    <alias name="queryDatabaseAuthenticationHandler" alias="primaryAuthenticationHandler"/>

    <alias name="dataSource" alias="queryDatabaseDataSource"/>

    <bean id="dataSource"

          class="com.mchange.v2.c3p0.ComboPooledDataSource"

          p:driverClass="${database.driverClass}"

          p:jdbcUrl="${database.url}"

          p:user="${database.user}"

          p:password="${database.password}"

          p:initialPoolSize="${database.pool.minSize}"

          p:minPoolSize="${database.pool.minSize}"

          p:maxPoolSize="${database.pool.maxSize}"

          p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"

          p:checkoutTimeout="${database.pool.maxWait}"

          p:acquireIncrement="${database.pool.acquireIncrement}"

          p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"

          p:acquireRetryDelay="${database.pool.acquireRetryDelay}"

          p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"

          p:preferredTestQuery="${database.pool.connectionHealthQuery}"/>

[Misagh Moayyed]

Yes, define the AuthN handler yourself directly in the file as a bean. This is something the project is working on to make sure “auto configuration” can take into account multiple handlers and such.

 

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/614af11a-b965-4e4d-865b-7939d036c933%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[John Rellis]

Hey Misagh,

Thanks again for your response, figured it out after your comment, excellent, thank you!!!  Next step, get MD5 out of these applications!!!

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:c="http://www.springframework.org/schema/c"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
    <description>
        Nothing yet - work in progress
    </description>

    <!-- Copied from https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml -->
    <util:map id="authenticationHandlersResolvers">
        <!-- https://apereo.github.io/cas/4.2.x/installation/Configuring-Principal-Resolution.html#principalresolver-vs-authenticationhandler we want to use the -->
        <!-- we want to use the value returned from queryDatabaseAuthenticationHandler -->

        <entry key-ref="appOneAuthenticationHandler" value="#{null}"/>
        <entry key-ref="appTwoAuthenticationHandler" value="#{null}"/>

    </util:map>


    <!-- https://apereo.github.io/cas/4.2.x/installation/Configuring-Authentication-Components.html#default-encoder -->

    <!--<alias name="defaultPasswordEncoder" alias="passwordEncoder"/>-->

    <!-- https://apereo.github.io/cas/4.2.x/installation/Database-Authentication.html -->
    <!--<alias name="queryDatabaseAuthenticationHandler" alias="primaryAuthenticationHandler"/>-->

    <alias name="dataSource" alias="queryDatabaseDataSource"/>
    <bean id="dataSource"
          class="com.mchange.v2.c3p0.ComboPooledDataSource"
          p:driverClass="${database.driverClass}"
          p:jdbcUrl="${database.url}"
          p:user="${database.user}"
          p:password="${database.password}"
          p:initialPoolSize="${database.pool.minSize}"
          p:minPoolSize="${database.pool.minSize}"
          p:maxPoolSize="${database.pool.maxSize}"
          p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"
          p:checkoutTimeout="${database.pool.maxWait}"
          p:acquireIncrement="${database.pool.acquireIncrement}"
          p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"
          p:acquireRetryDelay="${database.pool.acquireRetryDelay}"
          p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"
          p:preferredTestQuery="${database.pool.connectionHealthQuery}"/>

    <!-- Copied from https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml  START-->

    <util:list id="authenticationMetadataPopulators">
        <ref bean="successfulHandlerMetaDataPopulator"/>
        <ref bean="rememberMeAuthenticationMetaDataPopulator"/>
    </util:list>

    <bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
          p:backingMap-ref="attrRepoBackingMap"/>

    <util:map id="attrRepoBackingMap">
        <entry key="uid" value="uid"/>
    </util:map>

    <alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy"/>
    <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy"/>

    <bean id="auditTrailManager"
          class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager"
          p:entrySeparator="${cas.audit.singleline.separator:|}"
          p:useSingleLine="${cas.audit.singleline:false}"/>

    <alias name="neverThrottle" alias="authenticationThrottle"/>

    <util:list id="monitorsList">
        <ref bean="memoryMonitor"/>
        <ref bean="sessionMonitor"/>
    </util:list>

    <alias name="anyAuthenticationPolicy" alias="authenticationPolicy"/>
    <alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory"/>

    <alias name="serviceThemeResolver" alias="themeResolver"/>

    <alias name="defaultTicketRegistry" alias="ticketRegistry"/>

    <alias name="defaultPrincipalFactory" alias="principalFactory"/>

    <alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager"/>
    <alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy"/>
    <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor"/>
    <alias name="neverThrottle" alias="authenticationThrottle"/>
    
    <bean id="md5PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
        <constructor-arg value="MD5"/>
        <property name="characterEncoding" value="UTF-8"/>

    </bean>

    <bean id="sha256PasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
        <constructor-arg value="SHA-256"/>
        <property name="characterEncoding" value="UTF-8"/>

    </bean>

    <bean id = "appOneAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
        <property name="dataSource" ref="queryDatabaseDataSource" />
        <property name="sql" value="select SUBSTRING(password, 6) from user where login = ?" />
        <property name="passwordEncoder" ref="md5PasswordEncoder"/>
    </bean>

    <bean id = "appTwoAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
        <property name="dataSource" ref="queryDatabaseDataSource" />
        <property name="sql" value="select password_hash from noc_portal_sso.shiro_user where username = ?" />
        <property name="passwordEncoder" ref="sha256PasswordEncoder"/>
    </bean>

</beans>

John