[cas-user] TokenCreadential: Cannot find authentication handler that supports...

[Sami Ghayeni]

hi, i made a simple app, the url localhost:4000/app is protected by CAS and needs the user to sign in. it works pretty well. after i login to CAS, going to localhost:4000/app, it shows me my website and does not ask me to login anymore. the problem happens when i try to use a token instead of the username:password combination. i don't understand the java code in here(JWT Authentication) but i made my token this way in node.js:

var jwt = require('jsonwebtoken');

var myService = {"name": "test"};

var token = jwt.sign(myService, 'secret');

console.log(token);

my token is 

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImlhdCI6MTQ2OTQ0NTM5MH0.Vfft0UIaZ2isl4kDmw23iNPvDfqlj9VaLc9qf13IcGo

now i go to https://localhost/cas/login?service=http%3A%2F%2Flocalhost%3A4000%2Fapp&renew=false&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImlhdCI6MTQ2OTQ0NTM5MH0.Vfft0UIaZ2isl4kDmw23iNPvDfqlj9VaLc9qf13IcGo

it shows me the login page if i'm not logged in or the home page of protected web app otherwise. at the same time i go to the above url, CAS logs:

2016-07-25 15:46:47,370 WARN [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Cannot find authentication handler that supports [org.jasig.cas.authentication.handler.support.TokenCredential@4565d915[service=http://localhost:4000/app]] of type [TokenCredential], which suggests a configuration problem.>

2016-07-25 15:46:47,373 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================

WHO: org.jasig.cas.authentication.handler.support.TokenCredential@4565d915[service=http://localhost:4000/app]

WHAT: Supplied credentials: [org.jasig.cas.authentication.handler.support.TokenCredential@4565d915[service=http://localhost:4000/app]]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Mon Jul 25 15:46:47 IRDT 2016

CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

=============================================================

>

2016-07-25 15:46:47,375 WARN [org.jasig.cas.web.flow.token.TokenAuthenticationAction] - <0 errors, 0 successes

org.jasig.cas.authentication.AuthenticationException: 0 errors, 0 successes

at org.jasig.cas.authentication.PolicyBasedAuthenticationManager.evaluateProducedAuthenticationContext(PolicyBasedAuthenticationManager.java:256)

at org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:242)

at org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:131)

at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)

at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)

at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85)

at org.jasig.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:128)

at sun.reflect.GeneratedMethodAccessor78.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)

at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)

at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:68)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168)

at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:45)

at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:32)

at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:48)

at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:34)

at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

at com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:46)

at com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:32)

at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)

at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)

at com.sun.proxy.$Proxy69.authenticate(Unknown Source)

at org.jasig.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:29)

at org.jasig.cas.web.flow.token.TokenAuthenticationAction.doExecute(TokenAuthenticationAction.java:68)

at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)

at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)

at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)

at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)

at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)

at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)

at org.springframework.webflow.engine.State.enter(State.java:194)

at org.springframework.webflow.engine.Flow.start(Flow.java:527)

at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)

at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)

at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)

at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:238)

at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)

at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)

at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)

at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)

at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442)

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623)

at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:745)

>

my service, Test-10000005.json

{

  "@class" : "org.jasig.cas.services.RegexRegisteredService",

  "serviceId" : "^http://localhost:4000.*",

  "name" : "Test",

  "id" : 10000005,

  "description" : "test app",

  "evaluationOrder" : 5,

  "accessStrategy" : {

    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",

    "enabled" : true,

    "ssoEnabled" : true

  },

  "properties" : {

    "@class" : "java.util.HashMap",

    "jwtSigningSecret" : {

      "@class" : "org.jasig.cas.services.DefaultRegisteredServiceProperty",

      "values" : [ "java.util.HashSet", [ "secret" ] ]

    }

  }

}

my pom.xml

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0"

         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd ">

    <modelVersion>4.0.0</modelVersion>

    <groupId>tiva.microservice.cas</groupId>

    <artifactId>cas</artifactId>

    <packaging>war</packaging>

    <version>4.2.4-SNAPSHOT</version>

 

    <build>

        <plugins>

            <plugin>

                 <artifactId>maven-war-plugin</artifactId>

                  <version>2.6</version>    

                  <configuration>

                    <warName>cas</warName>

                    <overlays>

                      <overlay>

                        <groupId>org.jasig.cas</groupId>

                          <artifactId>cas-server-webapp</artifactId>

                        </overlay>

                    </overlays> 

                  </configuration>

            </plugin>

        </plugins>

    </build>

    <dependencies>

      <!-- cas-server-webapp is the basic to use cas -->

      <dependency>

        <groupId>org.jasig.cas</groupId>

        <artifactId>cas-server-webapp</artifactId>

        <version>${cas.version}</version>

        <type>war</type>

        <scope>runtime</scope>

      </dependency>

      <dependency>

          <groupId>org.jasig.cas</groupId>

          <artifactId>cas-server-support-mongo</artifactId>

          <version>${cas.version}</version>

          <type>jar</type>

          <scope>runtime</scope>

      </dependency>

      

      <dependency>

        <groupId>org.jasig.cas</groupId>

        <artifactId>cas-server-support-token-webflow</artifactId>

        <version>${cas.version}</version>

      </dependency>

    </dependencies>

    <properties>

        <cas.version>4.2.4-SNAPSHOT</cas.version>

    </properties>

 

    <repositories>

      <repository>

        <id>sonatype-releases</id>

        <url>http://oss.sonatype.org/content/repositories/releases/</url>

      </repository>

      <repository>

        <id>sonatype-snapshots</id>

        <url>http://oss.sonatype.org/content/repositories/snapshots/</url>

      </repository>

    </repositories>

</project>

what i added to the default deployerConfigContext.xml and cas.properties files

<alias name="tokenAuthenticationHandler" alias="primaryAuthenticationHandler" />

<alias name="mongoAuthenticationHandler" alias="primaryAuthenticationHandler" />

cas.authn.mongo.collection.name=users

cas.authn.mongo.db.host=mongodb://aseds4:pa...@ds061360.mlab.com:61360/mydb

cas.authn.mongo.attributes=attribute1,attribute2

cas.authn.mongo.username.attribute=name

cas.authn.mongo.password.attribute=password

i want to create some kind of a microservices architecture. i've been told that one of the best waysdo so is to use JWT's/tokens. so one module(microservice) which have a token, can access resources on another module. without the need to pass username or password to the second web service.

i would be grateful for any help you are able to provide.

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7859779a-7b84-4e60-9277-c059de33ba08%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[Jérôme LELEU]

Hi,

A few comments:

- to generate a JWT token, you can use the pac4j-jwt module with the associated code. Internally, the CAS server uses it to decrypt JWT

- you have only one primaryAuthenticationHandler: defining two makes the last one overrides the first one, thus your tokenAuthenticationHandler is never found for TokenCredential

Thanks.

Best regards,

Jérôme

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lw%2Bm2uzXSqtvKD8_HQG0Kk-Lx%2Bx6w7i9r%3DK2Ckjn0pFbQ%40mail.gmail.com.

[Sami Ghayeni]

thanks. i should've noticed the word 'primary'

what i need:

- any regular user who asks for resources of app1, get's redirected to the CAS' login form and he should types his username and password

- if an app2(and not a user) asks for resources of app1, it should have a token.

is there a way to achieve this?

thank you for your time.

cas.authn.mongo.collection.name=users

cas.authn.mongo.db.host=mongodb://aseds4:pass4@ds061360.mlab.com:61360/mydb

cas.authn.mongo.attributes=attribute1,attribute2

cas.authn.mongo.username.attribute=name

cas.authn.mongo.password.attribute=password

i want to create some kind of a microservices architecture. i've been told that one of the best waysdo so is to use JWT's/tokens. so one module(microservice) which have a token, can access resources on another module. without the need to pass username or password to the second web service.

i would be grateful for any help you are able to provide.

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7859779a-7b84-4e60-9277-c059de33ba08%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8e353151-fbc2-45ff-ab4d-bedf729fc684%40apereo.org.