[cas-dev] CAS 6.4.x bug: authentication handler called twice when using REST endpoint

[Damien Gibou]

  Hello,

We are trying to update from 6.3.7.1 to 6.4.3 and have identified what seems a regression.

Authentication handlers are called twice if using the REST API (whereas only once when loging in with the UI)

Reproduced with a minimal overlay with no specific customization (use of cas-server-support-saml + cas-server-support-rest + cas-server-support-json-service-registry in an overlay of  cas-server-webapp-jetty WAR / spring boot package and static auth cas.authn.accept.users=user::user )

curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -i http://localhost/cas/v1/tickets --data 'username=user&password=user'

The log has duplicated lines [see below] showing that the authentication handler is called twice (and audit entries are generated twice, also).

   

Reproduced with 6.4.0-RC4, 6.4.0, 6.4.2 and 6.4.3 but not 6.4.0-RC1/RC2/RC3

  Damien

---------------------

2021-11-23 10:37:40,838 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - Authenticated principal [user] with attributes [{}] via credentials [[UsernamePasswordCredential(username=user, source=null, customFields={})]].

2021-11-23 10:37:40,838 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: user

WHAT: [UsernamePasswordCredential(username=user, source=null, customFields={})]

ACTION: AUTHENTICATION_SUCCESS

APPLICATION: CAS

WHEN: Tue Nov 23 10:37:40 CET 2021

CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

=============================================================

2021-11-23 10:37:40,854 INFO [org.apereo.cas.authentication.DefaultAuthenticationManager] - Authenticated principal [user] with attributes [{}] via credentials [[UsernamePasswordCredential(username=user, source=null, customFields={})]].

2021-11-23 10:37:40,854 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: user

WHAT: [UsernamePasswordCredential(username=user, source=null, customFields={})]

ACTION: AUTHENTICATION_SUCCESS

APPLICATION: CAS

WHEN: Tue Nov 23 10:37:40 CET 2021

CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

=============================================================

2021-11-23 10:37:40,892 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: user

WHAT: TGT-1-*****nTHRzbxGTw-FRL012435

ACTION: TICKET_GRANTING_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Nov 23 10:37:40 CET 2021

CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

=============================================================

2021-11-23 10:37:40,892 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: user

WHAT: {location=http://localhost:15446/cas/v1/tickets/TGT-1--GOVpcgd2ew2gc-JX5ZkxuxrVZYebA0-cqawxaTV9vZUcKA9YaVD95eOQnTHRzbxGTw-FRL012435, status=201-CREATED}

ACTION: REST_API_TICKET_GRANTING_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Nov 23 10:37:40 CET 2021

CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

=============================================================

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-dev+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/5ed2f399-9367-47eb-8fdf-0d966889f18bn%40apereo.org.

[Damien Gibou]

Hello,

The bug can still be reproduced with CAS 6.5.0-RC4. 

Anything I can do to help track/fix the regression ?

Damien

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/4f580dfb-8a2a-495d-ad59-0380ed17377en%40apereo.org.

[Damien Gibou]

For information, the bug is not preset anymore in 6.5.5 (and 6.5.9)

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/b0b8e18d-1921-4591-a220-4afbdda4acb6n%40apereo.org.