Hi Cross, Can you post the exact lines of the log? Also, is there an exception, there usually is if auth failed from what I've seen over the last couple of weeks.
Attached are my current src/main/web-app/WEB-INF/spring-configuration/propertyFileConfigurer.xml , src/main/web-app/WEB-INF/deployerConfigContext.xml and my cas.properties and contents of /etc/services where test-1001.json lives. Also pom.xml Note, I am still testing and some of these settings are not optimal and not production ready On Monday, 13 June 2016 06:52:46 UTC+1, Cross Zheng wrote: > > Hi John > > I copied your deployerConfigContext.xml, I still can not get myself passed > the authentication. Always saying "ACTION: AUTHENTICATION_FAILED" > > Could you please copy the deployerConfigContext.xml from cas repository > (v4.2.2) and highlight where you modified? > > I've did this, but with your modification, Jetty returns some jvm errors. > > Thanks, > Cross > > > On Friday, 10 June 2016 16:50:31 UTC+8, John Rellis wrote: >> >> Thanks, that worked! Once I figured out there was a default >> deployerConfigContext.xml created by the overlay I edited that and got >> myself up and running using the following. I still have some >> customisations to make but I can login from the db now! Thanks to you both >> for you help! Free beer for all! >> >> <?xml version="1.0" encoding="UTF-8"?> >> >> <beans xmlns="http://www.springframework.org/schema/beans"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xmlns:context="http://www.springframework.org/schema/context"; >> xmlns:p="http://www.springframework.org/schema/p"; >> xmlns:c="http://www.springframework.org/schema/c"; >> xmlns:aop="http://www.springframework.org/schema/aop"; >> xmlns:tx="http://www.springframework.org/schema/tx"; >> xmlns:util="http://www.springframework.org/schema/util"; >> xmlns:sec="http://www.springframework.org/schema/security"; >> xsi:schemaLocation="http://www.springframework.org/schema/beans >> http://www.springframework.org/schema/beans/spring-beans.xsd >> http://www.springframework.org/schema/tx >> http://www.springframework.org/schema/tx/spring-tx.xsd >> http://www.springframework.org/schema/aop >> http://www.springframework.org/schema/aop/spring-aop.xsd >> http://www.springframework.org/schema/context >> http://www.springframework.org/schema/context/spring-context.xsd >> http://www.springframework.org/schema/security >> http://www.springframework.org/schema/security/spring-security.xsd >> http://www.springframework.org/schema/util >> http://www.springframework.org/schema/util/spring-util.xsd";> >> <description> >> Nothing yet - work in progress >> </description> >> >> <!-- Copied from >> https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml >> >> --> >> <util:map id="authenticationHandlersResolvers"> >> <!-- >> https://apereo.github.io/cas/4.2.x/installation/Configuring-Principal-Resolution.html#principalresolver-vs-authenticationhandler >> >> we want to use the --> >> <!-- we want to use the value returned from >> queryDatabaseAuthenticationHandler --> >> <entry key-ref="primaryAuthenticationHandler" value="#{null}"/> >> </util:map> >> >> >> >> >> <!-- >> https://apereo.github.io/cas/4.2.x/installation/Configuring-Authentication-Components.html#default-encoder >> >> --> >> <alias name="defaultPasswordEncoder" alias="passwordEncoder"/> >> >> <!-- >> https://apereo.github.io/cas/4.2.x/installation/Database-Authentication.html >> --> >> <alias name="queryDatabaseAuthenticationHandler" >> alias="primaryAuthenticationHandler"/> >> <alias name="dataSource" alias="queryDatabaseDataSource"/> >> <bean id="dataSource" >> class="com.mchange.v2.c3p0.ComboPooledDataSource" >> p:driverClass="${database.driverClass}" >> p:jdbcUrl="${database.url}" >> p:user="${database.user}" >> p:password="${database.password}" >> p:initialPoolSize="${database.pool.minSize}" >> p:minPoolSize="${database.pool.minSize}" >> p:maxPoolSize="${database.pool.maxSize}" >> p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}" >> p:checkoutTimeout="${database.pool.maxWait}" >> p:acquireIncrement="${database.pool.acquireIncrement}" >> p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}" >> p:acquireRetryDelay="${database.pool.acquireRetryDelay}" >> >> p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}" >> p:preferredTestQuery="${database.pool.connectionHealthQuery}"/> >> >> >> <!-- Copied from >> https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml >> >> START--> >> >> <util:list id="authenticationMetadataPopulators"> >> <ref bean="successfulHandlerMetaDataPopulator" /> >> <ref bean="rememberMeAuthenticationMetaDataPopulator" /> >> </util:list> >> >> <bean id="attributeRepository" >> class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao" >> p:backingMap-ref="attrRepoBackingMap" /> >> >> <util:map id="attrRepoBackingMap"> >> <entry key="uid" value="uid" /> >> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> >> <entry key="groupMembership" value="groupMembership" /> >> <entry> >> <key><value>memberOf</value></key> >> <list> >> <value>faculty</value> >> <value>staff</value> >> <value>org</value> >> </list> >> </entry> >> </util:map> >> >> <alias name="ticketGrantingTicketExpirationPolicy" >> alias="grantingTicketExpirationPolicy" /> >> <alias name="multiTimeUseOrTimeoutExpirationPolicy" >> alias="serviceTicketExpirationPolicy" /> >> >> <bean id="auditTrailManager" >> >> class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" >> p:entrySeparator="${cas.audit.singleline.separator:|}" >> p:useSingleLine="${cas.audit.singleline:false}"/> >> >> <alias name="neverThrottle" alias="authenticationThrottle" /> >> >> <util:list id="monitorsList"> >> <ref bean="memoryMonitor" /> >> <ref bean="sessionMonitor" /> >> </util:list> >> >> <alias name="anyAuthenticationPolicy" alias="authenticationPolicy"/> >> <alias name="acceptAnyAuthenticationPolicyFactory" >> alias="authenticationPolicyFactory"/> >> >> <alias name="serviceThemeResolver" alias="themeResolver"/> >> >> <alias name="defaultTicketRegistry" alias="ticketRegistry"/> >> >> <alias name="defaultPrincipalFactory" alias="principalFactory"/> >> >> <alias name="defaultAuthenticationTransactionManager" >> alias="authenticationTransactionManager"/> >> <alias name="defaultPrincipalElectionStrategy" >> alias="principalElectionStrategy"/> >> <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor"/> >> <alias name="neverThrottle" alias="authenticationThrottle" /> >> >> <!-- Copied from >> https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml >> >> END--> >> >> >> </beans> >> >> >> >> >> On Fri, 3 Jun 2016 at 16:56 John Rellis <[email protected]> wrote: >> >>> Excellent, thank you! >>> >>> On Fri, 3 Jun 2016 at 16:55 Dmitriy Kopylenko <[email protected]> >>> wrote: >>> >>>> Just leave the propertyFileConfigurer.xml alone and customize the >>>> deployerConfigContext.xml in your overlay. >>>> >>>> And check this doc out: >>>> http://apereo.github.io/cas/4.2.x/installation/Maven-Overlay-Installation.html >>>> >>>> D. >>>> >>>> On Jun 3, 2016, at 11:50 AM, John Rellis <[email protected]> wrote: >>>> >>>> Thanks Dmitriy, >>>> >>>> Are you saying that I need to move propertyFileConfigurer.xml from >>>> where the cas-overlay-template mvn pakage puts it? >>>> >>>> I'll try customising what Misagh linked to, thanks to you both. >>>> Hopefully I won't have to come back with more questions. >>>> >>>> Thanks, >>>> John >>>> >>>> On Fri, 3 Jun 2016 at 16:40 Dmitriy Kopylenko <[email protected]> >>>> wrote: >>>> >>>>> Place the custom handler definitions and aliases into >>>>> WEB-INF/deployerConfigContext.xml As Misagh showed in that link in the >>>>> previous message. Just get the entire file from the CAS repository, place >>>>> it in your overlay and override the custom bits. >>>>> >>>>> Just an aside note - that kind of local customization will be much >>>>> easier in CAS v5 ;-) >>>>> >>>>> Cheers, >>>>> D. >>>>> >>>>> On Jun 3, 2016, at 11:35 AM, John Rellis <[email protected]> wrote: >>>>> >>>>> Hi Dimitry, >>>>> >>>>> I am using https://github.com/apereo/cas-overlay-template to create a >>>>> war and yes propertyFileDescriptor.xml is where I have copied that >>>>> xml from. >>>>> >>>>> Once deployed it is in >>>>> apache-tomcat-8.0.33/webapps/cas/WEB-INF/spring-configuration/ >>>>> propertyFileConfigurer.xml >>>>> >>>>> Do you need any more info? >>>>> >>>>> Thanks! >>>>> John >>>>> >>>>> On Fri, 3 Jun 2016 at 16:26 Dmitriy Kopylenko <[email protected]> >>>>> wrote: >>>>> >>>>>> You mentioned ‘propertyFileDescriptor.xml’. Is that where you define >>>>>> your beans shown below? Where do you place this file? >>>>>> >>>>>> D. >>>>>> >>>>>> On Jun 3, 2016, at 11:21 AM, John Rellis <[email protected]> wrote: >>>>>> >>>>>> Thanks but that doesn't use queryDatabaseAuthenticationHandler :( >>>>>> >>>>>> On Friday, 3 June 2016 16:11:23 UTC+1, Misagh Moayyed wrote: >>>>>>> >>>>>>> Compare your configuration with this: >>>>>>> >>>>>>> >>>>>>> https://github.com/apereo/cas/blob/4.2.x/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml >>>>>>> >>>>>>> >>>>>>> >>>>>>> *From:* [email protected] [mailto:[email protected]] *On Behalf >>>>>>> Of *John Rellis >>>>>>> *Sent:* Friday, June 3, 2016 7:10 AM >>>>>>> *To:* CAS Community <[email protected]> >>>>>>> *Subject:* [cas-user] queryDatabaseAuthenticationHandler not being >>>>>>> called (CAS 4.2.2) >>>>>>> >>>>>>> >>>>>>> Hello! >>>>>>> >>>>>>> >>>>>>> CAS version 4.2.2 >>>>>>> >>>>>>> >>>>>>> I am following the documentation to try and configure a database >>>>>>> authentication hander but it looks as though the >>>>>>> AcceptUsersAuthenticationHandler is the only one being called (logs >>>>>>> below) >>>>>>> >>>>>>> >>>>>>> Here's my propertyFileDescriptor.xml. I've been looking at examples >>>>>>> online that actually define beans for >>>>>>> queryDatabaseAuthenticationHandler >>>>>>> but since this is not in the docs I am assuming this done on older >>>>>>> versions >>>>>>> (apologies, I've mainly been working in grails so my spring config >>>>>>> experience is non-existent). Thanks in advance for any pointers here, >>>>>>> I >>>>>>> feel like I've hit a wall with the docs. >>>>>>> >>>>>>> >>>>>>> I have also set these : >>>>>>> >>>>>>> >>>>>>> cas.authn.password.encoding.char=UTF-8 >>>>>>> >>>>>>> cas.authn.password.encoding.alg=SHA-256 >>>>>>> >>>>>>> cas.jdbc.authn.query.sql=select password_hash from shiro_user where >>>>>>> username = ? >>>>>>> >>>>>>> >>>>>>> >>>>>>> <beans xmlns="http://www.springframework.org/schema/beans"; >>>>>>> >>>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>>>>>> >>>>>>> xmlns:p="http://www.springframework.org/schema/p"; >>>>>>> >>>>>>> xmlns:context="http://www.springframework.org/schema/context"; >>>>>>> >>>>>>> xmlns:util="http://www.springframework.org/schema/util"; >>>>>>> >>>>>>> xsi:schemaLocation=" >>>>>>> http://www.springframework.org/schema/beans >>>>>>> http://www.springframework.org/schema/beans/spring-beans.xsd >>>>>>> >>>>>>> http://www.springframework.org/schema/context >>>>>>> http://www.springframework.org/schema/context/spring-context.xsd >>>>>>> >>>>>>> http://www.springframework.org/schema/util >>>>>>> http://www.springframework.org/schema/util/spring-util.xsd";> >>>>>>> >>>>>>> <description> >>>>>>> >>>>>>> This file lets CAS know where you've stored >>>>>>> the cas.properties file which details some of the configuration options >>>>>>> >>>>>>> that are specific to your environment. You >>>>>>> can specify the location of the file here. You may wish to place the >>>>>>> file >>>>>>> outside >>>>>>> >>>>>>> of the Servlet context if you have options >>>>>>> that are specific to a tier (i.e. test vs. production) so that the WAR >>>>>>> file >>>>>>> >>>>>>> can be moved between tiers without >>>>>>> modification. >>>>>>> >>>>>>> </description> >>>>>>> >>>>>>> >>>>>>> <util:properties id="casProperties" >>>>>>> location="file:/home/john/cas/cas-overlay-template/etc/cas.properties" >>>>>>> /> >>>>>>> >>>>>>> >>>>>>> <context:property-placeholder properties-ref="casProperties" /> >>>>>>> >>>>>>> >>>>>>> <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" >>>>>>> /> >>>>>>> >>>>>>> >>>>>>> <alias name="queryDatabaseAuthenticationHandler" >>>>>>> alias="primaryAuthenticationHandler" /> >>>>>>> >>>>>>> <alias name="dataSource" alias="queryDatabaseDataSource" /> >>>>>>> >>>>>>> >>>>>>> <alias name="defaultPasswordEncoder" alias="passwordEncoder" /> >>>>>>> >>>>>>> >>>>>>> <bean id="dataSource" >>>>>>> >>>>>>> class="com.mchange.v2.c3p0.ComboPooledDataSource" >>>>>>> >>>>>>> p:driverClass="${database.driverClass}" >>>>>>> >>>>>>> p:jdbcUrl="${database.url}" >>>>>>> >>>>>>> p:user="${database.user}" >>>>>>> >>>>>>> p:password="${database.password}" >>>>>>> >>>>>>> p:initialPoolSize="${database.pool.minSize}" >>>>>>> >>>>>>> p:minPoolSize="${database.pool.minSize}" >>>>>>> >>>>>>> p:maxPoolSize="${database.pool.maxSize}" >>>>>>> >>>>>>> >>>>>>> p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}" >>>>>>> >>>>>>> p:checkoutTimeout="${database.pool.maxWait}" >>>>>>> >>>>>>> p:acquireIncrement="${database.pool.acquireIncrement}" >>>>>>> >>>>>>> >>>>>>> p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}" >>>>>>> >>>>>>> p:acquireRetryDelay="${database.pool.acquireRetryDelay}" >>>>>>> >>>>>>> >>>>>>> p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}" >>>>>>> >>>>>>> >>>>>>> p:preferredTestQuery="${database.pool.connectionHealthQuery}" /> >>>>>>> >>>>>>> >>>>>>> </beans> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2016-06-03 14:40:07,885 [http-nio-8080-exec-1] DEBUG >>>>>>> org.jasig.cas.util.RegexUtils - Pattern >>>>>>> http://localhost:8080/CasTest/shiro-cas is a valid regex. >>>>>>> >>>>>>> 2016-06-03 14:40:07,886 [http-nio-8080-exec-1] DEBUG >>>>>>> org.jasig.cas.services.web.RegisteredServiceThemeBasedViewResolver - >>>>>>> View >>>>>>> resolved: /WEB-INF/view/jsp/default/ui/casLoginView.jsp >>>>>>> >>>>>>> 2016-06-03 14:40:07,948 [http-nio-8080-exec-1] INFO >>>>>>> org.jasig.cas.authentication.PolicyBasedAuthenticationManager - >>>>>>> *AcceptUsersAuthenticationHandler* failed authenticating admin >>>>>>> >>>>>>> 2016-06-03 14:40:07,948 [http-nio-8080-exec-1] DEBUG >>>>>>> org.jasig.cas.authentication.PolicyBasedAuthenticationManager - >>>>>>> *AcceptUsersAuthenticationHandler* exception details: No user can >>>>>>> be accepted because none is defined >>>>>>> >>>>>>> 2016-06-03 14:40:07,953 [http-nio-8080-exec-1] DEBUG >>>>>>> org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver - Resolving >>>>>>> argument [AuthenticationTransaction] for audit >>>>>>> >>>>>>> 2016-06-03 14:40:07,954 [http-nio-8080-exec-1] DEBUG >>>>>>> org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver - Resolving >>>>>>> argument [UsernamePasswordCredential] for audit >>>>>>> >>>>>>> 2016-06-03 14:40:07,957 [http-nio-8080-exec-1] INFO >>>>>>> org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager - Audit >>>>>>> trail record BEGIN >>>>>>> >>>>>>> ============================================================= >>>>>>> >>>>>>> WHO: admin >>>>>>> >>>>>>> WHAT: Supplied credentials: [admin] >>>>>>> >>>>>>> ACTION: AUTHENTICATION_FAILED >>>>>>> >>>>>>> APPLICATION: CAS >>>>>>> >>>>>>> WHEN: Fri Jun 03 14:40:07 IST 2016 >>>>>>> >>>>>>> CLIENT IP ADDRESS: 10.5.5.30 >>>>>>> >>>>>>> SERVER IP ADDRESS: 10.5.5.50 >>>>>>> >>>>>>> ============================================================= >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2016-06-03 14:40:07,961 [http-nio-8080-exec-1] DEBUG >>>>>>> org.jasig.cas.web.flow.AuthenticationViaFormAction - 1 errors, 0 >>>>>>> successes >>>>>>> >>>>>>> org.jasig.cas.authentication.AuthenticationException: 1 errors, 0 >>>>>>> successes >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> Visit this group at >>>>>>> https://groups.google.com/a/apereo.org/group/cas-user/. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/45c51101-265a-4b44-b636-e3027304189a%40apereo.org >>>>>>> >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/45c51101-265a-4b44-b636-e3027304189a%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> For more options, visit >>>>>>> https://groups.google.com/a/apereo.org/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CAS Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> Visit this group at >>>>>> https://groups.google.com/a/apereo.org/group/cas-user/. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fbd50f6-e9ce-426d-bfd6-c93c0ce239c9%40apereo.org >>>>>> >>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fbd50f6-e9ce-426d-bfd6-c93c0ce239c9%40apereo.org?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit >>>>>> https://groups.google.com/a/apereo.org/d/optout. >>>>>> >>>>>> >>>>>> >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/68ed2eed-d131-4ec7-9b89-e31869487f5a%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
deployerConfigContext.xml
Description: XML document
test-10001.json
Description: application/json
pom.xml
Description: XML document
cas.properties
Description: Binary data
