Hi, A few comments:
- to generate a JWT token, you can use the pac4j-jwt module with the associated code. Internally, the CAS server uses it to decrypt JWT - you have only one primaryAuthenticationHandler: defining two makes the last one overrides the first one, thus your tokenAuthenticationHandler is never found for TokenCredential Thanks. Best regards, Jérôme 2016-07-25 13:29 GMT+02:00 Sami Ghayeni <[email protected]>: > hi, i made a simple app, the url localhost:4000/app is protected by CAS > and needs the user to sign in. it works pretty well. after i login to CAS, > going to localhost:4000/app, it shows me my website and does not ask me to > login anymore. the problem happens when i try to use a token instead of the > username:password combination. i don't understand the java code in here > <https://apereo.github.io/cas/4.2.x/installation/JWT-Authentication.html>(JWT > Authentication) but i made my token this way in node.js: > > var jwt = require('jsonwebtoken'); > > var myService = {"name": "test"}; > > var token = jwt.sign(myService, 'secret'); > > console.log(token); > > my token is > > eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImlhdCI6MTQ2OTQ0NTM5MH0.Vfft0UIaZ2isl4kDmw23iNPvDfqlj9VaLc9qf13IcGo > > > now i go to > https://localhost/cas/login?service=http%3A%2F%2Flocalhost%3A4000%2Fapp&renew=false&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImlhdCI6MTQ2OTQ0NTM5MH0.Vfft0UIaZ2isl4kDmw23iNPvDfqlj9VaLc9qf13IcGo > > it shows me the login page if i'm not logged in or the home page of > protected web app otherwise. at the same time i go to the above url, CAS > logs: > > 2016-07-25 15:46:47,370 WARN > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Cannot > find authentication handler that supports > [org.jasig.cas.authentication.handler.support.TokenCredential@4565d915 > [service=http://localhost:4000/app]] of type [TokenCredential], which > suggests a configuration problem.> > 2016-07-25 15:46:47,373 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: org.jasig.cas.authentication.handler.support.TokenCredential@4565d915 > [service=http://localhost:4000/app] > WHAT: Supplied credentials: > [org.jasig.cas.authentication.handler.support.TokenCredential@4565d915 > [service=http://localhost:4000/app]] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Mon Jul 25 15:46:47 IRDT 2016 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.0.1 > ============================================================= > > > > 2016-07-25 15:46:47,375 WARN > [org.jasig.cas.web.flow.token.TokenAuthenticationAction] - <0 errors, 0 > successes > org.jasig.cas.authentication.AuthenticationException: 0 errors, 0 successes > at > org.jasig.cas.authentication.PolicyBasedAuthenticationManager.evaluateProducedAuthenticationContext(PolicyBasedAuthenticationManager.java:256) > at > org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:242) > at > org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:131) > at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) > at > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85) > at > org.jasig.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:128) > at sun.reflect.GeneratedMethodAccessor78.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610) > at > org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:68) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168) > at > org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:45) > at > com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:32) > at > com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:48) > at > com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:34) > at > com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:46) > at > com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:32) > at > com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208) > at com.sun.proxy.$Proxy69.authenticate(Unknown Source) > at > org.jasig.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:29) > at > org.jasig.cas.web.flow.token.TokenAuthenticationAction.doExecute(TokenAuthenticationAction.java:68) > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) > at > org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) > at org.springframework.webflow.engine.State.enter(State.java:194) > at org.springframework.webflow.engine.Flow.start(Flow.java:527) > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) > at > org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) > at > org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:238) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) > at > org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > > > > > > my service, Test-10000005.json > > { > "@class" : "org.jasig.cas.services.RegexRegisteredService", > "serviceId" : "^http://localhost:4000.*";, > "name" : "Test", > "id" : 10000005, > "description" : "test app", > "evaluationOrder" : 5, > "accessStrategy" : { > "@class" : > "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", > "enabled" : true, > "ssoEnabled" : true > }, > "properties" : { > "@class" : "java.util.HashMap", > "jwtSigningSecret" : { > "@class" : "org.jasig.cas.services.DefaultRegisteredServiceProperty", > "values" : [ "java.util.HashSet", [ "secret" ] ] > } > } > } > > > my pom.xml > > <?xml version="1.0" encoding="UTF-8"?> > <project xmlns="http://maven.apache.org/POM/4.0.0"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > http://maven.apache.org/xsd/maven-4.0.0.xsd "> > <modelVersion>4.0.0</modelVersion> > <groupId>tiva.microservice.cas</groupId> > <artifactId>cas</artifactId> > <packaging>war</packaging> > <version>4.2.4-SNAPSHOT</version> > > <build> > <plugins> > <plugin> > <artifactId>maven-war-plugin</artifactId> > <version>2.6</version> > <configuration> > <warName>cas</warName> > <overlays> > <overlay> > <groupId>org.jasig.cas</groupId> > <artifactId>cas-server-webapp</artifactId> > </overlay> > </overlays> > </configuration> > </plugin> > </plugins> > </build> > > <dependencies> > <!-- cas-server-webapp is the basic to use cas --> > <dependency> > <groupId>org.jasig.cas</groupId> > <artifactId>cas-server-webapp</artifactId> > <version>${cas.version}</version> > <type>war</type> > <scope>runtime</scope> > </dependency> > > <dependency> > <groupId>org.jasig.cas</groupId> > <artifactId>cas-server-support-mongo</artifactId> > <version>${cas.version}</version> > <type>jar</type> > <scope>runtime</scope> > </dependency> > > <dependency> > <groupId>org.jasig.cas</groupId> > <artifactId>cas-server-support-token-webflow</artifactId> > <version>${cas.version}</version> > </dependency> > > </dependencies> > > <properties> > <cas.version>4.2.4-SNAPSHOT</cas.version> > </properties> > > <repositories> > <repository> > <id>sonatype-releases</id> > <url>http://oss.sonatype.org/content/repositories/releases/</url> > </repository> > <repository> > <id>sonatype-snapshots</id> > <url>http://oss.sonatype.org/content/repositories/snapshots/</url> > </repository> > > </repositories> > </project> > > > > what i added to the default deployerConfigContext.xml and cas.properties > files > > <alias name="tokenAuthenticationHandler" > alias="primaryAuthenticationHandler" /> > > <alias name="mongoAuthenticationHandler" > alias="primaryAuthenticationHandler" /> > > > cas.authn.mongo.collection.name=users > cas.authn.mongo.db.host=mongodb:// > aseds4:[email protected]:61360/mydb > cas.authn.mongo.attributes=attribute1,attribute2 > cas.authn.mongo.username.attribute=name > cas.authn.mongo.password.attribute=password > > > i want to create some kind of a microservices architecture. i've been told > that one of the best waysdo so is to use JWT's/tokens. so one > module(microservice) which have a token, can access resources on another > module. without the need to pass username or password to the second web > service. > > i would be grateful for any help you are able to provide. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/7859779a-7b84-4e60-9277-c059de33ba08%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7859779a-7b84-4e60-9277-c059de33ba08%40apereo.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lw%2Bm2uzXSqtvKD8_HQG0Kk-Lx%2Bx6w7i9r%3DK2Ckjn0pFbQ%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
