Hello,
I am running CAS Overlay 4.1.9. Instead of configuring CAS Authentication
modules (JDBC/LDAP), I extend
AbstractUsernamePasswordAuthenticationHandler, wrote my class and
implemented authentication by looking up both database and LDAP for my
business needs. I have attached some code below.
It works fine on single CAS server. The problem is when I am running two
CAS server with memcached storing tickets. Authentication still works fine.
The problem is with /serviceValidate call when looking up ST.
If server 1 authenticates the user, generating TGT and ST, but server2 is
the one handling /serviceValidate call (validate ST), I always get "Failed
Fetching (Exception waiting for value) from memcached client. But, if the
same server, server 1, handles /serviceValidate, then that works.
If I replace my MyCASAuthenticationHandler
with org.jasig.cas.authentication.AcceptUsersAuthenticationHandler, which
has the default "casuser/Mellon" credential, then the above works fine
regardless of which server handles /serviceValidate call.
This is very odd, as I cannot see how Authentication can affect
/serviceValidate call, but it does, and I can consistently reproduce this.
What am I missing?
Our authentication needs to look up first database, get some value and with
that, look up LDAP, no existing authentication module works that way. It
seems reasonable to write my own authentication and it is very easy to do.
But, apparently that somehow breaks /serviceValidate call when the call is
handled by the server that does not perform the authentication.
Is there some kind of server side session variables and/or values that
/serviceValidate will look up?
Thanks,
Yan
in deployerConfigContext.xml
<bean id="questCasAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.MyCASAuthenticationHandler"
p:loginUserRepository-ref="loginUserRepository"
p:ldapTemplate-ref="ldapTemplate" />
dataSource, userRepository and ldapTemplate are defined.
public class MyCASAuthenticationHandler extends
AbstractUsernamePasswordAuthenticationHandler {
LoginUserRepository loginUserRepository;
LdapTemplate ldapTemplate;
@Override
protected HandlerResult
authenticateUsernamePasswordInternal(UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
// i look up database and ldap to authenticate user,
I update database here for auditing, return below if authentication is
successful.
return createHandlerResult(credential,
principalFactory.createPrincipal(credential.getUsername()), null);
}
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a2c170a3-eff9-4314-ace9-d40a109fd886%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
