Hello, I am running CAS Overlay 4.1.9. Instead of configuring CAS Authentication modules (JDBC/LDAP), I extend AbstractUsernamePasswordAuthenticationHandler, wrote my class and implemented authentication by looking up both database and LDAP for my business needs. I have attached some code below.
It works fine on single CAS server. The problem is when I am running two CAS server with memcached storing tickets. Authentication still works fine. The problem is with /serviceValidate call when looking up ST. If server 1 authenticates the user, generating TGT and ST, but server2 is the one handling /serviceValidate call (validate ST), I always get "Failed Fetching (Exception waiting for value) from memcached client. But, if the same server, server 1, handles /serviceValidate, then that works. If I replace my MyCASAuthenticationHandler with org.jasig.cas.authentication.AcceptUsersAuthenticationHandler, which has the default "casuser/Mellon" credential, then the above works fine regardless of which server handles /serviceValidate call. This is very odd, as I cannot see how Authentication can affect /serviceValidate call, but it does, and I can consistently reproduce this. What am I missing? Our authentication needs to look up first database, get some value and with that, look up LDAP, no existing authentication module works that way. It seems reasonable to write my own authentication and it is very easy to do. But, apparently that somehow breaks /serviceValidate call when the call is handled by the server that does not perform the authentication. Is there some kind of server side session variables and/or values that /serviceValidate will look up? Thanks, Yan in deployerConfigContext.xml <bean id="questCasAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.MyCASAuthenticationHandler" p:loginUserRepository-ref="loginUserRepository" p:ldapTemplate-ref="ldapTemplate" /> dataSource, userRepository and ldapTemplate are defined. public class MyCASAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler { LoginUserRepository loginUserRepository; LdapTemplate ldapTemplate; @Override protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential credential) throws GeneralSecurityException, PreventedException { // i look up database and ldap to authenticate user, I update database here for auditing, return below if authentication is successful. return createHandlerResult(credential, principalFactory.createPrincipal(credential.getUsername()), null); } -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a2c170a3-eff9-4314-ace9-d40a109fd886%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.