Re: [cas-user] CAS 5: Changing the principal resolver in application.properties

Erdal Gunyar Tue, 18 Oct 2016 03:00:09 -0700

Thanks for the response!
You guessed well! Initially, I wished to merge the (automaticaly created) 
DAOs only with application.properties. That would be great.


Sure, here is the code:

*localhost-2.json*

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^https?://localhost.*",
  "name" : "localhost",
  "id" : 2,
  "description" : "Allows only localhost services",
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }
}



*application.properties*

##
# CAS Server Context Configuration
#
server.name=URL
server.context-path=/cas
server.port=8433

cas.server.http.enabled=false
cas.ticket.st.timeToKillInSeconds=600

server.ssl.enabled=true
server.ssl.key-alias=cas
server.ssl.key-store=file:/somewhere/.keystore
server.ssl.key-store-password=secret
server.ssl.key-password=secret

server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=5
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8

spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true

##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false

endpoints.enabled=true
endpoints.sensitive=true
management.context-path=/status
endpoints.restart.enabled=false
endpoints.shutdown.enabled=false


##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE

##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=false

##
# CAS Log4j Configuration
#
server.context-parameters.isLog4jAutoInitializationDisabled=true

##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true

##
# CAS Authentication Credentials
#
cas.authn.accept.users=

##
# LDAP
#
cas.authn.ldap[0].ldapUrl=ldap://URL:PORT/
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].baseDn=OU=Users,DC=Company,DC=Com
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].bindDn=manager
cas.authn.ldap[0].bindCredential=secret
cas.authn.ldap[0].dnFormat=%s...@company.com
cas.authn.ldap[0].principalAttributeId=sAMAccountName
cas.authn.ldap[0].principalAttributePassword=
cas.authn.ldap[0].principalAttributeList=sAMAccountName,sn,co,givenName,displayName,mail,department,telephoneNumber,title
cas.authn.ldap[0].type=AD

cas.authn.ldap[0].minPoolSize=3
cas.authn.ldap[0].maxPoolSize=10
cas.authn.ldap[0].validateOnCheckout=true
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=600
cas.authn.ldap[0].failFast=false
cas.authn.ldap[0].idleTime=5000
cas.authn.ldap[0].prunePeriod=5000
cas.authn.ldap[0].blockWaitTime=5000

##
# CAS Authentication Attributes
#
cas.personDirectory.principalAttribute=sAMAccountName
cas.personDirectory.returnNull=false

##
# JDBC attribute repository
#
cas.authn.attributeRepository.jdbc.singleRow=true
cas.authn.attributeRepository.jdbc.requireAllAttributes=false
cas.authn.attributeRepository.jdbc.caseCanonicalization=NONE
cas.authn.attributeRepository.jdbc.sql=SELECT u.login AS sAMAccountName, f.name 
AS name, f.`type` AS `type`, m.value AS value FROM user AS u\
     JOIN metadata AS m\
       ON u.id = m.user_id\
    JOIN field AS f\
        ON m.field_id = f.id\
    WHERE f.application_id = 1\
        AND user = sAMAccountName
cas.authn.attributeRepository.jdbc.username=sAMAccountName
cas.authn.attributeRepository.jdbc.healthQuery=SELECT 1 FROM 
INFORMATION_SCHEMA.SYSTEM_VARIABLES
cas.authn.attributeRepository.jdbc.isolateInternalQueries=false
cas.authn.attributeRepository.jdbc.url=jdbc:mysql://URL/DATABASE
cas.authn.attributeRepository.jdbc.failFast=false
cas.authn.attributeRepository.jdbc.isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.attributeRepository.jdbc.dialect=org.hibernate.dialect.HSQLDialect
cas.authn.attributeRepository.jdbc.leakThreshold=10
cas.authn.attributeRepository.jdbc.propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc.batchSize=1
cas.authn.attributeRepository.jdbc.user=mysqlUser
cas.authn.attributeRepository.jdbc.ddlAuto=create-drop
cas.authn.attributeRepository.jdbc.password=secret
cas.authn.attributeRepository.jdbc.autocommit=false
cas.authn.attributeRepository.jdbc.driverClass=org.hsqldb.jdbcDriver
cas.authn.attributeRepository.jdbc.idleTimeout=5000
cas.authn.attributeRepository.jdbc.pool.suspension=false
cas.authn.attributeRepository.jdbc.pool.minSize=6
cas.authn.attributeRepository.jdbc.pool.maxSize=18
cas.authn.attributeRepository.jdbc.pool.maxIdleTime=1000
cas.authn.attributeRepository.jdbc.pool.maxWait=2000



As I said earlier, this works for the LDAP attributes but doesn't merge 
with the JDBC ones (no query sent).

I can open an issue, I don't know what's the best process.

Thanks.



Le mardi 18 octobre 2016 11:14:17 UTC+2, Misagh Moayyed a écrit :
>
> What you described earlier is all automated. You don’t need to define 
> beans for DAOs in XML. 
>
>
> In principal, you will need to put in the settings for authentication 
> attributes based on LDAP and SQL. Then DAOs will be constructed for you 
> automatically and merged together. If you find this recipe does not work, 
> either share your settings or open up an issue please.
>
> -- 
> Misagh
>
> From: Erdal Gunyar <gu...@gmail.com> <javascript:>
> Reply: Erdal Gunyar <gu...@gmail.com> <javascript:>
> Date: October 18, 2016 at 12:27:59 PM
> To: CAS Community <cas...@apereo.org> <javascript:>
> Subject:  [cas-user] CAS 5: Changing the principal resolver in 
> application.properties 
>
> Hello all, 
>
> I'm quite confused by the CAS 5 documentation :
>
> https://apereo.github.io/cas/development/installation/Configuration-Properties.html#authentication-attributes
>
> https://apereo.github.io/cas/development/installation/Configuration-Properties.html#principal-resolution
>
> I'm reading that I can change the principal resolver only with the 
> configuration properties.
>
> For example, change the default LDAP resolver (for the LDAP authentication 
> handler) by a JDBC resolver.
> I've tested that but the default LDAP resolver stays and the SQL is not 
> even queried.
> The JDBC internal DAO must be built though because as soon as I put some 
> JDBC attribute repo stuff on the config, the app needs for the hssqldb 
> dependency on the launch.
>
> The part of the documentation that makes me think it's possible is :
>
> https://apereo.github.io/cas/development/installation/Configuration-Properties.html#principal-resolution
>
>
>> *Principal Resolution*In the event that a separate resolver is put into 
>> place, control how the final principal should be constructed by default.
>>
> # cas.personDirectory.principalAttribute=
> # cas.personDirectory.returnNull=false
>
> But I don't see how here... I'm puzzled.
>
> Any help, even hint will be greatly appreciated :)
>
>
> --
> CAS gitter chatroom: https://gitter.im/apereo/cas
> CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> CAS documentation website: https://apereo.github.io/cas
> CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org <javascript:>.
> To post to this group, send email to cas-...@apereo.org <javascript:>.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/27c8c5a3-d37b-4d5f-ba45-4103d1b90ab9%40apereo.org
>  
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/27c8c5a3-d37b-4d5f-ba45-4103d1b90ab9%40apereo.org?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>
>

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/321dfad6-aff7-4c2b-8e3e-1c5ccfd52155%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Re: [cas-user] CAS 5: Changing the principal resolver in application.properties

Reply via email to