Thanks for the response!
You guessed well! Initially, I wished to merge the (automaticaly created)
DAOs only with application.properties. That would be great.
Sure, here is the code:
*localhost-2.json*
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https?://localhost.*",
"name" : "localhost",
"id" : 2,
"description" : "Allows only localhost services",
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
*application.properties*
##
# CAS Server Context Configuration
#
server.name=URL
server.context-path=/cas
server.port=8433
cas.server.http.enabled=false
cas.ticket.st.timeToKillInSeconds=600
server.ssl.enabled=true
server.ssl.key-alias=cas
server.ssl.key-store=file:/somewhere/.keystore
server.ssl.key-store-password=secret
server.ssl.key-password=secret
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=5
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true
##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false
endpoints.enabled=true
endpoints.sensitive=true
management.context-path=/status
endpoints.restart.enabled=false
endpoints.shutdown.enabled=false
##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE
##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=false
##
# CAS Log4j Configuration
#
server.context-parameters.isLog4jAutoInitializationDisabled=true
##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true
##
# CAS Authentication Credentials
#
cas.authn.accept.users=
##
# LDAP
#
cas.authn.ldap[0].ldapUrl=ldap://URL:PORT/
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].baseDn=OU=Users,DC=Company,DC=Com
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].bindDn=manager
cas.authn.ldap[0].bindCredential=secret
cas.authn.ldap[0].dnFormat=%[email protected]
cas.authn.ldap[0].principalAttributeId=sAMAccountName
cas.authn.ldap[0].principalAttributePassword=
cas.authn.ldap[0].principalAttributeList=sAMAccountName,sn,co,givenName,displayName,mail,department,telephoneNumber,title
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].minPoolSize=3
cas.authn.ldap[0].maxPoolSize=10
cas.authn.ldap[0].validateOnCheckout=true
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=600
cas.authn.ldap[0].failFast=false
cas.authn.ldap[0].idleTime=5000
cas.authn.ldap[0].prunePeriod=5000
cas.authn.ldap[0].blockWaitTime=5000
##
# CAS Authentication Attributes
#
cas.personDirectory.principalAttribute=sAMAccountName
cas.personDirectory.returnNull=false
##
# JDBC attribute repository
#
cas.authn.attributeRepository.jdbc.singleRow=true
cas.authn.attributeRepository.jdbc.requireAllAttributes=false
cas.authn.attributeRepository.jdbc.caseCanonicalization=NONE
cas.authn.attributeRepository.jdbc.sql=SELECT u.login AS sAMAccountName, f.name
AS name, f.`type` AS `type`, m.value AS value FROM user AS u\
JOIN metadata AS m\
ON u.id = m.user_id\
JOIN field AS f\
ON m.field_id = f.id\
WHERE f.application_id = 1\
AND user = sAMAccountName
cas.authn.attributeRepository.jdbc.username=sAMAccountName
cas.authn.attributeRepository.jdbc.healthQuery=SELECT 1 FROM
INFORMATION_SCHEMA.SYSTEM_VARIABLES
cas.authn.attributeRepository.jdbc.isolateInternalQueries=false
cas.authn.attributeRepository.jdbc.url=jdbc:mysql://URL/DATABASE
cas.authn.attributeRepository.jdbc.failFast=false
cas.authn.attributeRepository.jdbc.isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.attributeRepository.jdbc.dialect=org.hibernate.dialect.HSQLDialect
cas.authn.attributeRepository.jdbc.leakThreshold=10
cas.authn.attributeRepository.jdbc.propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc.batchSize=1
cas.authn.attributeRepository.jdbc.user=mysqlUser
cas.authn.attributeRepository.jdbc.ddlAuto=create-drop
cas.authn.attributeRepository.jdbc.password=secret
cas.authn.attributeRepository.jdbc.autocommit=false
cas.authn.attributeRepository.jdbc.driverClass=org.hsqldb.jdbcDriver
cas.authn.attributeRepository.jdbc.idleTimeout=5000
cas.authn.attributeRepository.jdbc.pool.suspension=false
cas.authn.attributeRepository.jdbc.pool.minSize=6
cas.authn.attributeRepository.jdbc.pool.maxSize=18
cas.authn.attributeRepository.jdbc.pool.maxIdleTime=1000
cas.authn.attributeRepository.jdbc.pool.maxWait=2000
As I said earlier, this works for the LDAP attributes but doesn't merge
with the JDBC ones (no query sent).
I can open an issue, I don't know what's the best process.
Thanks.
Le mardi 18 octobre 2016 11:14:17 UTC+2, Misagh Moayyed a écrit :
>
> What you described earlier is all automated. You don’t need to define
> beans for DAOs in XML.
>
>
> In principal, you will need to put in the settings for authentication
> attributes based on LDAP and SQL. Then DAOs will be constructed for you
> automatically and merged together. If you find this recipe does not work,
> either share your settings or open up an issue please.
>
> --
> Misagh
>
> From: Erdal Gunyar <[email protected]> <javascript:>
> Reply: Erdal Gunyar <[email protected]> <javascript:>
> Date: October 18, 2016 at 12:27:59 PM
> To: CAS Community <[email protected]> <javascript:>
> Subject: [cas-user] CAS 5: Changing the principal resolver in
> application.properties
>
> Hello all,
>
> I'm quite confused by the CAS 5 documentation :
>
> https://apereo.github.io/cas/development/installation/Configuration-Properties.html#authentication-attributes
>
> https://apereo.github.io/cas/development/installation/Configuration-Properties.html#principal-resolution
>
> I'm reading that I can change the principal resolver only with the
> configuration properties.
>
> For example, change the default LDAP resolver (for the LDAP authentication
> handler) by a JDBC resolver.
> I've tested that but the default LDAP resolver stays and the SQL is not
> even queried.
> The JDBC internal DAO must be built though because as soon as I put some
> JDBC attribute repo stuff on the config, the app needs for the hssqldb
> dependency on the launch.
>
> The part of the documentation that makes me think it's possible is :
>
> https://apereo.github.io/cas/development/installation/Configuration-Properties.html#principal-resolution
>
>
>> *Principal Resolution*In the event that a separate resolver is put into
>> place, control how the final principal should be constructed by default.
>>
> # cas.personDirectory.principalAttribute=
> # cas.personDirectory.returnNull=false
>
> But I don't see how here... I'm puzzled.
>
> Any help, even hint will be greatly appreciated :)
>
>
> --
> CAS gitter chatroom: https://gitter.im/apereo/cas
> CAS mailing list guidelines:
> https://apereo.github.io/cas/Mailing-Lists.html
> CAS documentation website: https://apereo.github.io/cas
> CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected] <javascript:>.
> To post to this group, send email to [email protected] <javascript:>.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/27c8c5a3-d37b-4d5f-ba45-4103d1b90ab9%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/27c8c5a3-d37b-4d5f-ba45-4103d1b90ab9%40apereo.org?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>
>
--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/321dfad6-aff7-4c2b-8e3e-1c5ccfd52155%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
