Hi, Authentication handlers are called depending on the passed credentials. For a delegated authentication, a ClientCredentials is created which triggers the ClientAuthenticationHandler.
Are you sure your new authentication handler supports ClientCredentials? Thanks. Best regards, Jérôme On Wed, Sep 26, 2018 at 4:24 AM Colin Wilkinson <[email protected]> wrote: > Regarding Authentication I have ask a separate question to see if what I > want to do is possible. > > On Wednesday, 26 September 2018 08:14:00 UTC+10, Colin Wilkinson wrote: >> >> Hi Jérôme, >> >> I am not 100% sure, if it maybe a edge bug with CAS server itself. >> Basically its an issue when serialising the session, there is no problem >> when executing code only when trying to serialise the session and that made >> the problem hard to track. Basically I had two beans that were session >> scoped and proxy class targeted and the serialisation did not like one of >> those session scope. >> >> The first session is about user information that is required to enable >> talking between our Enterprise Service Bus (ESB) and our systems. We >> configure this once and store it the session. This bean is still stored in >> the session. >> >> The second session bean use to do a lot more that it does not and has >> been reconfigured. Now it only configures the User Information and no >> longer need to be stored in the session. The second session bean also >> stores a reference to the first session bean and I think that is where the >> problem lies. >> >> This beans a located in services module that is used across multiple >> projects without a problem. >> >> I think there maybe a problem with CAS regarding authentication handlers. >> I initially tried to add additional authentication handler that ran after >> the main ClientAuthenticationHandler it did not fire. I will do some >> testing today now that CAS is functioning and get back to if there is a >> problem >> >> I have set cas.authn.policy.all.enabled=true as well >> >> Regards, >> Colin >> >> On Tuesday, 25 September 2018 18:05:09 UTC+10, leleuj wrote: >>> >>> Hi, >>> >>> Was it a bug on your customization or something from the CAS server >>> itself? >>> Thanks. >>> Best regards, >>> Jérôme >>> >>> >>> On Tue, Sep 25, 2018 at 4:37 AM Colin Wilkinson <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> I have worked out what the issue was. It one of the scope session beans >>>> being loaded after the initial request that was causing the issue. >>>> >>>> Regards, >>>> >>>> On Monday, 24 September 2018 15:59:52 UTC+10, Colin Wilkinson wrote: >>>>> >>>>> Hi, >>>>> >>>>> We at working are looking at implementing delegated authentication for >>>>> facebook, google, twitter, etc but there seems to be a weird issue with >>>>> it. >>>>> A little bit of background we have extended the delegated authentication >>>>> as >>>>> we need to map the email associated with facebook for instance back to a >>>>> staff or student account. If the email has no association then we navigate >>>>> to a registration screen which the user input a user name and password >>>>> otherwise it logs the staff or student in. If staff or student follow the >>>>> flow as designed then all works fine and there is no issue. If the staff >>>>> or >>>>> student registers using the username and password provided I trigger the >>>>> form authentication. >>>>> >>>>> The issue arises if the user does not navigate as expected, if when >>>>> they get the registration screen they realised they have clicked the wrong >>>>> client and decided to go back to the main login screen and choose the >>>>> right >>>>> client I am receiving >>>>> >>>>> org.springframework.web.util.NestedServletException: Handler dispatch >>>>> failed; nested exception is java.lang.OutOfMemoryError: Java heap >>>>> space >>>>> >>>>> >>>>> I am certain its not the modifications I have made as its failing >>>>> before the call to redirect to the client has happened the problem in the >>>>> "DelegatedClientNavigationController" class with the following line, place >>>>> debug statement proceeding the call and debug statement after the call. >>>>> >>>>> >>>>> this.delegatedSessionCookieManager.store(webContext); >>>>> >>>>> The main dev cas server is running 16gb of ram as initially it was >>>>> only running 8gb of ram. >>>>> >>>>> The possible steps to replicate the issue are as followings >>>>> >>>>> 1. Navigate to CAS >>>>> 2. Click Facebook (Authentication must fail) >>>>> 3. Redirected back to login screen (Upon redirecting back PAC4J >>>>> clients list goes missing) >>>>> 4. Navigate back to CAS so that clients are there >>>>> 5. Click Facebook should get a heap space error. >>>>> >>>>> I have tried this with both 5.3.3 and 5.3.4-SNAPSHOT with no success. >>>>> >>>>> The dump statement where as follows >>>>> >>>>> LOGGER.debug("PRIOR TO CALLING DELEGTED SESSION COOKIE MANAGER STORE"); >>>>> this.delegatedSessionCookieManager.store(webContext); >>>>> LOGGER.debug("AFTER TO CALLING DELEGTED SESSION COOKIE MANAGER STORE"); >>>>> >>>>> >>>>> Attached are is the success results and the heap space error results. >>>>> >>>>> I apologise if this does not make sense. >>>>> >>>>> Regards, >>>>> Colin >>>>> >>>>> >>>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cbf7bd25-bc0d-44b8-92dd-40b8e7d653c3%40apereo.org >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cbf7bd25-bc0d-44b8-92dd-40b8e7d653c3%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/79ede174-7ffd-48f4-85da-2f35cdcb38a6%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/79ede174-7ffd-48f4-85da-2f35cdcb38a6%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LxMmnrMkFs4bsMOJcE6Dq5gDGB_7U44SnxeLeoqpbdWYA%40mail.gmail.com.
