Hello, I decided to create new thread becouse is could be general problem in cas 6.3.x or i ' belive that that is bug : "Authentication handler resolvers produced no candidate authentication handler. Using the default handler resolver instead"
I have easy service like and i have made 3 tests bellow, A-TEST. ( according to :https://apereo.github.io/cas/6.3.x/services/Configuring-Service-AuthN-Policy.html) { "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId": "^(http|https)://example.org/casphp*", "name": "Test", "id": 1, "description": "Straggle Today!", "authenticationPolicy": { "requiredAuthenticationHandlers": ["java.util.TreeSet", [ "everest" ]], "@class": "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy", "criteria": { "@class": "org.apereo.cas.services.AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria" } } } hashed conf line bellow #cas.authn.policy.required-handler-authentication-policy-enabled=true With this seeting i was trying so any time( 3 or 5) reload cas as Cas used ppm handler as first handler to examine and user was logged to service . In logs i cant see any check that for service example.org schoud be launched with everest handler. So conclusion is i have to use : cas.authn.policy.required-handler-authentication-policy-enable=true . Or how to do it personalized in service ?? B -TEST. i enabled line: cas.authn.policy.required-handler-authentication-policy-enabled=true { "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId": "^(http|https)://example.org/casphp*", "name": "Test", "id": 1, "description": "Straggle Today!", "authenticationPolicy": { "requiredAuthenticationHandlers": ["java.util.TreeSet", [ "everest" ]], "@class": "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy" } } In this case if Examination handlers start from ppm handler, auth are accepted but: cas.authn.policy.required-handler-authentication-policy-enabled keep user not loged becouse ppm handler is not for service example.org. But Cas didn't even tryied everest. IT is look like requiredAuthenticationHandlers works but cas.authn.policy.required-handler-authentication-policy-enabled=true. C-TEST with tryALL policy. { "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId": "^(http|https)://example.org/casphp*", "name": "Test", "id": 1, "description": "Straggle Today!", "authenticationPolicy": { "requiredAuthenticationHandlers": ["java.util.TreeSet", [ "everest" ]], "@class": "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy", "tryAll": true, <- this shoud try all services to achive equiredAuthenticationHandlers ?? "criteria": { "@class": "org.apereo.cas.services.AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria" } } } hashed #cas.authn.policy.required-handler-authentication-policy-enabled=true If ppm handler is used by cas during examination , everest wasnt tried by cas. For tree cases i see smth like this: 2021-12-06 11:05:17,655 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication credentials provided for this transaction are [[UsernamePasswordCredential(username=kowalski, source=null, customFields={})]]> 2021-12-06 11:05:17,658 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Candidate/Registered authentication handlers for this transaction are [[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler@62de73eb, org.apereo.cas.authentication.LdapAuthenticationHandler@4b50c21, org.apereo.cas.authentication.LdapAuthenticationHandler@1e95f584, org.apereo.cas.authentication.LdapAuthenticationHandler@69de72ec]]> * above it is 3 handlers list , i have 3 in cas.propierties * 2021-12-06 11:05:17,658 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication handler resolvers for this transaction are [[org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver@6a562255]]> 2021-12-06 11:05:17,668 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan] - <Authentication handler resolvers produced no candidate authentication handler. Using the default handler resolver instead...> 2021-12-06 11:05:17,669 DEBUG [org.apereo.cas.authentication.AuthenticationHandlerResolver] - <Default authentication handlers used for this transaction are [HttpBasedServiceCredentialsAuthenticationHandler,everest,everest_365,ppm]> Let's assume I see that i have in log : "Authentication handler resolvers produced no candidate authentication handler. Using the default handler resolver instead" Why doesn't cas see canditade auth hander ? Mayby that is connectet with my general problem how shoud i atache the handler to service ( durgin one user has privilages in two handles ) . AM -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2678f81c-34e8-40e1-97cf-0cb7be0a69bdn%40apereo.org.
