Just an update. Replacing <https://github.com/apereo/cas/blob/5e1035dde95094a951c9ea87993cdea29ab6c85c/support/cas-server-support-rest/src/main/java/org/apereo/cas/config/CasRestAutoConfiguration.java#L129C5-L129C23> @ConditionalOnBean with @DependsOn in order to make sure that the REST protocol is initialized *after* Authentication Throttling seems to fix things. So I guess there actually is a race condition with REST being initialzed before throttling.
Not sure if there's any other way to initialize beans with a specific order without code changes. Στις Πέμπτη 18 Ιανουαρίου 2024 στις 4:34:32 π.μ. UTC+2, ο χρήστης Kostas Kalevras έγραψε: > Hello all > > Using CAS 6.6.15 in a Docker setup with LDAP user repository. > > CAS/SAML/OIDC authentication works with no problem. Throttling CAS auth > requests also works without a problem. > > The relevant throtlling configuration in cas.properties is as follows: > > # Failure Throttling > cas.authn.throttle.failure.threshold=1 > cas.authn.throttle.failure.code=AUTHENTICATION_FAILED > cas.authn.throttle.failure.range-seconds=30 > cas.authn.throttle.core.username-parameter=username > > We have enabled REST Authentication which works without a problem: > > /# curl -sk https://sso-server:8443/cas/v1/users -d > 'username=test&password=test'|jq .authentication.credentials > [ > { > "@class": > "org.apereo.cas.authentication.metadata.BasicCredentialMetaData", > "id": "test", > "credentialClass": > "org.apereo.cas.authentication.credential.UsernamePasswordCredential" > } > ] > > REST and throttling implementation in build.gradle: > > implementation "org.apereo.cas:cas-server-support-throttle" > implementation "org.apereo.cas:cas-server-support-rest" > > Yet no matter how we try, throttling REST auth requests does not work. > Looking at the relevant code > <https://github.com/apereo/cas/blob/5e1035dde95094a951c9ea87993cdea29ab6c85c/support/cas-server-support-rest/src/main/java/org/apereo/cas/config/CasRestAutoConfiguration.java#L127>, > > I see that throttling is implemented. Nevertheless, the debug line > <https://github.com/apereo/cas/blob/5e1035dde95094a951c9ea87993cdea29ab6c85c/support/cas-server-support-rest/src/main/java/org/apereo/cas/config/CasRestAutoConfiguration.java#L143> > > about "Activating authentication throttling for REST endpoints..." does not > seem to be called. > > My fear is for a race condition where REST is initialized before > throttling and the check > <https://github.com/apereo/cas/blob/5e1035dde95094a951c9ea87993cdea29ab6c85c/support/cas-server-support-rest/src/main/java/org/apereo/cas/config/CasRestAutoConfiguration.java#L129> > > for the relevant bean fails. > > Any help would be appreciated. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/489fa7c7-760a-4f38-a18e-8ac7e9e66929n%40apereo.org.
