Attached is a FastBind handler with the fix applied.
Also attached is an exert of a modified BindLdap handler. (sorry don't
have the full thing in front of me.) You'll need to pull the appropriate
version from github and make the change to the exception handler.
In either case, just add the file to src/main/java/[package location]
(net/unicon/cas... in the FastBind case). Then update the
deployerConfig, etc to point to the new package instead of org.jasig.
You may need to add the cas-core as a compile dependency in the pom.xml.
Something like:
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-core</artifactId>
<version>${cas.version}</version>
<scope>compile</scope>
</dependency>
On 8/12/14, 10:22 AM, Misagh Moayyed wrote:
> Don’t think you can unfortunately. At least not without forking the authn
> manager and letting it go through completely.
>
> -----Original Message-----
> From: Aaron [mailto:[email protected]]
> Sent: Tuesday, August 12, 2014 9:22 AM
> To: [email protected]
> Subject: [cas-user] CAS MultipleAuthentication Sources
>
> Using CAS 3.5.2
>
> I have multiple Authentication Handlers each with their own ContextSource as
> well.
>
> What I would like it to do is this.
>
> UserA exist in ldapA and LdapB But with different passwords.
>
> The multiple Auth handlers are working fine... If UserA logs in with ldapA
> password it works fine... But if UserA logs in with LdapB password it
> fails...
>
>
> I would like it to fall through to the second AuthenticationHandler if the
> password Fails. Is there any way to do this at all.
>
> The fall through works... If USERB does not exist in ldapA the
> authentication falls through to LdapB. The only issue I have is if users
> exist in both ldap servers... I would like it to fall through to the second
> if the wrong password is entered.
>
> Thank you in advance....
> --
> You are currently subscribed to [email protected] as:
> [email protected] To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
*John Gasper*
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user/*
* Licensed to Jasig under one or more contributor license
* agreements. See the NOTICE file distributed with this work
* for additional information regarding copyright ownership.
* Jasig licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a
* copy of the License at the following location:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package net.unicon.cas.adaptors.ldap;
import javax.naming.directory.DirContext;
import
org.jasig.cas.adaptors.ldap.AbstractLdapUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.handler.AuthenticationException;
import
org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.jasig.cas.util.LdapUtils;
import org.springframework.ldap.NamingException;
/**
* Implementation of an LDAP handler to do a "fast bind." A fast bind skips the
* normal two step binding process to determine validity by providing before
* hand the path to the uid.
*
* @author John Gasper, Unicon
* @author Scott Battaglia
* @version $Revision$ $Date$
* @since 3.0.3
*/
public class FastBindLdapAuthenticationHandler extends
AbstractLdapUsernamePasswordAuthenticationHandler {
protected final boolean authenticateUsernamePasswordInternal(final
UsernamePasswordCredentials credentials) throws AuthenticationException {
DirContext dirContext = null;
try {
final String transformedUsername =
getPrincipalNameTransformer().transform(credentials.getUsername());
final String bindDn = LdapUtils.getFilterWithValues(getFilter(),
transformedUsername);
this.log.debug("Performing LDAP bind with credential: " + bindDn);
dirContext = this.getContextSource().getContext(bindDn,
getPasswordEncoder().encode(credentials.getPassword()));
return true;
} catch (final NamingException e) {
log.info("Failed to authenticate user {} with error {}",
credentials.getUsername(), e.getMessage());
try {
throw handleLdapError(e);
} catch(final BadCredentialsAuthenticationException ex) {
return false;
}
} finally {
if (dirContext != null) {
LdapUtils.closeContext(dirContext);
}
}
}
} for (final String dn : cns) {
DirContext test = null;
String finalDn = composeCompleteDnToCheck(dn, credentials);
try {
this.log.debug("Performing LDAP bind with credential: " + dn);
test = this.getContextSource().getContext(
finalDn,
getPasswordEncoder().encode(credentials.getPassword()));
if (test != null) {
return true;
}
} catch (final NamingSecurityException e) {
log.info("Failed to authenticate user {} with error {}",
credentials.getUsername(), e.getMessage());
try{
throw handleLdapError(e);
} catch(final BadCredentialsAuthenticationException ex) {
return false;
}
} catch (final Exception e) {
this.log.error(e.getMessage(), e);
try{
throw handleLdapError(e);
} catch(final BadCredentialsAuthenticationException ex) {
return false;
}
} finally {
LdapUtils.closeContext(test);
}
}
return false;
