Chris, What happens in this scenario?
1) Restart Tomcat. 2) Browse to login page (assuming you mean CAS login with no service) => SUCCESS 3) Use another browser, log in as *same user* as in #2 => ??? Not sure, but I think plain text encoding for the password is probably a default. For LDAP authN using a simple BIND, you pretty much have to supply the actual password rather than a hash (though the directory may actually store a hash). That is a pretty common scenario, I would think. Thanks, Carl Wldbieser ITS System Programmer Lafayette College ----- Original Message ----- From: "Chris Adams" <[email protected]> To: [email protected] Sent: Wednesday, January 21, 2015 11:52:15 AM Subject: [cas-user] Authentication problems using MySQL with CAS 4.0.0 and Tomcat 8 Hello, I have been going around and around with this and am getting nowhere. I previously posted the issue, but there wasn't much response, so I thought I would try again. I am using CAS 4.0.0 with MySQL as an authentication database. I have CAS built to use MySQL and have verified that it can connect and sometimes authenticate. The password in the database is currently just plain text, which will change after I can get this working. If I restart Tomcat, then navigate to the login page, I can usually authenticate successfully. However, if I either use another browser and log in as another user, or clear the cookies and log in again as the fist user, it says "invalid credentials". If I then resubmit the same password, it authenticates successfully. I can see in the cas.log and catalina.out when the authentication is successful and when it is not, but not much else that explains this. I am wondering what I should be using in the deployerConfigContext.xml file that indicates that I am using a plain text password for authentication? I read somewhere that the default encoder, if nothing is specified is plain text. Can someone verify that? Here is what I am currently using. I welcome any ideas about what might be causing this. <!-- JDBC authentication related configuration --> <bean id="primaryAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler" abstract="false" lazy-init="default" autowire="default" > <property name="tableUsers"><value>main</value></property> <property name="fieldUser"><value>userid</value></property> <property name="fieldPassword"><value>ssn</value></property> <!-- <property name="passwordEncoder" ref="defaultPasswordEncoder"/> --> <property name="dataSource" ref="dataSource"/> </bean> <!-- Data source definition --> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"> <property name="driverClassName"> <value>com.mysql.jdbc.Driver</value> </property> <property name="url"> <value>jdbc:mysql://mysql.server.com:3306/mydb</value> </property> <property name="username"><value>mysqluser</value></property> <property name="password"><value>mysqlpass</value></property> </bean> <bean id="defaultPasswordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"> <constructor-arg index="0" value="NONE" /> <!-- <constructor-arg value="SHA-256" /> --> </bean> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
