Chris, Do you have root for the MySQL server? You could trace the SQLs that are being issued to the server:
http://dev.mysql.com/tech-resources/articles/mysql_51_diagnostic_tools.html Also, you could use the developer tools in Chrome or Firefox to watch the network traffic from the browser to the CAS server to make sure that the credentials are being POSTed to the server each time. Make sure that *all* the form values from the SUCCESS and FAIL cases match. There are some hidden fields-- notably the login ticket, the service, and some Spring Webflow state. The login ticket is the only one that should be different. Is there any kind of proxy server between your browser and the server? Thanks, Carl ----- Original Message ----- From: "Chris Adams" <[email protected]> To: [email protected] Sent: Wednesday, January 21, 2015 3:03:14 PM Subject: RE: [cas-user] Authentication problems using MySQL with CAS 4.0.0 and Tomcat 8 Thank you for your reply. Yes, I am just logging in to the CAS login page, no service. Here is the result of the test 1. Restart Tomcat 2. Browse to CAS login page, login => SUCCESS 3. Use another browser. Log in as *same user* as in #2 => FAIL #-----Original Message----- #From: Waldbieser, Carl [mailto:[email protected]] #Sent: Wednesday, January 21, 2015 9:20 AM #To: [email protected] #Subject: Re: [cas-user] Authentication problems using MySQL with CAS 4.0.0 #and Tomcat 8 # #Chris, # #What happens in this scenario? # #1) Restart Tomcat. #2) Browse to login page (assuming you mean CAS login with no service) => #SUCCESS #3) Use another browser, log in as *same user* as in #2 => ??? # #Not sure, but I think plain text encoding for the password is probably a #default. For LDAP authN using a simple BIND, you pretty much have to supply #the actual password rather than a hash (though the directory may actually #store a hash). That is a pretty common scenario, I would think. # #Thanks, #Carl Wldbieser #ITS System Programmer #Lafayette College # #----- Original Message ----- #From: "Chris Adams" <[email protected]> #To: [email protected] #Sent: Wednesday, January 21, 2015 11:52:15 AM #Subject: [cas-user] Authentication problems using MySQL with CAS 4.0.0 and #Tomcat 8 # #Hello, # #I have been going around and around with this and am getting nowhere. I #previously posted the issue, but there wasn't much response, so I thought I #would try again. # #I am using CAS 4.0.0 with MySQL as an authentication database. I have CAS #built to use MySQL and have verified that it can connect and sometimes #authenticate. The password in the database is currently just plain text, which #will change after I can get this working. # #If I restart Tomcat, then navigate to the login page, I can usually authenticate #successfully. However, if I either use another browser and log in as another #user, or clear the cookies and log in again as the fist user, it says "invalid #credentials". If I then resubmit the same password, it authenticates #successfully. # #I can see in the cas.log and catalina.out when the authentication is successful #and when it is not, but not much else that explains this. # #I am wondering what I should be using in the deployerConfigContext.xml file #that indicates that I am using a plain text password for authentication? I read #somewhere that the default encoder, if nothing is specified is plain text. Can #someone verify that? Here is what I am currently using. I welcome any ideas #about what might be causing this. # #<!-- JDBC authentication related configuration --> # # <bean id="primaryAuthenticationHandler" #class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthentication #Handler" # abstract="false" lazy-init="default" autowire="default" > # <property name="tableUsers"><value>main</value></property> # <property name="fieldUser"><value>userid</value></property> # <property name="fieldPassword"><value>ssn</value></property> #<!-- <property name="passwordEncoder" #ref="defaultPasswordEncoder"/> --> # <property name="dataSource" ref="dataSource"/> # </bean> # # <!-- Data source definition --> # # <bean id="dataSource" #class="org.apache.commons.dbcp.BasicDataSource"> # <property name="driverClassName"> # <value>com.mysql.jdbc.Driver</value> # </property> # <property name="url"> # <value>jdbc:mysql://mysql.server.com:3306/mydb</value> # </property> # <property #name="username"><value>mysqluser</value></property> # <property #name="password"><value>mysqlpass</value></property> # </bean> # <bean id="defaultPasswordEncoder" #class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"> # <constructor-arg index="0" value="NONE" /> # <!-- <constructor-arg value="SHA-256" /> --> # </bean> # # # #-- #You are currently subscribed to [email protected] as: #[email protected] To unsubscribe, change settings or access archives, #see http://www.ja-sig.org/wiki/display/JSG/cas-user # #-- #You are currently subscribed to [email protected] as: #[email protected] To unsubscribe, change settings or access archives, #see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
