Carl, Thank you for your reply and helpful hints. To answer your question, there is no proxy.
I wanted to narrow the problem down to CAS/Tomcat or MySQL. I will be doing some investigating of the latter. Thank you again. #-----Original Message----- #From: Waldbieser, Carl [mailto:[email protected]] #Sent: Wednesday, January 21, 2015 5:20 PM #To: [email protected] #Subject: Re: [cas-user] Authentication problems using MySQL with CAS 4.0.0 #and Tomcat 8 # #Chris, # #Do you have root for the MySQL server? You could trace the SQLs that are #being issued to the server: # # http://dev.mysql.com/tech- #resources/articles/mysql_51_diagnostic_tools.html # #Also, you could use the developer tools in Chrome or Firefox to watch the #network traffic from the browser to the CAS server to make sure that the #credentials are being POSTed to the server each time. Make sure that *all* #the form values from the SUCCESS and FAIL cases match. There are some #hidden fields-- notably the login ticket, the service, and some Spring Webflow #state. The login ticket is the only one that should be different. # #Is there any kind of proxy server between your browser and the server? # #Thanks, #Carl # #----- Original Message ----- #From: "Chris Adams" <[email protected]> #To: [email protected] #Sent: Wednesday, January 21, 2015 3:03:14 PM #Subject: RE: [cas-user] Authentication problems using MySQL with CAS 4.0.0 #and Tomcat 8 # #Thank you for your reply. Yes, I am just logging in to the CAS login page, no #service. Here is the result of the test # #1. Restart Tomcat #2. Browse to CAS login page, login => SUCCESS 3. Use another browser. Log in #as *same user* as in #2 => FAIL # ##-----Original Message----- ##From: Waldbieser, Carl [mailto:[email protected]] ##Sent: Wednesday, January 21, 2015 9:20 AM ##To: [email protected] ##Subject: Re: [cas-user] Authentication problems using MySQL with CAS 4.0.0 ##and Tomcat 8 # #Chris, # #What happens in this scenario? ## ##1) Restart Tomcat. ##2) Browse to login page (assuming you mean CAS login with no service) => ##SUCCESS ##3) Use another browser, log in as *same user* as in #2 => ??? ## ##Not sure, but I think plain text encoding for the password is probably a ##default. For LDAP authN using a simple BIND, you pretty much have to #supply #the actual password rather than a hash (though the directory may #actually #store a hash). That is a pretty common scenario, I would think. ## ##Thanks, ##Carl Wldbieser ##ITS System Programmer ##Lafayette College ## ##----- Original Message ----- ##From: "Chris Adams" <[email protected]> ##To: [email protected] ##Sent: Wednesday, January 21, 2015 11:52:15 AM ##Subject: [cas-user] Authentication problems using MySQL with CAS 4.0.0 and ##Tomcat 8 # #Hello, # #I have been going around and around with this and am #getting nowhere. I #previously posted the issue, but there wasn't much #response, so I thought I #would try again. ## ##I am using CAS 4.0.0 with MySQL as an authentication database. I have CAS ##built to use MySQL and have verified that it can connect and sometimes ##authenticate. The password in the database is currently just plain text, #which ##will change after I can get this working. ## ##If I restart Tomcat, then navigate to the login page, I can usually authenticate ##successfully. However, if I either use another browser and log in as another ##user, or clear the cookies and log in again as the fist user, it says "invalid ##credentials". If I then resubmit the same password, it authenticates ##successfully. ## ##I can see in the cas.log and catalina.out when the authentication is successful ##and when it is not, but not much else that explains this. ## ##I am wondering what I should be using in the deployerConfigContext.xml file ##that indicates that I am using a plain text password for authentication? I read ##somewhere that the default encoder, if nothing is specified is plain text. Can ##someone verify that? Here is what I am currently using. I welcome any ideas ##about what might be causing this. ## ##<!-- JDBC authentication related configuration --> ## ## <bean id="primaryAuthenticationHandler" ##class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticatio #n ##Handler" ## abstract="false" lazy-init="default" autowire="default" > ## <property name="tableUsers"><value>main</value></property> ## <property name="fieldUser"><value>userid</value></property> ## <property name="fieldPassword"><value>ssn</value></property> ##<!-- <property name="passwordEncoder" ##ref="defaultPasswordEncoder"/> --> ## <property name="dataSource" ref="dataSource"/> ## </bean> ## ## <!-- Data source definition --> ## ## <bean id="dataSource" ##class="org.apache.commons.dbcp.BasicDataSource"> ## <property name="driverClassName"> ## <value>com.mysql.jdbc.Driver</value> ## </property> ## <property name="url"> ## <value>jdbc:mysql://mysql.server.com:3306/mydb</value> ## </property> ## <property ##name="username"><value>mysqluser</value></property> ## <property ##name="password"><value>mysqlpass</value></property> ## </bean> ## <bean id="defaultPasswordEncoder" ##class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"> ## <constructor-arg index="0" value="NONE" /> ## <!-- <constructor-arg value="SHA-256" /> --> ## </bean> ## ## ## ##-- ##You are currently subscribed to [email protected] as: ##[email protected] To unsubscribe, change settings or access archives, ##see http://www.ja-sig.org/wiki/display/JSG/cas-user ## ##-- ##You are currently subscribed to [email protected] as: ##[email protected] To unsubscribe, change settings or access #archives, #see http://www.ja-sig.org/wiki/display/JSG/cas-user # #-- #You are currently subscribed to [email protected] as: #[email protected] To unsubscribe, change settings or access archives, #see http://www.ja-sig.org/wiki/display/JSG/cas-user # #-- #You are currently subscribed to [email protected] as: #[email protected] To unsubscribe, change settings or access archives, #see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
