Sorry to repost .. but even after picking through this over the weekend, I
still can't find why the principal doesn't seem to get transferred between
(RadiusAuthenticationHandler) back to (AuthenticationManagerImpl)
This is a vanilla install pulled from cas-mfa-rc6 ..
Specifically, how this :
2015-07-27 13:01:26,822 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler
successfully authenticated [username: 1234567]
Goes to this :
2015-07-27 13:01:26,822 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal
null
The only place CredentialsToPrincipalResolver exists is here inside
deployerConfigContext.xml :
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>
<property name="attributeRepository" ref="attributeRepository" />
</bean>
and also of interest .. the first stage (LDAP) is called with this :
org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver
but the second stage (RADIUS) is called from here :
org.jasig.cas.authentication.AuthenticationManagerImpl
Removing the authn_method requiring 'radius-two-factor' .. and everything
(auth, release) works as it should.
Logging turned to 11 .. here is the relevent bits .. the username is obfuscated
below, but is of all-numeric form as shown.
2015-07-27 13:01:26,822 DEBUG
[net.unicon.cas.mfa.authentication.radius.JRadiusServerImpl] - Authentication
request succeeded for host: [debauh1.csuohio.edu] and username [1234567]
2015-07-27 13:01:26,822 TRACE
[org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler]
- Leaving method [authenticate] with return value [true].
2015-07-27 13:01:26,822 TRACE
[org.jasig.cas.authentication.principal.UsernamePasswordCredentials] - Entering
method [toString with arguments []
2015-07-27 13:01:26,822 TRACE
[org.jasig.cas.authentication.principal.UsernamePasswordCredentials] - Leaving
method [toString] with return value [[username: 1234567]].
2015-07-27 13:01:26,822 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler
successfully authenticated [username: 1234567]
2015-07-27 13:01:26,822 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal
null
2015-07-27 13:01:26,822 DEBUG
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
CredentialsToPrincipalResolver found but no principal returned.
2015-07-27 13:01:26,822 TRACE
[org.jasig.cas.authentication.AuthenticationManagerImpl] - Leaving method
[authenticate] with return value [null].
2015-07-27 13:01:26,822 TRACE
[org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] -
Entering method [getCode with arguments []
2015-07-27 13:01:26,822 TRACE
[org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] -
Leaving method [getCode] with return value
[error.authentication.credentials.bad].
2015-07-27 13:01:26,824 TRACE
[org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] -
Entering method [toString with arguments []
2015-07-27 13:01:26,824 TRACE
[org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] -
Entering method [getCode with arguments []
2015-07-27 13:01:26,824 TRACE
[org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] -
Leaving method [getCode] with return value
[error.authentication.credentials.bad].
2015-07-27 13:01:26,824 TRACE
[org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] -
Leaving method [toString] with return value
[error.authentication.credentials.bad].
2015-07-27 13:01:26,823 ERROR
[net.unicon.cas.mfa.web.flow.TerminatingMultiFactorAuthenticationViaFormAction]
-
error.authentication.credentials.bad
at org.jasig.cas.authentication.hand
TIA,
Michael Holstein
Cleveland State University
________________________________
From: Michael O Holstein <[email protected]>
Sent: Friday, July 24, 2015 4:20 PM
To: [email protected]
Subject: [cas-user] CAS-MFA (rc6) and Radius
Any ideas as to what I've done wrong here? .. this worked fine in RC2 .. but
now I get a successful LDAP auth and a successful radiusOTP auth, but somewhere
in the mix the principal gets lost.
CredentialsToPrincipalResolver gets invoked (and works fine on primary auth) ..
how does it get lost during MFA?
2015-07-24 16:11:38,085 DEBUG
[net.unicon.cas.mfa.authentication.radius.JRadiusServerImpl] - Authentication
request succeeded for host: [myradius] and username [bob123]
2015-07-24 16:11:38,085 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler
successfully authenticated [username: bob123]
2015-07-24 16:11:38,087 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal
null
2015-07-24 16:11:38,087 DEBUG
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
CredentialsToPrincipalResolver found but no principal returned.
2015-07-24 16:11:38,102 ERROR
[net.unicon.cas.mfa.web.flow.TerminatingMultiFactorAuthenticationViaFormAction]
-
error.authentication.credentials.bad
TIA,
Michael Holstein
Cleveland State University
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
