Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

2019-11-04 Thread Andy Ng 
Hi Jérôme,

Yes that will be the best.

Cheers!
- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/55f404bb-38fe-435f-be32-53c362832fa0%40apereo.org.

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

2019-11-04 Thread Jérôme LELEU 
Hi,

I saw his answer. I understand the concern and the need for consistency in
CAS, but the same is worth for pac4j as well: I could change the default
behavior in pac4j, but this would impact users just to accommodate with the
consistency of CAS.

My feeling is that the default behavior of pac4j should be kept, but
changed when used in CAS to have consistency in both systems (alone or
bundle).

Here is my proposal: by default, in CAS, the id,username,password
attributes are defined, which makes things consistent in CAS: no need to
define the attributes, consistent in pac4j and things will work properly.
What do you think?

Thanks.
Best regards,
Jérôme




Le lun. 4 nov. 2019 à 09:51, Andy Ng  a écrit :

> Hi Jérôme,
>
> PR was declined because Moayyed considered this behavior as something need
> to be fixed in pac4j, see this:
>
> Since defining attributes is necessary for pac4j to work when using
> MongoDB Authentication, the attributes properties is necessary here.
> However, this behavior of requiring attributes is different from other
> authentication methods (e.g.JDBC), so I proposed to add an warning here for
> clarity sake. See if agree.
>
> Thanks for the patch but none of this sounds right.
>
> Attribute support is always optional. All authentication methods in CAS
> work with or without presence of attributes in the authentication source. A
> design choice or limitation of a library should not have to contract
> consistent behavior elsewhere. Changes need to be done on pac4j to allow
> attribute-less authentication.
>
>
> Should I bring this discussion to pac4j group instead? Thanks.
>
> Cheers!
> - Andy
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/84c1396e-647e-484c-b2db-1325250b621f%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LyUrT6YWAhEaw83dOo9je%3DdUNDZhVttwjHyDKe541s6rQ%40mail.gmail.com.

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

2019-11-04 Thread Andy Ng 
Hi Jérôme,

PR was declined because Moayyed considered this behavior as something need 
to be fixed in pac4j, see this:

Since defining attributes is necessary for pac4j to work when using MongoDB 
Authentication, the attributes properties is necessary here. However, this 
behavior of requiring attributes is different from other authentication 
methods (e.g.JDBC), so I proposed to add an warning here for clarity sake. 
See if agree.

Thanks for the patch but none of this sounds right.

Attribute support is always optional. All authentication methods in CAS 
work with or without presence of attributes in the authentication source. A 
design choice or limitation of a library should not have to contract 
consistent behavior elsewhere. Changes need to be done on pac4j to allow 
attribute-less authentication.


Should I bring this discussion to pac4j group instead? Thanks.

Cheers!
- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/84c1396e-647e-484c-b2db-1325250b621f%40apereo.org.

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

2019-11-03 Thread Andy Ng 
PR is made: https://github.com/apereo/cas/pull/4404 -Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a032c788-ec6b-45f8-8e96-fd31eb993dc9%40apereo.org.

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

2019-11-03 Thread Jérôme LELEU 
Sure. The documentation needs to be complemented here...

Le lun. 4 nov. 2019 à 08:24, Andy Ng  a écrit :

> Hi Jérôme
>
> Oh nice, thanks for your explanation :)
>
> I think we should document that *requirement on attribute* on
> https://apereo.github.io/cas/6.1.x/installation/MongoDb-Authentication.html
>
> Since the authentication experience is differs from other
> Authentication authenticationMethod, (e.g. JDBCAuthenticaiontHandler), it
> seems beneficial to document the behavior on CAS page.
>
> What do you think?
>
> Cheers!
> - Andy
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/87b65beb-ef10-4d77-a4ca-5b0094c8d224%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz9bcPQcM2axxku1ZR2WAykzDa_CRcmnXF6W%2BegfVo_OA%40mail.gmail.com.

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

2019-11-03 Thread Andy Ng 
Hi Jérôme

Oh nice, thanks for your explanation :)

I think we should document that *requirement on attribute* on 
https://apereo.github.io/cas/6.1.x/installation/MongoDb-Authentication.html

Since the authentication experience is differs from other 
Authentication authenticationMethod, (e.g. JDBCAuthenticaiontHandler), it 
seems beneficial to document the behavior on CAS page.

What do you think?

Cheers!
- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/87b65beb-ef10-4d77-a4ca-5b0094c8d224%40apereo.org.

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

2019-11-03 Thread Jérôme LELEU 
Hi,

Yes, this is the expected behavior in pac4j. There are two modes (
http://www.pac4j.org/docs/authenticators/mongodb.html): either you define
the attributes and they are used for the profile OR you don't and a
serializedprofile attribute is expected to store the whole serialized
profile.
In the CAS server, defining the attributes is what makes sense.
Thanks.
Best regards,
Jérôme


Le lun. 4 nov. 2019 à 05:11, Andy Ng  a écrit :

>
> Hi all,
>
> Today I am testing out CAS using MongoDB authentication, and found out a
> behavior for MongoDB Authentication:
>
> > if no attribute was given in cas.authn.mongo.attributes, the
> authentication will failed by No serialized profile found.
>
>
> Here an example:
>
> cas.yml:
>
> cas.authn.mongo:
>   host: ${AUTHENTICATION_MONGODB}
>   userId: root
>   password: ThisIsThePasswordForRoot
>   databaseName: ${AUTHENTICATION_MONGODB}
>   authenticationDatabaseName: admin
>
>
> MongoDB users:
>
> db.users.insertMany([
> { _id: 
> username: "mongodb",
> password: "Mellon",
> },
> ]),
>
>
> logs
>
> cas_1 | 2019-11-04 04:02:37,780 ERROR
> [org.apereo.cas.integration.pac4j.authentication.handler.support.AbstractWrapperAuthenticationHandler]
> - 
> cas_1 | org.pac4j.core.exception.TechnicalException:
> No serialized profile found. You should certainly define the explicit
> attribute names you want to retrieve
> cas_1 | at
> org.pac4j.core.profile.service.AbstractProfileService.convertAttributesToProfile(AbstractProfileService.java:245)
> ~[pac4j-core-4.0.0-RC1.jar!/:?]
> cas_1 | at
> org.pac4j.core.profile.service.AbstractProfileService.validate(AbstractProfileService.java:300)
> ~[pac4j-core-4.0.0-RC1.jar!/:?]
> cas_1 | at
> org.pac4j.core.profile.service.AbstractProfileService.validate(AbstractProfileService.java:27)
> ~[pac4j-core-4.0.0-RC1.jar!/:?]
> cas_1 | at
> org.apereo.cas.integration.pac4j.authentication.handler.support.AbstractWrapperAuthenticationHandler.doAuthentication(AbstractWrapperAuthenticationHandler.java:76)
> ~[cas-server-support-pac4j-authentication-6.1.1.jar!/:6.1.1]
> cas_1 | at
> org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:43)
> ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
> cas_1 | at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> cas_1 | at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
> cas_1 | at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> ~[?:?]
> cas_1 | at java.lang.reflect.Method.invoke(Unknown
> Source) ~[?:?]
> cas_1 | at
> org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279)
> ~[spring-core-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
> cas_1 | at
> org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499)
> ~[spring-cloud-context-2.2.0.RC1.jar!/:2.2.0.RC1]
> cas_1 | at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
> cas_1 | at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
> ~[spring-aop-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
> cas_1 | at
> com.sun.proxy.$Proxy159.authenticate(Unknown Source) ~[?:?]
> cas_1 | at
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateAndResolvePrincipal(PolicyBasedAuthenticationManager.java:198)
> ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
> cas_1 | at
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:308)
> ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
> cas_1 | at
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:136)
> ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
> cas_1 | at
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke()
> ~[cas-server-core-authentication-api-6.1.1.jar!/:6.1.1]
> cas_1 | at
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
> ~[spring-core-5.2.0.RELEASE.jar!/:5.2.0.RELEASE]
> cas_1 | at
>