thanks. i should've noticed the word 'primary' what i need: - any regular user who asks for resources of app1, get's redirected to the CAS' login form and he should types his username and password - if an app2(and not a user) asks for resources of app1, it should have a token.
is there a way to achieve this? thank you for your time. On Monday, July 25, 2016 at 4:56:28 PM UTC+4:30, leleuj wrote: > > Hi, > > A few comments: > > - to generate a JWT token, you can use the pac4j-jwt module with the > associated code. Internally, the CAS server uses it to decrypt JWT > > - you have only one primaryAuthenticationHandler: defining two makes the > last one overrides the first one, thus your tokenAuthenticationHandler is > never found for TokenCredential > > Thanks. > Best regards, > Jérôme > > > > 2016-07-25 13:29 GMT+02:00 Sami Ghayeni <[email protected] > <javascript:>>: > >> hi, i made a simple app, the url localhost:4000/app is protected by CAS >> and needs the user to sign in. it works pretty well. after i login to CAS, >> going to localhost:4000/app, it shows me my website and does not ask me to >> login anymore. the problem happens when i try to use a token instead of the >> username:password combination. i don't understand the java code in here >> <https://apereo.github.io/cas/4.2.x/installation/JWT-Authentication.html>(JWT >> >> Authentication) but i made my token this way in node.js: >> >> var jwt = require('jsonwebtoken'); >> >> var myService = {"name": "test"}; >> >> var token = jwt.sign(myService, 'secret'); >> >> console.log(token); >> >> my token is >> >> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImlhdCI6MTQ2OTQ0NTM5MH0.Vfft0UIaZ2isl4kDmw23iNPvDfqlj9VaLc9qf13IcGo >> >> >> now i go to >> https://localhost/cas/login?service=http%3A%2F%2Flocalhost%3A4000%2Fapp&renew=false&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImlhdCI6MTQ2OTQ0NTM5MH0.Vfft0UIaZ2isl4kDmw23iNPvDfqlj9VaLc9qf13IcGo >> >> it shows me the login page if i'm not logged in or the home page of >> protected web app otherwise. at the same time i go to the above url, CAS >> logs: >> >> 2016-07-25 15:46:47,370 WARN >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Cannot >> find authentication handler that supports >> [org.jasig.cas.authentication.handler.support.TokenCredential@4565d915[service= >> http://localhost:4000/app]] of type [TokenCredential], which suggests a >> configuration problem.> >> 2016-07-25 15:46:47,373 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: >> org.jasig.cas.authentication.handler.support.TokenCredential@4565d915[service= >> http://localhost:4000/app] >> WHAT: Supplied credentials: >> [org.jasig.cas.authentication.handler.support.TokenCredential@4565d915[service= >> http://localhost:4000/app]] >> ACTION: AUTHENTICATION_FAILED >> APPLICATION: CAS >> WHEN: Mon Jul 25 15:46:47 IRDT 2016 >> CLIENT IP ADDRESS: 127.0.0.1 >> SERVER IP ADDRESS: 127.0.0.1 >> ============================================================= >> >> > >> 2016-07-25 15:46:47,375 WARN >> [org.jasig.cas.web.flow.token.TokenAuthenticationAction] - <0 errors, 0 >> successes >> org.jasig.cas.authentication.AuthenticationException: 0 errors, 0 >> successes >> at >> org.jasig.cas.authentication.PolicyBasedAuthenticationManager.evaluateProducedAuthenticationContext(PolicyBasedAuthenticationManager.java:256) >> at >> org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:242) >> at >> org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:131) >> at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:606) >> at >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302) >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) >> at >> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85) >> at >> org.jasig.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:128) >> at sun.reflect.GeneratedMethodAccessor78.invoke(Unknown Source) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:606) >> at >> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621) >> at >> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610) >> at >> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:68) >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168) >> at >> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) >> at >> com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:45) >> at >> com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:32) >> at >> com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) >> at >> com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:48) >> at >> com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:34) >> at >> com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) >> at >> com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:46) >> at >> com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:32) >> at >> com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) >> at >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) >> at >> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208) >> at com.sun.proxy.$Proxy69.authenticate(Unknown Source) >> at >> org.jasig.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:29) >> at >> org.jasig.cas.web.flow.token.TokenAuthenticationAction.doExecute(TokenAuthenticationAction.java:68) >> at >> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) >> at >> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) >> at >> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) >> at >> org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) >> at >> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) >> at >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) >> at org.springframework.webflow.engine.State.enter(State.java:194) >> at org.springframework.webflow.engine.Flow.start(Flow.java:527) >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) >> at >> org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) >> at >> org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:238) >> at >> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959) >> at >> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) >> at >> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) >> at >> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) >> at >> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238) >> at >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) >> at >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) >> at >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) >> at >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) >> at >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) >> at >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >> at >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442) >> at >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082) >> at >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623) >> at >> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:745) >> > >> >> >> >> my service, Test-10000005.json >> >> { >> "@class" : "org.jasig.cas.services.RegexRegisteredService", >> "serviceId" : "^http://localhost:4000.*";, >> "name" : "Test", >> "id" : 10000005, >> "description" : "test app", >> "evaluationOrder" : 5, >> "accessStrategy" : { >> "@class" : >> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", >> "enabled" : true, >> "ssoEnabled" : true >> }, >> "properties" : { >> "@class" : "java.util.HashMap", >> "jwtSigningSecret" : { >> "@class" : >> "org.jasig.cas.services.DefaultRegisteredServiceProperty", >> "values" : [ "java.util.HashSet", [ "secret" ] ] >> } >> } >> } >> >> >> my pom.xml >> >> <?xml version="1.0" encoding="UTF-8"?> >> <project xmlns="http://maven.apache.org/POM/4.0.0"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 >> http://maven.apache.org/xsd/maven-4.0.0.xsd "> >> <modelVersion>4.0.0</modelVersion> >> <groupId>tiva.microservice.cas</groupId> >> <artifactId>cas</artifactId> >> <packaging>war</packaging> >> <version>4.2.4-SNAPSHOT</version> >> >> <build> >> <plugins> >> <plugin> >> <artifactId>maven-war-plugin</artifactId> >> <version>2.6</version> >> <configuration> >> <warName>cas</warName> >> <overlays> >> <overlay> >> <groupId>org.jasig.cas</groupId> >> <artifactId>cas-server-webapp</artifactId> >> </overlay> >> </overlays> >> </configuration> >> </plugin> >> </plugins> >> </build> >> >> <dependencies> >> <!-- cas-server-webapp is the basic to use cas --> >> <dependency> >> <groupId>org.jasig.cas</groupId> >> <artifactId>cas-server-webapp</artifactId> >> <version>${cas.version}</version> >> <type>war</type> >> <scope>runtime</scope> >> </dependency> >> >> <dependency> >> <groupId>org.jasig.cas</groupId> >> <artifactId>cas-server-support-mongo</artifactId> >> <version>${cas.version}</version> >> <type>jar</type> >> <scope>runtime</scope> >> </dependency> >> >> <dependency> >> <groupId>org.jasig.cas</groupId> >> <artifactId>cas-server-support-token-webflow</artifactId> >> <version>${cas.version}</version> >> </dependency> >> >> </dependencies> >> >> <properties> >> <cas.version>4.2.4-SNAPSHOT</cas.version> >> </properties> >> >> <repositories> >> <repository> >> <id>sonatype-releases</id> >> <url>http://oss.sonatype.org/content/repositories/releases/</url> >> </repository> >> <repository> >> <id>sonatype-snapshots</id> >> <url>http://oss.sonatype.org/content/repositories/snapshots/ >> </url> >> </repository> >> >> </repositories> >> </project> >> >> >> >> what i added to the default deployerConfigContext.xml and cas.properties >> files >> >> <alias name="tokenAuthenticationHandler" >> alias="primaryAuthenticationHandler" /> >> >> <alias name="mongoAuthenticationHandler" >> alias="primaryAuthenticationHandler" /> >> >> >> cas.authn.mongo.collection.name=users >> cas.authn.mongo.db.host=mongodb:// >> aseds4:[email protected]:61360/mydb >> cas.authn.mongo.attributes=attribute1,attribute2 >> cas.authn.mongo.username.attribute=name >> cas.authn.mongo.password.attribute=password >> >> >> i want to create some kind of a microservices architecture. i've been >> told that one of the best waysdo so is to use JWT's/tokens. so one >> module(microservice) which have a token, can access resources on another >> module. without the need to pass username or password to the second web >> service. >> >> i would be grateful for any help you are able to provide. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] <javascript:>. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7859779a-7b84-4e60-9277-c059de33ba08%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7859779a-7b84-4e60-9277-c059de33ba08%40apereo.org?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8e353151-fbc2-45ff-ab4d-bedf729fc684%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
