Hello,
I'm trying to get a CAS setup to run with 2 service definitions, one that
is supposed to cause a delegate authentication ("delegate"), the other one
that is supposed to trigger an LDAP authentication handler ("fallback").
For example, if the URL matches https://test.com/delegate, an external OIDC
provider should be activated, if not an LDAP authentication.
The problem is that an attempt is made to trigger a delegate authentication
for the second service definition as well, although none should be done
here.
*Service 1 definition:*
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://test.com/delegate$";,
"name" : "delegate",
"id" : 1,
"evaluationOrder" : 1,
"accessStrategy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"delegatedAuthenticationPolicy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders" : [ "java.util.ArrayList", [
"OidcGenericClientName" ] ],
"permitUndefined": true,
"exclusive": true
}
}
}
*Service 2 definition:*
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https?://.*$",
"name" : "fallback",
"id" : 2,
"evaluationOrder" : 2,
"authenticationPolicy": {
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
"requiredAuthenticationHandlers" : ["java.util.TreeSet", [
"LdapAuthenticationHandler" ]]
}
}
*CAS Properties:*
LDAP is configured under the configurationKey "cas.authn.ldap[0].xxx", OIDC
under cas.authn.pac4j.oidc[0].generic.xxx. Both methods work independently
of each other, but not in combination.
cas.authn.ldap[0].name=LdapAuthenticationHandler
cas.authn.ldap[0].type=...
...
cas.authn.pac4j.name=Pac4jDelegatedAuthenticationHandler
cas.authn.pac4j.oidc[0].generic.name=OidcGenericName
cas.authn.pac4j.oidc[0].generic.client-name=OidcGenericClientName
cas.authn.pac4j.oidc[0].generic.id=...
cas.authn.pac4j.oidc[0].generic.secret=...
...
*What was noticeable in the log:*
*2021-08-03 09:50:55,270 INFO
[org.apereo.cas.config.LdapAuthenticationConfiguration] - <Registering LDAP
authentication for [LdapAuthenticationHandler]>*
*2021-08-03 09:50:55,863 INFO
[org.apereo.cas.config.Pac4jAuthenticationEventExecutionPlanConfiguration]
- <Located and prepared [1] delegated authentication client(s)>*
*2021-08-03 10:06:17,667 WARN
[org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy]
- <Registered service [fallback] does not define any authorized/supported
delegated authentication providers. It is STRONGLY recommended that you
authorize and assign providers to the service definition. While just a
warning for now, this behavior will be enforced by CAS in future versions.>*
(Service 2 is not supposed to trigger delegate authentication, why is a
policy or provider required here?)
Could it be that I am overlooking something obvious or can such a
combination work? Thanks in advance!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/28d9c21a-fd7f-43fd-b684-cdc9886ab935n%40apereo.org.
