Just an update. Replacing <https://github.com/apereo/cas/blob/5e1035dde95094a951c9ea87993cdea29ab6c85c/support/cas-server-support-rest/src/main/java/org/apereo/cas/config/CasRestAutoConfiguration.java#L129C5-L129C23> @ConditionalOnBean with @DependsOn in order to make sure that the REST protocol is initialized *after* Authentication Throttling seems to fix things. So I guess there actually is a race condition with REST being initialzed before throttling.
Not sure if there's any other way to initialize beans with a specific order without code changes. Στις Πέμπτη 18 Ιανουαρίου 2024 στις 4:34:32 π.μ. UTC+2, ο χρήστης Kostas Kalevras έγραψε: > Hello all > > Using CAS 6.6.15 in a Docker setup with LDAP user repository. > > CAS/SAML/OIDC authentication works with no problem. Throttling CAS auth > requests also works without a problem. > > The relevant throtlling configuration in cas.properties is as follows: > > # Failure Throttling > cas.authn.throttle.failure.threshold=1 > cas.authn.throttle.failure.code=AUTHENTICATION_FAILED > cas.authn.throttle.failure.range-seconds=30 > cas.authn.throttle.core.username-parameter=username > > We have enabled REST Authentication which works without a problem: > > /# curl -sk https://sso-server:8443/cas/v1/users -d > 'username=test&password=test'|jq .authentication.credentials > [ > { > "@class": > "org.apereo.cas.authentication.metadata.BasicCredentialMetaData", > "id": "test", > "credentialClass": > "org.apereo.cas.authentication.credential.UsernamePasswordCredential" > } > ] > > REST and throttling implementation in build.gradle: > > implementation "org.apereo.cas:cas-server-support-throttle" > implementation "org.apereo.cas:cas-server-support-rest" > > Yet no matter how we try, throttling REST auth requests does not work. > Looking at the relevant code > <https://github.com/apereo/cas/blob/5e1035dde95094a951c9ea87993cdea29ab6c85c/support/cas-server-support-rest/src/main/java/org/apereo/cas/config/CasRestAutoConfiguration.java#L127>, > > I see that throttling is implemented. Nevertheless, the debug line > <https://github.com/apereo/cas/blob/5e1035dde95094a951c9ea87993cdea29ab6c85c/support/cas-server-support-rest/src/main/java/org/apereo/cas/config/CasRestAutoConfiguration.java#L143> > > about "Activating authentication throttling for REST endpoints..." does not > seem to be called. > > My fear is for a race condition where REST is initialized before > throttling and the check > <https://github.com/apereo/cas/blob/5e1035dde95094a951c9ea87993cdea29ab6c85c/support/cas-server-support-rest/src/main/java/org/apereo/cas/config/CasRestAutoConfiguration.java#L129> > > for the relevant bean fails. > > Any help would be appreciated. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/489fa7c7-760a-4f38-a18e-8ac7e9e66929n%40apereo.org.
