I have different authentication systems and I do indeed rely on each being
processed in order until a user is authenticated.
Maybe set
cas.authn.jdbc.query[0].order=0
cas.authn.jdbc.query[1].order=1
On Wednesday, February 28, 2024 at 11:15:32 PM UTC-6 폴폴 wrote:
> I am using Apereo CAS version 6.6.15. Currently, I'm trying to use a
> database-driven authentication method by sending queries to multiple
> databases.
>
> In the official documentation, it looks like cas.authn.jdbc.query[0], so I
> intuitively wrote query[1]. This is my application.yml file.
>
> cas:
> authn:
> jdbc:
> query[0]:
> driver-class: "com.mysql.cj.jdbc.Driver"
> url: "jdbc:mysql://{my public
> IP}:3306/test?autoReconnect=true&allowMultiQuries=true&serverTimezone=UTC"
> sql: "select id, login_id, login_pw from test.sso where login_id =
> ?;"
> user: "mysql"
> password: "root"
> field-password: "login_pw"
> password-encoder:
> type: "NONE"
> query[1]:
> driver-class: "com.mysql.cj.jdbc.Driver"
> url: "jdbc:mysql://{my public
> IP}:3306/test2?autoReconnect=true&allowMultiQueries=true&serverTimezone=UTC"
> sql: "select id, username, password from test2.kva_user where
> username = ?;"
> user: "mysql"
> password: "root"
> field-password: "password"
> password-encoder:
> type: "NONE"
>
> User in test DB: ks3254
> User in test2 DB: ks32541007
>
> The test DB user corresponding to query[0] is logged in normally, but the
> test2 DB user corresponding to query[1] gets a message that there is no
> user.
>
> I looked up the official documentation and found that
>
> "CAS's authentication policy consists of multiple handlers, and if
> authentication fails in one handler, it will be passed to the next handler."
>
> Based on this sentence, I thought that if there is no value corresponding
> to query[0], it does not execute query[1], but just terminates the handler
> and moves on to the next handler.
>
> But what I'm puzzled about here is that the developer was led to believe
> that it was an array, making them feel like they could create query[1], and
> then query[1] wasn't sent, and I don't understand why the database-driven
> authentication failed based on the results of query[0] and query[1], the
> first of which was query[0].
>
> To my intuition, this seems very odd and it would make more sense to at
> least run all the queries you set in application.yml before moving on to
> the next handler.
>
> Is my hypothesis correct? Isn't CAS supposed to be able to connect to
> multiple databases and fire off multiple queries?
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cd66b2e5-ab0e-4990-81c8-549b02b9c984n%40apereo.org.
