search

Unicon / cas-mfa

CAS server overlay with support for multifactor authentication.
Apache License 2.0
24 stars 19 forks source link

Radius integration loses principal #117

Closed mmoayyed closed 9 years ago

mmoayyed commented 9 years ago

I can't find why the principal doesn't seem to get transferred between (RadiusAuthenticationHandler) back to (AuthenticationManagerImpl)

This is a vanilla install pulled from cas-mfa-rc6 ..

Specifically, how this :

2015-07-27 13:01:26,822 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler successfully authenticated [username: 1234567]

Goes to this :

2015-07-27 13:01:26,822 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal null

The only place CredentialsToPrincipalResolver exists is here inside deployerConfigContext.xml :

<bean id="authenticationManager"
        class="org.jasig.cas.authentication.AuthenticationManagerImpl">
            <property name="credentialsToPrincipalResolvers">
                <list>
                    <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >
            <property name="attributeRepository" ref="attributeRepository" />
    </bean>

and also of interest .. the first stage (LDAP) is called with this :

org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver

but the second stage (RADIUS) is called from here :

org.jasig.cas.authentication.AuthenticationManagerImpl

Removing the authn_method requiring 'radius-two-factor' .. and everything (auth, release) works as it should.

Logging turned to 11 .. here is the relevent bits .. the username is obfuscated below, but is of all-numeric form as shown.

2015-07-27 13:01:26,822 DEBUG [net.unicon.cas.mfa.authentication.radius.JRadiusServerImpl] - Authentication request succeeded for host: [debauh1.csuohio.edu] and username [1234567]
2015-07-27 13:01:26,822 TRACE [org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler] - Leaving method [authenticate] with return value [true].
2015-07-27 13:01:26,822 TRACE [org.jasig.cas.authentication.principal.UsernamePasswordCredentials] - Entering method [toString with arguments []
2015-07-27 13:01:26,822 TRACE [org.jasig.cas.authentication.principal.UsernamePasswordCredentials] - Leaving method [toString] with return value [[username: 1234567]].
2015-07-27 13:01:26,822 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler successfully authenticated [username: 1234567]
2015-07-27 13:01:26,822 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal null
2015-07-27 13:01:26,822 DEBUG [org.jasig.cas.authentication.AuthenticationManagerImpl] - CredentialsToPrincipalResolver found but no principal returned.
2015-07-27 13:01:26,822 TRACE [org.jasig.cas.authentication.AuthenticationManagerImpl] - Leaving method [authenticate] with return value [null].
2015-07-27 13:01:26,822 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Entering method [getCode with arguments []
2015-07-27 13:01:26,822 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Leaving method [getCode] with return value [error.authentication.credentials.bad].
2015-07-27 13:01:26,824 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Entering method [toString with arguments []
2015-07-27 13:01:26,824 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Entering method [getCode with arguments []
2015-07-27 13:01:26,824 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Leaving method [getCode] with return value [error.authentication.credentials.bad].
2015-07-27 13:01:26,824 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Leaving method [toString] with return value [error.authentication.credentials.bad].
2015-07-27 13:01:26,823 ERROR [net.unicon.cas.mfa.web.flow.TerminatingMultiFactorAuthenticationViaFormAction] - 
error.authentication.credentials.bad
at org.jasig.cas.authentication.hand
dima767 commented 9 years ago

Seems like the stepping through a debugger IDE session is in order here

dima767 commented 9 years ago

This could be closed, couldn't it?

mmoayyed commented 9 years ago

Yes