Closed mmoayyed closed 9 years ago
I can't find why the principal doesn't seem to get transferred between (RadiusAuthenticationHandler) back to (AuthenticationManagerImpl)
This is a vanilla install pulled from cas-mfa-rc6 ..
Specifically, how this :
2015-07-27 13:01:26,822 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler successfully authenticated [username: 1234567]
Goes to this :
2015-07-27 13:01:26,822 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal null
The only place CredentialsToPrincipalResolver exists is here inside deployerConfigContext.xml :
<bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > <property name="attributeRepository" ref="attributeRepository" /> </bean>
and also of interest .. the first stage (LDAP) is called with this :
org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver
but the second stage (RADIUS) is called from here :
org.jasig.cas.authentication.AuthenticationManagerImpl
Removing the authn_method requiring 'radius-two-factor' .. and everything (auth, release) works as it should.
Logging turned to 11 .. here is the relevent bits .. the username is obfuscated below, but is of all-numeric form as shown.
2015-07-27 13:01:26,822 DEBUG [net.unicon.cas.mfa.authentication.radius.JRadiusServerImpl] - Authentication request succeeded for host: [debauh1.csuohio.edu] and username [1234567] 2015-07-27 13:01:26,822 TRACE [org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler] - Leaving method [authenticate] with return value [true]. 2015-07-27 13:01:26,822 TRACE [org.jasig.cas.authentication.principal.UsernamePasswordCredentials] - Entering method [toString with arguments [] 2015-07-27 13:01:26,822 TRACE [org.jasig.cas.authentication.principal.UsernamePasswordCredentials] - Leaving method [toString] with return value [[username: 1234567]]. 2015-07-27 13:01:26,822 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler successfully authenticated [username: 1234567] 2015-07-27 13:01:26,822 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal null 2015-07-27 13:01:26,822 DEBUG [org.jasig.cas.authentication.AuthenticationManagerImpl] - CredentialsToPrincipalResolver found but no principal returned. 2015-07-27 13:01:26,822 TRACE [org.jasig.cas.authentication.AuthenticationManagerImpl] - Leaving method [authenticate] with return value [null]. 2015-07-27 13:01:26,822 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Entering method [getCode with arguments [] 2015-07-27 13:01:26,822 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Leaving method [getCode] with return value [error.authentication.credentials.bad]. 2015-07-27 13:01:26,824 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Entering method [toString with arguments [] 2015-07-27 13:01:26,824 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Entering method [getCode with arguments [] 2015-07-27 13:01:26,824 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Leaving method [getCode] with return value [error.authentication.credentials.bad]. 2015-07-27 13:01:26,824 TRACE [org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException] - Leaving method [toString] with return value [error.authentication.credentials.bad]. 2015-07-27 13:01:26,823 ERROR [net.unicon.cas.mfa.web.flow.TerminatingMultiFactorAuthenticationViaFormAction] - error.authentication.credentials.bad at org.jasig.cas.authentication.hand
Seems like the stepping through a debugger IDE session is in order here
This could be closed, couldn't it?
Yes
I can't find why the principal doesn't seem to get transferred between (RadiusAuthenticationHandler) back to (AuthenticationManagerImpl)
This is a vanilla install pulled from cas-mfa-rc6 ..
Specifically, how this :
Goes to this :
The only place CredentialsToPrincipalResolver exists is here inside deployerConfigContext.xml :
and also of interest .. the first stage (LDAP) is called with this :
org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver
but the second stage (RADIUS) is called from here :
org.jasig.cas.authentication.AuthenticationManagerImpl
Removing the authn_method requiring 'radius-two-factor' .. and everything (auth, release) works as it should.
Logging turned to 11 .. here is the relevent bits .. the username is obfuscated below, but is of all-numeric form as shown.