Reputation: 1346
How to enable file-based authentication in CAS 5
I'm standing up a standalone CAS 5 instance on my local machine for tinkering/hacking and I'm trying to get it set up as a standalone WAR file deployed to Tomcat with a simple file-based authentication.
Starting with the WAR Overlay template (https://github.com/apereo/cas-overlay-template), I've added the following dependency as indicated at https://apereo.github.io/cas/5.0.x/installation/Whitelist-Authentication.html#example-password-file.
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-generic</artifactId>
<version>${cas.version}</version>
</dependency>
I then created a simple passwd.txt file with the following contents in src/main/resources.
bob::bob
alice::alice
Finally, I added the file-based properties (c.f. https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#file-authentication) to etc/cas/config/cas.properties.
cas.authn.file.filename=classpath:passwd.txt
cas.authn.accept.users=
cas.authn.file.passwordEncoder.type=NONE
cas.authn.file.separator=::
When I deploy the application, the app starts up, but the only user that is accepted at the login form is casuser / Mellon (the defaults). I even tried tacking on the property cas.authn.policy.any.tryAll=true to the cas.properties file, but neither Alice nor Bob is recognized.
Is there somewhere different I should be setting these options? Is there something else I need to do to enable file-based authentication?
Upvotes: 2
Views: 2100
Answers (1)
Reputation: 1346
After spending way too much time on this problem, I wanted to save anyone else the headaches. The key here was that I was modifying /etc/cas/config/cas.properties. This did not have the intended effect when compiling a standalone WAR to deploy on a servlet container. My guess (without verification) is that this works a bit differently if you are creating an executable JAR.
What I ended up doing was commenting out all entries in /etc/cas/config/cas.properties and moving them to /src/main/resources/application.properties. This had an effect, but caused some obscure errors about org.springframework.beans.factory.BeanCreationException: Cannot create binder factory, no META-INF/spring.binders resources found on the classpath.
I followed the suggestion at https://groups.google.com/a/apereo.org/d/msg/cas-user/doLj6Aa10u8/2o9urrQpCwAJ and copied the default configuration to /src/main/resources/application.properties, added cas.authn.* options above, rebuilt, redeployed and everything worked.
It seems like the best way to go with setting up a standalone WAR overlay is to take the provided template, copy the default settings from the CAS source code (https://github.com/apereo/cas/blob/958a9fbb87fb728875a7a35ee45124e818f90b17/webapp/resources/application.properties at this writing), add the Maven dependencies indicated by the docs, then add/modify the properties to get the effect you want.
Upvotes: 5
Related Questions
- CAS cannot find authentication handler that supports UsernamePasswordCredential
- Apereo CAS 5.2.X how do I use a custom authentication handler
- Setup Apereo Cas Management integrated with CAS server
- CAS 3.5.2 - Login workflow Customization
- Unable to Configure CAS Database Authentication
- Custom attributes for flat file authentication in CAS
- Single Sign On with CAS server in JAVA
- Single Sign on Authentication with CAS
- Using CAS without the Login Screen version3.5
- authentication on CAS Server by using JAAS