[cas-dev] RADIUS authentication handler

Scott Battaglia scott_battaglia at rutgers.edu
Thu Jun 1 11:15:43 EDT 2006 

Velpi,

Generally you only need to return true/false.  In the default 
AuthenticationManager, you can throw an exception *if* you do not want 
the AuthenticationManager to attempt to use any of the other 
AuthenticationHandlers.  Basically, an exception is a "stop processing 
this authentication request" whereas a return value of false is merely 
an indication that the AuthenticationHandler could not authenticate the 
request.

-Scott

Velpi wrote:
> Hi,
>
> I'm trying to authenticate CAS to a RADIUS server with username/password (PAP). 
> The latest thing I read about that was this old email:
> http://tp.its.yale.edu/pipermail/cas/2004-October/000853.html
>
> So I pulled up my sleeves and tried to build and authentication handler for CAS3 
> that uses the JRadius library (http://jradius.sourceforge.net/).
> I based myself on the CAS3 LdapAdaptor (from CVS) to build a 
> BasicRadiusAuthenticationHandler. I'm afraid I will need some instructions to 
> get it to work because of some CAS3 internals. If it works I would be more than 
> happy to donate the code to the CAS3 project.
>
> I'm now at the point where I need to decide about yes/no authenticated 
> (authenticateUsernamePasswordInternal). Do I just return true/false or should I 
> throw an exception (BadUsernameOrPasswordAuthenticationException) in stead of false?
> (after that I can start configuring and testing)
>
> We're now using the genericHandler from ESUP with the legacy adaptor. That 
> doesn't seem to return any message to the user when the auth method return 
> false. I haven't figured out why but I think it is about the same problem. 
> (might be the error code too though, I'll check now that I understand a little 
> more of it)
>
>
>
> here's a short description of what I did (comment welcome):
> * AbstractRadiusUsernamePasswordAuthenticationHandler extends 
> AbstractUsernamePasswordAuthenticationHandler: default settings and 
> initialisation of the radiusClient (from library).
> * BasicRadiusAuthenticationHandler extends... and holds the actual authN code: 
> packet preparing, sending and checking response
> * RadiusUtils contains some static final converting methods
>
> Curently I included some code for CHAP (challenge response) authentication that 
> I learned from an example, but I don't think that is possible using the current 
> webflow so I made it throw an UnsupportedCredentialsException when a CHAP 
> response is detected.
>
>
> --Velpi
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>

More information about the cas-dev mailing list