CAS服务端配置,看这里
本文基于Flask-CAS作为客户端与CAS服务端调试,测试多属性返回信息。
1 环境说明
Flask-CAS: 1.0.1,基于源码安装。pip安装方式只能安装1.0.0版本。
Flask: 1.0.2
Python: 3.6
2 客户端工程目录
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
__title__ = ''
"""
import ssl
import flask
from flask import current_app
from flask_cas import CAS
try:
from flask import _app_ctx_stack as stack
except ImportError:
from flask import _request_ctx_stack as stack
from functools import wraps
# ssl._create_default_https_context = ssl._create_unverified_context
class MyCas(CAS):
@staticmethod
def login():
return flask.redirect(flask.url_for('cas.login', _external=True))
@staticmethod
def logout():
return flask.redirect(flask.url_for('cas.logout', _external=True))
def login_required(self, function):
@wraps(function)
def wrap(*args, **kwargs):
for k, v in flask.session.items():
print('*{k1}***{v1}'.format(k1=k, v1=v))
if 'CAS_USERNAME' not in flask.session:
flask.session['CAS_AFTER_LOGIN_SESSION_URL'] = (
flask.request.script_root +
flask.request.full_path
)
return flask.redirect(flask.url_for('cas.login', _external=True))
else:
# 权限校验
if permissio_check(flask.session['CAS_USERNAME'], flask.request.endpoint):
return function(*args, **kwargs)
else:
raise AuthException
return wrap
def permissio_check(username, require_path):
# 这里修改成你自己的账号和访问权限
if username == 'hebj':
permission = 't1'
if require_path == permission:
return True
else:
return False
from werkzeug.exceptions import HTTPException
class AuthException(HTTPException):
code = 403
msg = 'forbidden to acess this page'
error_code = 1001
def get_body(self, environ=None):
body = dict(
msg=self.msg,
error_code=self.error_code
)
from flask import json
text = json.dumps(body)
return text
def get_headers(self, environ=None):
"""Get a list of headers."""
return [('Content-Type', 'application/json')]
# app.py
from os import path, getcwd
from sys import argv
from flask import Flask, render_template, session, redirect, send_from_directory, jsonify
# from flask_cas import login
# from flask_cas import logout
# from my_cas import MyCas
import logging
from my_cas import MyCas
app = Flask(__name__)
cas = MyCas(app, '/cas')
# app.config['CAS_SERVER'] = 'http://172.16.0.10:8080'
app.config['CAS_SERVER'] = 'https://sso.bob.net:8443'
# app.config['CAS_SERVER'] = 'https://10.110.193.46:8443'
app.config['CAS_AFTER_LOGIN'] = 'secure'
# app.config['CAS_LOGOUT_ROUTE'] =
# app.config['CAS_VALIDATE_ROUTE'] =
#app.config['CAS_VALIDATE_ROUTE'] = '/cas/p3/serviceValidate'
app.config['CAS_VALIDATE_ROUTE'] = '/cas/serviceValidate'
@app.route("/logout")
def logout():
session.clear()
return render_template('logout.html')
@app.route("/t1")
@cas.login_required
def t1():
return jsonify({'msg':'this is test1'})
@app.route("/t2")
@cas.login_required
def t2():
return jsonify({'msg':'this is test2'})
@app.route("/caslogout")
def caslogout():
return redirect(app.config['CAS_LOGOUT_ROUTE'], code=302)
# @app.route("/")
# def main():
# return render_template('index.html')
@app.route("/<path:filename>")
def static_files(filename):
return send_from_directory(path.join(getcwd(), 'static'), filename)
if __name__ == "__main__":
if len(argv) >= 3 and argv[1] == '--server':
app.config['CAS_SERVER'] = argv[2]
app.secret_key = 'super secret key'
app.config['SESSION_TYPE'] = 'filesystem'
app.debug = True
app.run()
3 客户端调试
3.1 客户端无法正常获取属性信息
问题:
在flask.session中输出session中所有信息,只有用户名以及token,并未包含相关的属性信息。
for k, v in flask.session.items():
print('*{k1}***{v1}'.format(k1=k, v1=v)){
'CAS_USERNAME':'hebj',
'_CAS_TOKEN', 'ST-1-2awnHgVcXO2yhbEZrQBjzswrIiUbobmac'
}但是在CAS服务端能够正常的显示这些信息,如下所示:
2020-02-23 14:44:00,981 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <>
2020-02-23 14:44:00,981 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <Ready to process requests @ [2020-02-23T06:44:00.980Z]>
2020-02-23 14:44:00,982 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 23.367 seconds (JVM running for 25.257)>
2020-02-23 14:44:20,598 INFO [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: [/cas/] >
2020-02-23 14:44:20,631 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Sun Feb 23 14:44:20 CST 2020,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:20 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:20,877 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>
2020-02-23 14:44:30,889 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2020-02-23 14:44:35,282 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated principal [hebj] with attributes [{admin_multi=1, user_multi=[2, 1]}] via credentials [[UsernamePasswordCredential(username=hebj)]].>
2020-02-23 14:44:35,284 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: Supplied credentials: [UsernamePasswordCredential(username=hebj)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,294 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=1, user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,378 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=[1], user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,385 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: TGT-1-********************************************************2Bz-dt-XsVIbobmac
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,397 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,407 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-1-2awnHgVcXO2yhbEZrQBjzswrIiUbobmac] for service [http://localhost:5000/cas/login/?origin=%2Ft1%3F] and principal [hebj]>
2020-02-23 14:44:35,409 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-2awnHgVcXO2yhbEZrQBjzswrIiUbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,497 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=[1], user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,505 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-2awnHgVcXO2yhbEZrQBjzswrIiUbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
解决办法:
1. 确认CAS服务端工程中的services目录下的JSON文件名是否与配置一致,确认JSON文件中配置了属性返回模式,即如下:
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
或者
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "属性1", "属性2" ] ]
}
确认后,JSON文件没有问题,还有其他原因导致客户端没有收到相关数据。
2. 确认客户端与服务端的CAS协议是基于3.0协议。这个问题比较难排查。
在Flask-CAS中,如何设置使用CAS3.0协议,客户端中直接加入“p3”,就表示基于CAS3.0协议接收数据。
app.config['CAS_VALIDATE_ROUTE'] = '/cas/p3/serviceValidate'
CAS服务端返回信息如下:
2020-02-23 10:31:30,371 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <Ready to process requests @ [2020-02-23T02:31:30.371Z]>
2020-02-23 10:31:30,373 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 25.929 seconds (JVM running for 27.938)>
2020-02-23 10:31:50,273 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>
2020-02-23 10:32:00,278 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2020-02-23 10:33:50,276 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>
2020-02-23 10:33:58,931 INFO [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: [/cas/] >
2020-02-23 10:33:58,965 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Sun Feb 23 10:33:58 CST 2020,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 10:33:58 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:00,280 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2020-02-23 10:34:14,918 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated principal [hebj] with attributes [{admin_multi=1, user_multi=[2, 1]}] via credentials [[UsernamePasswordCredential(username=hebj)]].>
2020-02-23 10:34:14,921 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: Supplied credentials: [UsernamePasswordCredential(username=hebj)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:14 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:14,935 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=1, user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:14 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,025 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=[1], user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,032 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: TGT-1-********************************************************HHEsZohjbFAbobmac
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,045 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,055 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-1-35y-2-0Ftnfnw2rvc5JftGc79DIbobmac] for service [http://localhost:5000/cas/login/?origin=%2Ft1%3F] and principal [hebj]>
2020-02-23 10:34:15,058 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-35y-2-0Ftnfnw2rvc5JftGc79DIbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,151 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,158 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-35y-2-0Ftnfnw2rvc5JftGc79DIbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
CAS客户端返回信息如下:
CAS_ATTRIBUTES:
{
'cas:admin_multi': '1',
'cas:authenticationDate': '2020-02-23T10:41:55.159+08:00[Asia/Shanghai]',
'cas:authenticationMethod': 'QueryDatabaseAuthenticationHandler',
'cas:credentialType': 'UsernamePasswordCredential',
'cas:isFromNewLogin': 'true',
'cas:longTermAuthenticationRequestTokenUsed': 'false',
'cas:successfulAuthenticationHandlers':'QueryDatabaseAuthenticationHandler',
'cas:user_multi': ['2', '1']
}
CAS_USERNAME: hebj,
_CAS_TOKEN: ST-2-INKF5795Y0dxVb6ExJcLIGwcRqsbobmac经过测试发现,即使采用CAS3.0协议,如果没有配置返回属性策略,即移除以下内容:
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
或者
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "属性1", "属性2" ] ]
}
CAS服务端数据如下:
2020-02-23 15:18:18,135 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <>
2020-02-23 15:18:18,135 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <Ready to process requests @ [2020-02-23T07:18:18.134Z]>
2020-02-23 15:18:18,136 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 22.228 seconds (JVM running for 24.035)>
2020-02-23 15:18:38,035 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>
2020-02-23 15:18:48,043 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2020-02-23 15:19:23,093 INFO [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: [/cas/] >
2020-02-23 15:19:23,125 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Sun Feb 23 15:19:23 CST 2020,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:23 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:35,950 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated principal [hebj] with attributes [{admin_multi=1, user_multi=[2, 1]}] via credentials [[UsernamePasswordCredential(username=hebj)]].>
2020-02-23 15:19:35,953 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: Supplied credentials: [UsernamePasswordCredential(username=hebj)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:35,967 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=1, user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,071 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=[1], user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,080 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: TGT-1-********************************************************Q1uA70hkHekbobmac
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,092 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,104 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-1-T0AdE9cha4B18pAbP2U5BkIwawcbobmac] for service [http://localhost:5000/cas/login/?origin=%2Ft1%3F] and principal [hebj]>
2020-02-23 15:19:36,106 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-T0AdE9cha4B18pAbP2U5BkIwawcbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,200 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,207 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-T0AdE9cha4B18pAbP2U5BkIwawcbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
CAS客户端,不能得到相关的配置属性,但是可以得到其他认证相关信息。
{ "CAS_ATTRIBUTES":
{
'cas:authenticationDate': '2020-02-23T15:19:36.062+08:00[Asia/Shanghai]',
'cas:authenticationMethod': 'QueryDatabaseAuthenticationHandler',
'cas:credentialType': 'UsernamePasswordCredential',
'cas:isFromNewLogin':'true',
'cas:longTermAuthenticationRequestTokenUsed': 'false',
'cas:successfulAuthenticationHandlers': 'QueryDatabaseAuthenticationHandler'
},
'CAS_USERNAME':'hebj',
'_CAS_TOKEN', 'ST-1-2awnHgVcXO2yhbEZrQBjzswrIiUbobmac'
}3.2 客户端被认证成功,返回请求页面出错
解决办法:
当使用urllib.urlopen打开一个 https 链接时,会验证一次 SSL 证书。而当目标网站使用的是自签名的证书时就会抛出一个 urllib2.URLError: 的错误消息。我们可以选择取消SSL的证书验证。
在代码中加入如下代码:
import ssl
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context官方解释如下
This guidance is aimed primarily at system administrators that wish to adopt newer
versions of Python that implement this PEP in legacy environments that do not yet
support certificate verification on HTTPS connections. For example, an administrator
may opt out by adding the monkeypatch above to sitecustomize.py in their Standard
Operating Environment for Python. Applications and libraries SHOULD NOT be making
this change process wide (except perhaps in response to a system administrator
controlled configuration setting).Particularly security sensitive applications should always provide an explicit
application defined SSL context rather than relying on the default behaviour
of the underlying Python implementation.
参考
https://blog.csdn.net/wuguowei1988/article/details/102482567
https://blog.csdn.net/eric520zenobia/article/details/78105232
