I'm new to CAS.
I like to authenticate user to the list of users inside the Mysql database. I have included this line of code in the build.gradle file
implementation "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"
Here is the table defination in Mysql.
I have setup an instance of CAS 6.4 in Ubuntu server, disabled static user authentication and configure the /etc/cas/config/cas.properties to use Mysql as data source for authentication as config below, all other settings leave as default:
server.name=https://id.example.com
server.prefix=${cas.server.name}/
server.context-path=/ server.port=443
server.ssl.key-store=file:/etc/cas/theKeystore
server.ssl.key-store-password=theKeystorePassword
server.ssl.key-password=thePassword
logging.config=file:/etc/cas/config/log4j2.xml
cas.authn.accept.enabled=false
cas.authn.jdbc.query[0].driver-class: com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].field-password: password
cas.authn.jdbc.query[0].password: theDBPassword
cas.authn.jdbc.query[0].sql: SELECT * FROM users WHRE uid=?
cas.authn.jdbc.query[0].url: jdbc:mysql://localhost:3306/cas?useUnicode=true&characterEncoding=utf-8&autoReconnect=true
cas.authn.jdbc.query[0].user: theDBUser
I have set global general_log on Mysql to ON to trace any connection attempt. However, it seems the CAS server never try to connect to the Mysql server. On user site, they simply received attempt failed message on login page.
Is there anything I've missed?
It seems that instead of using
com.mysql.jdbc.Driver
I need to use
com.mysql.cs.jdbc.Driver
as driver-class.
Related
I'm receiving this error when trying to open my database connection:
"Cannot connect to database server
your connection failed for user root#% to database [mydatabase]
Please:
check mysql is running on localhost
check mysql is reachable on 3306
check root has rights to connect to localhost
Make sure youre both providing a password if needed"
I'm working on Mysql workbench on a windows 10 machine. I think my root privileges have been dropped (not sure how) so any advice on that also would be fab... thanks :)
Can you provide additional info on your setup, incl. versions of MySQL server and the client applications? You mention you can still connect, if so, what command do you use, can you query all from table mysql.user and post? Also, query the table mysql.user for plugin info, because in fresh versions of MySQL server 8.0 and up according to MySQL Documentation (6.4.1.2 Caching SHA-2 Pluggable Authentication) the server by default uses new authentication method via authentication plugin caching_sha2_password. In this case the password is encrypted either by the virtue of secure connection or with RSA public_key. Then the encrypted password gets decrypted on the server by the private RSA key. For example, connections from older clients or connectors within applications might fail due to incompatibility. If you use compatible clients and authentication plugin caching_sha2_password, the connection between client and server may fail due to:
Incorrect password.
No secure (SSL) connection established.
No public RSA key presented by the client.
In case 3, quoting the docs:
Client users can obtain the RSA public key two ways:
The database administrator can provide a copy of the public key file.
A client user who can connect to the server some other way can use a
SHOW STATUS LIKE 'Caching_sha2_password_rsa_public_key' statement and
save the returned key value in a file.
If you can connect to the database with any client, obtain the public key and use it to configure another client. Alternatively, the public key for RSA connection can be obtained from the server data directory. On Windows 10 it is usually C:\ProgramData\MySQL\MySQL Server 8.0\Data
example server data directory location on a windows 10 default installation
So, if the user has caching_sha2_password set and you have the public RSA key for the MySQL server you can use it to establish connection. If the user has mysql_native_password the cause be different.
My Ansible/Rundeck host is an Ubuntu 20.04 LTS system. I installed Ansible to tinker and then installed Rundeck. Once I was able to get the two talking and working properly (in my mind), I thought it would be best to move Rundeck to a production level DB engine instead of H2. I installed MySQL on the same host and setup the DB and the DB user as directed in the Rundeck docs. I then modified the RD properties file as the same document instructs but I keep getting a failure to connect to the database.
First it was this error:
WARN internal.JdbcEnvironmentInitiator - HHH000341: Could not obtain connection metadata : Could not connect to address=(host=10.10.140.23)(port=3306)(type=master) : Socket fail to connect to host:10.10.140.23, port:3306. Connection refused (Connection refused)
So then I researched the issue and it suggested to validate the user account in MySQL, grants, access, etc. - It all works from a command line testing in MySQL.
I read in one of my searches that some people had luck with removing the useSSL=false or setting it to true. That led to my next error of:
WARN internal.JdbcEnvironmentInitiator - HHH000341: Could not obtain connection metadata : Could not connect to address=(host=localhost)(port=3306)(type=master) : RSA public key is not available client side (option serverRsaPublicKeyFile)
During my research on this error, I read that I needed to add a property to allow the retrieval of the RSA keys, and I did but it didn't change a thing.
I then downloaded the Oracle MySQL jdbc driver and placed it in the var/lib/rundeck/lib folder and changed the driver class name in the properties file and then I received my next error of
WARN internal.JdbcEnvironmentInitiator - HHH000341: Could not obtain connection metadata : Could not connect to address=(host=127.0.0.1)(port=3306)(type=master) : (conn=355) Access denied for user 'sa'#'localhost' (using password: YES)
Current charset is UTF-8. If password has been set using other charset, consider using option 'passwordCharacterEncoding'
when I attempted to run Rundeck.
At this point I am back on H2 and I am too much of a Linux novice to understand what the issue may be. Can anyone kindly point me in a direction that helps as the Rundeck docks for using a MySQL DB seem to either be old or missing some content as a lot of the searches I have made on trying to resolve the issue directs me to perform things slight differently or all new commands that the Rundeck docs don't even mention.
I've fixed same issue stopping the Rundeck instance, later adding the following config on the rundeck-config.properties file (at /etc/rundeck path, check this):
# works with allowPublicKeyRetrieval=true
dataSource.url = jdbc:mysql://mysql_server_ip/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true
dataSource.username=rundeckuser
dataSource.password=your_password
dataSource.driverClassName=com.mysql.cj.jdbc.Driver
# to store projects on backend
rundeck.projectsStorageType=db
Next, flushing the connections on the database side with mysqladmin flush-hosts -u root -p.
Now, starting your Rundeck service, you can check that is using MySQL 8 as a data source for your projects.
EDIT: On the MySQL side, make sure that you've created the user properly, I followed these steps:
CREATE DATABASE rundeck;
CREATE USER 'rundeckuser'#'%' IDENTIFIED BY 'P4ssw0rd';
GRANT ALL PRIVILEGES ON rundeck.* TO 'rundeckuser'#'%';
exit;
Also check how MySQL 8 is storing the user's passwords.
I just set up a new MySQL database with the MySQL workbench & created a user for it with all necessary privileges. I am using this database for use with my php code. But I can't seem to connect to it on my live server (pages are hosted on windows server 2012). Everything works fine in my local environment with xampp and the new MySQL database is exactly the same as the xampp one. I think I am maybe using the wrong host name or something. As host name I copied the name that is displayed after "Host:" when you click on Server Status in MySQL workbench. The database name, user & password should all be correct. But when my code tries to access the db I get a "The domain page isn’t working. Domain is currently unable to handle this request."
You either have no network connection to the server at all or it is blocked due to firewall or routing misconfiguration.
If you do have network access in general, you might forgot to
FLUSH PRIVILEGES;
or you have not enabled networking over TCP, the default is to listen only to localhost (on unix systems via unix sockets, on microsoft I guess it's simply TCP).
Read about the following configuration parameter which will solve your networking issue:
bind-address
If you have a very old MySQL server version, the parameter is enable-networking but it shouldn't be the case anymore.
I got stuck in using ejabberd and JSXC after installing with default configuration and move from Mnesia to MySQL, I could not login to admin site anymore. I checked log as below :
2015-08-06 15:50:32.972 [error] <0.3196.0>#ejabberd_auth:is_user_exists:313 The authentication module ejabberd_auth_odbc returned an error
when checking user <<"ejabberd">> in server <<"10.30.173.89">>
Error message: <<"Unknown Host">>
By the way, could you please help me to create MUC (multi-user chat), I don't know how to config it in JSXC and ejabberd.
This is an error in your configuration. "Unknown Host" error for the SQL query means that ejabberd could not find any MySQL database configured for that domain.
You need to check and fix your ejabberd configuration file.
I also have same question in same scenario.
I can add a new user from command line and also view it in my MySQL DB
./ejabberdctl register test2 localhost test2
But getting unknown host error when the user is trying to connect from client.
I'm running a local copy of WordPress on XAMPP/WinXP for development, but would like to maintain a connection to the remote database. I keep getting "Error establishing database connection" no matter what I try.
On the same PC, I can connect to the remote mySQL DB using any number of mySQL clients, and on the mySQL side, the both the user and the database are set to accept incoming requests from any wildcard domain. I can also easily ping the remote database server from my PC (though I don't know how to do it from WITHIN XAMPP).
Is XAMPP its own little universe that can't reach through to the outside world? Or is there something I'm clearly overlooking that's not letting me connect?
Errors
Warning: mysql_connect() [function.mysql-connect]: Premature end of data (mysqlnd_wireprotocol.c:553) in C:\xampp\htdocs\dbtest.php on line 5
Warning: mysql_connect() [function.mysql-connect]: OK packet 1 bytes shorter than expected in C:\xampp\htdocs\dbtest.php on line 5
Warning: mysql_connect() [function.mysql-connect]: mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication
Edit
Thanks to #Michael for suggesting I just create a simple connection script so I can get better insight into the actual error that's being thrown. This revealed that it had to do with the old_password setting in mySQL. See my Answer below for a full description of how to resolve this issue.
Here's the test script I put inside my xampp\htdocs folder and tested out:
<?php
$mysqli = new mysqli('my.server.address', 'user_name', 'password', 'database_name');
if ($mysqli->connect_error){
die ("Connect error: " . $mysqli->connect_error );
}
I'm not really clear on why this became an issue on my XAMPP installation, since I'm also running PHP 5.3.x on the server's local box and wasn't experiencing those issues there. However, it has to do with my mySQL server running in "old password" encryption mode. Newer versions of PHP won't allow those kinds of connections, so you need to update your mySQL server to use the newer password encryption. Here are the steps, assuming you have control over the mySQL server. If you don't, that falls out of the scope of my knowledge.
locate the configuration file for the mysql server called my.cnf. I found mine at /etc/my.cnf. You can edit it with sudo nano /etc/my.cnf
Look for a line that says old_passwords=1 and change that to old_passwords=0. You have now told the server that the next time it is run, and it is asked to encrypt a password using the PASSWORD() command, it use the new 41-character encryption rather than the 16-character 'old' style encryption
Now you have to restart your mysql server / service. YMMV, but on Fedora that was easily done with sudo service mysqld restart. Check your OS' instructions for restarting the mysql daemon or service
Now we have to actually edit our user table within mysql. So open up an interactive shell to mysql (on the server you can type mysql -uYourRootUsername -pYourRootPassword)
Change to the mysql database. This is the database that holds all the good stuff for server operation and authentication. You must have root access to work with this database. If you get an 'access denied' you're SOL. Sorry. use mysql; will switch to that database
Now we want to update the user that was giving you grief. Ultimately you'll probably want to update all your users, but for now, we're just focusing on the user that threw the error. update user set Password=password('YOUR_PASSWORD') where User='YOUR_USERNAME';
Now you just need to tell mysql to use the new password for authentication when that user attempts to connect. flush privileges;.
You should be good to go!