JasperReports Server Community Edition 7.1.0 CAS authenticaton deletes roles on every login

Multi tool use
Multi tool use












0















I have successfully enabled CAS authentication according to the docuemtation at: https://community.jaspersoft.com/documentation/jasperreports-server-authentication-cookbook/configuring-jasperreports-server-cas



I have also read the Synchronization of Roles documentation at least ten times and I am still confused: https://community.jaspersoft.com/documentation/jasperreports-server-authentication-cookbook/synchronization-roles



Why in the world is the Jasper Reports Server deleting internal roles assigned to external users?



It seems that once a user gets created via CAS authentication the administrator should be able to grant that user internal roles. However, no matter what I do assigned internal roles get removed every time the user logs in. What is surprising is that when using the file: applicationContext-externalAuth-CAS.xml



...
<bean id="externalUserSetupProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor" parent="abstractExternalProcessor">
<!--Default permitted role characters; others are removed. Change regular expression to allow other chars.
<property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_]+"/>-->

<property name="userAuthorityService">
<ref bean="${bean.internalUserAuthorityService}"/>
</property>
<property name="defaultInternalRoles">
<list>
<value>ROLE_USER</value>
</list>
</property>

<property name="externalAuthProperties" >
<ref local="externalAuthProperties"/>
</property>
</bean>
...


the server creates a "ROLE_USER_EXT" which makes sense according to the documentation and assigns that role as well as the "ROLE_USER" to anyone who successfully authenticates via CAS. Once EVERY OTHER logout the server removes the ROLE_USER but leaves the ROLE_USER_EXT intact so during every other login users get the message: "You do not have permission to view this page."



This should not be this difficult. I have configured at least 20 other apps to use CAS authentication and it has been smooth. This app has me baffled.










share|improve this question





























    0















    I have successfully enabled CAS authentication according to the docuemtation at: https://community.jaspersoft.com/documentation/jasperreports-server-authentication-cookbook/configuring-jasperreports-server-cas



    I have also read the Synchronization of Roles documentation at least ten times and I am still confused: https://community.jaspersoft.com/documentation/jasperreports-server-authentication-cookbook/synchronization-roles



    Why in the world is the Jasper Reports Server deleting internal roles assigned to external users?



    It seems that once a user gets created via CAS authentication the administrator should be able to grant that user internal roles. However, no matter what I do assigned internal roles get removed every time the user logs in. What is surprising is that when using the file: applicationContext-externalAuth-CAS.xml



    ...
    <bean id="externalUserSetupProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor" parent="abstractExternalProcessor">
    <!--Default permitted role characters; others are removed. Change regular expression to allow other chars.
    <property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_]+"/>-->

    <property name="userAuthorityService">
    <ref bean="${bean.internalUserAuthorityService}"/>
    </property>
    <property name="defaultInternalRoles">
    <list>
    <value>ROLE_USER</value>
    </list>
    </property>

    <property name="externalAuthProperties" >
    <ref local="externalAuthProperties"/>
    </property>
    </bean>
    ...


    the server creates a "ROLE_USER_EXT" which makes sense according to the documentation and assigns that role as well as the "ROLE_USER" to anyone who successfully authenticates via CAS. Once EVERY OTHER logout the server removes the ROLE_USER but leaves the ROLE_USER_EXT intact so during every other login users get the message: "You do not have permission to view this page."



    This should not be this difficult. I have configured at least 20 other apps to use CAS authentication and it has been smooth. This app has me baffled.










    share|improve this question



























      0












      0








      0








      I have successfully enabled CAS authentication according to the docuemtation at: https://community.jaspersoft.com/documentation/jasperreports-server-authentication-cookbook/configuring-jasperreports-server-cas



      I have also read the Synchronization of Roles documentation at least ten times and I am still confused: https://community.jaspersoft.com/documentation/jasperreports-server-authentication-cookbook/synchronization-roles



      Why in the world is the Jasper Reports Server deleting internal roles assigned to external users?



      It seems that once a user gets created via CAS authentication the administrator should be able to grant that user internal roles. However, no matter what I do assigned internal roles get removed every time the user logs in. What is surprising is that when using the file: applicationContext-externalAuth-CAS.xml



      ...
      <bean id="externalUserSetupProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor" parent="abstractExternalProcessor">
      <!--Default permitted role characters; others are removed. Change regular expression to allow other chars.
      <property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_]+"/>-->

      <property name="userAuthorityService">
      <ref bean="${bean.internalUserAuthorityService}"/>
      </property>
      <property name="defaultInternalRoles">
      <list>
      <value>ROLE_USER</value>
      </list>
      </property>

      <property name="externalAuthProperties" >
      <ref local="externalAuthProperties"/>
      </property>
      </bean>
      ...


      the server creates a "ROLE_USER_EXT" which makes sense according to the documentation and assigns that role as well as the "ROLE_USER" to anyone who successfully authenticates via CAS. Once EVERY OTHER logout the server removes the ROLE_USER but leaves the ROLE_USER_EXT intact so during every other login users get the message: "You do not have permission to view this page."



      This should not be this difficult. I have configured at least 20 other apps to use CAS authentication and it has been smooth. This app has me baffled.










      share|improve this question
















      I have successfully enabled CAS authentication according to the docuemtation at: https://community.jaspersoft.com/documentation/jasperreports-server-authentication-cookbook/configuring-jasperreports-server-cas



      I have also read the Synchronization of Roles documentation at least ten times and I am still confused: https://community.jaspersoft.com/documentation/jasperreports-server-authentication-cookbook/synchronization-roles



      Why in the world is the Jasper Reports Server deleting internal roles assigned to external users?



      It seems that once a user gets created via CAS authentication the administrator should be able to grant that user internal roles. However, no matter what I do assigned internal roles get removed every time the user logs in. What is surprising is that when using the file: applicationContext-externalAuth-CAS.xml



      ...
      <bean id="externalUserSetupProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor" parent="abstractExternalProcessor">
      <!--Default permitted role characters; others are removed. Change regular expression to allow other chars.
      <property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_]+"/>-->

      <property name="userAuthorityService">
      <ref bean="${bean.internalUserAuthorityService}"/>
      </property>
      <property name="defaultInternalRoles">
      <list>
      <value>ROLE_USER</value>
      </list>
      </property>

      <property name="externalAuthProperties" >
      <ref local="externalAuthProperties"/>
      </property>
      </bean>
      ...


      the server creates a "ROLE_USER_EXT" which makes sense according to the documentation and assigns that role as well as the "ROLE_USER" to anyone who successfully authenticates via CAS. Once EVERY OTHER logout the server removes the ROLE_USER but leaves the ROLE_USER_EXT intact so during every other login users get the message: "You do not have permission to view this page."



      This should not be this difficult. I have configured at least 20 other apps to use CAS authentication and it has been smooth. This app has me baffled.







      jasperserver






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 2 at 15:55







      Daniel Maldonado

















      asked Dec 21 '18 at 22:13









      Daniel MaldonadoDaniel Maldonado

      12319




      12319
























          0






          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53891335%2fjasperreports-server-community-edition-7-1-0-cas-authenticaton-deletes-roles-on%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53891335%2fjasperreports-server-community-edition-7-1-0-cas-authenticaton-deletes-roles-on%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          OZutUl U3TNBB5wB,T7i,Q A4pqKc aSS2n7E,na exE PBh0VqOor ARnlRDGvyx8 YRhy6C0rTgOFrDwgMok3
          xuWnn TBS9 S,b2xJ,4O RAxCoeE97fUNFoOO3D

          Popular posts from this blog

          Monofisismo

          Angular Downloading a file using contenturl with Basic Authentication

          Olmecas