我有一个CAS系统，可以通过CAS协议通过SSO对某些应用程序进行身份验证。 所有应用程序都可以通过LDAP提供程序在CAS中进行身份验证。我尝试为每个应用程序，特别是它们自己的数据库，添加一些身份验证来源。

当我在每个服务定义（https://apereo.github.io/cas/development/services/Configuring-Service-Required-AuthN.html#configure-service-required-authentication）中添加require身份验证处理程序的标识符/名称时。 这些应用无法验证票证，因为CAS始终会响应：“ [INVALID_SERVICE]票证与提供的服务不匹配”。但是，这两种服务（提供的和原始的）都是相同的，如您在下一个日志中所见：

  

引发CAS_AuthenticationException CAS URL：   https://mycasserver.or/cas/p3/serviceValidate?service=http%3A%2F%2Fxxx.xx.x.xxx%2Fwp-login.php%3Fredirect_to%3Dhttp%253A%252F%252Fxxx.xx.x.xxx%252Fwp-admin%252F%26reauth%3D1&ticket=ST-19--K-ObBsa-WssIZQ56Ev-WCT26FAubuntuserver   身份验证失败：票证未经验证原因：[INVALID_SERVICE]   CAS错误：票证'ST-19--K-ObBsa-WssIZQ56Ev-WCT26FAubuntuserver'   与提供的服务不匹配。原来的服务是   'http://xxx.xx.x.xxx/wp-login.php?redirect_to=http%3A%2F%2Fxxx.xx.x.xxx%2Fwp-admin%2F&reauth=1'   而提供的服务是   'http://xxx.xx.x.xxx/wp-login.php?redirect_to=http%3A%2F%2Fxxx.xx.x.xxx%2Fwp-admin%2F&reauth=1'。   CAS回应：票证   'ST-19--K-ObBsa-WssIZQ56Ev-WCT26FAubuntuserver'不匹配   服务。原来的服务是   'http://xxx.xx.x.xxx/wp-login.php?redirect_to=http%3A%2F%2Fxxx.xx.x.xxx%2Fwp-admin%2F&reauth=1'   原来的服务是   'http://xxx.xx.x.xxx/wp-login.php?redirect_to=http%3A%2F%2Fxxx.xx.x.xxx%2Fwp-admin%2F&reauth=1'。

我的完整服务定义是：

 {
    "id" : 109,"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService","serviceId" : "^http://xxx.xx.x.xxx/.*","clientId" : "45rtXXXXXXXXX5d5hfg2gui","clientSecret" : "XXXXXXXXXXXa36j7esahr51478268XXXXXXXXXXX","name" : "My App","description" : "My APP description","evaluationOrder" : 1,"bypassApprovalPrompt": true,"attributeReleasePolicy" : {
        "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy","allowedAttributes" : [
            "java.util.ArrayList",["sn","cn","principalLdapDn","givenName","email","uid","authenticationmethod"]
        ]
    },"accessStrategy" : {
        "@class" : "org.apereo.cas.services.DefaultRegisteredServiceaccessStrategy","unauthorizedRedirectUrl" : "http://mycasserver.or/cas/error","enabled" : true,"ssoEnabled" : true,"requiredAttributes" : {
          "@class" : "java.util.HashMap","authenticationmethod" : [ "java.util.HashSet",[ "ldap","database" ] ]
        }
    },"requiredHandlers" : [ "java.util.HashSet",["ldap","database"] ]
}

在“ cas.properties”文件中，这是我对ldap和数据库的配置：

# LDAP Authentication
cas.authn.ldap[0].ldapUrl=ldap://xxx.xx.x.xx:389
cas.authn.ldap[0].baseDn=dc=ldap,dc=myorganization,dc=com
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].bindDn=cn=admin,dc=ldap,dc=com
cas.authn.ldap[0].bindCredential=mypass
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].name=ldap
cas.authn.ldap[0].order=0

# Database Authentication
cas.authn.jdbc.query[0].user=adminuser
cas.authn.jdbc.query[0].password=adminpassword
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].url=jdbc:mysql://xxx.xx.x.xx:3306/mydatabse
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQL57InnoDBDialect

cas.authn.jdbc.query[0].sql=SELECT * FROM mydatabse.users WHERE username=?
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].name=database
cas.authn.jdbc.query[0].order=1
cas.authn.jdbc.query[0].passwordEncoder.type=org.example.cas.myCustomPasswordEncoder