CAS 4.0.0: Will it support OIDC (OpenID Connect) features
71 views
Skip to first unread message
yarra srinivas
Sep 28, 2020, 1:47:15 PM9/28/20
to CAS Developer
Hi Folks,
We' re using pretty older version of CAS component (i.e. 4.0.0) for authentication purpose. As per requirement, we don't want to upgrade the CAS Server component; If possible delegate the authentication to third party component like Keycloak. So, to avoid the CAS component upgrade and it's inter-dependency components like spring and other modules in the project.
My basic a doubts as:
1. Will it possible with CAS 4.0.0 to delegate authentication to Keycloak Server?
2. if so, what will be best robust delegate the authentication techniques based on CAS 4.0.0 help us to connect to Keycloak component.
Thanks,
Yarra
Jérôme LELEU
Sep 29, 2020, 3:52:52 AM9/29/20
to yarra srinivas, CAS Developer
Hi,
pac4j v1.7.0 is an old version based on an old version of the Nimbus SDK without default support for Keycloak.
So, even if it is feasible, you'll need customisations to make it work.
As I said on the pac4j mailing list, I highly recommend upgrading the CAS server.
Thanks.
Best regards,
Jérôme
--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-dev+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/24bda63e-781f-4bee-ba0d-8b2bb01f2d80n%40apereo.org.
yarra srinivas
Sep 29, 2020, 4:21:04 AM9/29/20
to CAS Developer, leleuj, CAS Developer, yarra srinivas
Thank you @leleuj for your detail information. I understand your comment, but, based on customer requirements; I'm exploring the feasibility & constraints if we use CAS 4.0.0 version;
yarra srinivas
Sep 30, 2020, 7:52:02 AM9/30/20
to CAS Developer, yarra srinivas, leleuj, CAS Developer
Hi @leleuj,
Kindly guide to parse or cas understand response from keycloak; It will be great help me to proceed further. As you said previous; it might require some customisation; Could you please guide me if possible: am I doing something wrong in oidcClient configuration: @applicationContext.xml file.
<bean id="keyCloakOpenid" class="org.pac4j.oidc.client.OidcClient">
<property name="name" value="openid" />
<property name="clientID" value="yarra-client" />
<property name="secret" value="e374ff0-f724-411d-b6474-46aea4b62a6f" />
<property name="discoveryURI" value="http://hostname:8080/auth/realms/yarra/.well-known/openid-configuration" />
</bean>
<bean id="clients" class="org.pac4j.core.client.Clients">
<property name="callbackUrl" value="https://hostname:8443/cas/login" />
<property name="clientNameParameter" value="KeycloakOIDC" />
<property name="clients">
<list>
<ref bean="keyCloakOpenid" />
</list>
</property>
</bean>
login-webflow.xml:
<action-state id="clientAction">
<evaluate expression="clientAction" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="ticketGrantingTicketCheck" />
<transition on="stop" to="stopWebflow" />
</action-state>
<view-state id="stopWebflow" />
<action-state id="ticketGrantingTicketCheck">
<evaluate expression="ticketGrantingTicketCheckAction"/>
<transition on="notExists" to="gatewayRequestCheck"/>
<transition on="invalid" to="terminateSession"/>
<transition on="valid" to="hasServiceCheck"/>
</action-state>
org.springframework.webflow.engine.NoMatchingTransitionException: No transition was matched on the event(s) signaled by the [1] action(s) that executed in this action state 'ticketGrantingTicketCheck' of flow 'login'; transitions must be defined to handle action result outcomes -- possible flow configuration error? Note: the eventIds signaled were: 'array<String>['success']', while the supported set of transitional criteria for this action state is 'array<TransitionCriteria>[notExists, invalid, valid]'
Kindly help me;
Reply all
Reply to author
Forward
0 new messages