Advice for getting user from database after OIDC delegated authentication login

Juan David Sánchez

unread,

Mar 13, 2019, 4:32:48 AM3/13/19

to CAS Community

Hi,

I’m using Cas with OpenId Connect support. The authentication is deletaged to Azure Active Directory but I also have a user database (which regularly pulls users from the active directory) from which I would like to retrieve some user attributes after a sucessfull login in Azure.

I would like to extract the unique_name, which I’m getting from Azure, and then fetch a user from database whose email matches that unique_name, and finally return to the application releasing the user attributes fetched from database.

Before throwing myself into a custom development, I would like to ask to the community if there is built-in way in which I could achive this.

Thank you for the support

Martin Bohun

unread,

Mar 13, 2019, 5:02:55 AM3/13/19

to CAS Community

Hi Juan,

We (ALA) are doing exactly that with a custom AuthenticationHandler:

https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L99

Basically one of the "social media" OAuth1.0, OAuth2.0, OICD, SAML, etc. does the authentication and returns an email_address, first_name, surname, I take the email and check if it already exists in our user DB, if yes, i just SignIn the user, if the user does not exist I create the user in the DB (SignUp) and then SignIn

We had originally only username/password login (the user credentials are stored in mysql DB) so I simply reused all the existing DB beans, properties (like the SQL query to get the user with user attributes etc), the only addition was the authentication with "social media", and getting the email address, from there on it connected to the existing username/password login scenario.

kind regards,

martin

juancho

unread,

Mar 13, 2019, 6:57:20 AM3/13/19

to cas-...@apereo.org

Hello Martin,

Thank you very much for sharing it. I'll have a look to undestand it and adapt it to my needs.

Best regards,

Juan

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e1dd9bd-9286-42b0-a71b-884b9ef06b12%40apereo.org.

Reply all

Reply to author

Forward