Get user details on JavaScript frontend using mod_auth_cas and CAS 4.2.4
394 views
Skip to first unread message
Iurii Sergiichuk
Dec 12, 2016, 10:48:06 AM12/12/16
to CAS Community
Hi, I'd like to ask for some assistance on obtaining user information from our frontend (raw html and js), that is hosted with tomcat behind Apache proxy, using mod_auth_cas for handling CAS SSO authentication.
I'm using CAS 4.2.4 and SSO do really work, but I cannot understand how can I get any user-related information from frontend ? As far as I understood user information should be obtained from /cas/serviceValidate call, but while using Apache mod_auth_cas I do not actually see such calls, while after login I'm automatically redirected to Application page and if I'm not authorized - I'd be redirected to /cas/login page.
Could anyone help me and tell what exactly I missed? I can prepare our configurations upon request.
I'm using CAS 4.2.4 and SSO do really work, but I cannot understand how can I get any user-related information from frontend ? As far as I understood user information should be obtained from /cas/serviceValidate call, but while using Apache mod_auth_cas I do not actually see such calls, while after login I'm automatically redirected to Application page and if I'm not authorized - I'd be redirected to /cas/login page.
Could anyone help me and tell what exactly I missed? I can prepare our configurations upon request.
Andrew Morgan
Dec 12, 2016, 12:40:09 PM12/12/16
to CAS Community
Have you looked closely at the README at:
https://github.com/Jasig/mod_auth_cas/blob/master/README
which has this:
Directive: CASValidateSAML
Default: Off
Description: If enabled, the response from the CAS Server will be parsed for SAML
attributes which will be associated with the user.
Directive: CASAttributePrefix
Default: CAS_
Description: mod_auth_cas will add a header named <CASAttributePrefix><attr_name>
with the value of this header being the attribute values when SAML
validation is enabled.
Directive: CASAttributeDelimiter
Default: ,
Description: mod_auth_cas will set the value of the attribute header (as described
in CASAttributePrefix) to <attrvalue><CASAttributeDelimiter><attrvalue>
in the case of multiple attribute values.
Directive: CASScrubRequestHeaders
Default: Off
Description: mod_auth_cas will strip request inbound request headers that may have
special meaning, such as those set with the CASAttributePrefix or the
CASAuthNHeader value.
Andy
Pascal Rigaux
Dec 12, 2016, 3:52:03 PM12/12/16
to cas-...@apereo.org
Hi, is your app really only static html & js?
If that's the case, you can't use CAS:
- you need some server side code to call serviceValidate
- mod-auth-cas can validate, check authorization, but it can't be used
as a web-service that will return user attributes. You still need some
apache SSI / CGI / PHP / servlet / ...
For static web apps, you need oauth2/oidc implicit flow!
cu
Iurii Sergiichuk <savi...@gmail.com> a écrit :
If that's the case, you can't use CAS:
- you need some server side code to call serviceValidate
- mod-auth-cas can validate, check authorization, but it can't be used
as a web-service that will return user attributes. You still need some
apache SSI / CGI / PHP / servlet / ...
For static web apps, you need oauth2/oidc implicit flow!
cu
Iurii Sergiichuk <savi...@gmail.com> a écrit :
Iurii Sergiichuk
Dec 13, 2016, 3:14:21 AM12/13/16
to CAS Community
Yes, I do have looked at README and I've noticed those directives, but look like they do not help, cause even inspecting network I don't have any calls to `/cas/serviceValidate` or `/cas/samlValidate`.
As far as I understood changing my CASValidateURL to SAML validate and enabling SAML should propagate some additional user details, but it does nothing for me. As I cannot receive even username right now.
понедельник, 12 декабря 2016 г., 19:40:09 UTC+2 пользователь morgan написал:
As far as I understood changing my CASValidateURL to SAML validate and enabling SAML should propagate some additional user details, but it does nothing for me. As I cannot receive even username right now.
понедельник, 12 декабря 2016 г., 19:40:09 UTC+2 пользователь morgan написал:
Iurii Sergiichuk
Dec 13, 2016, 3:26:00 AM12/13/16
to CAS Community
Hi, that was the point I was afraid of...
Maybe you can point me what exactly should I look for to use with our CAS ?
понедельник, 12 декабря 2016 г., 22:52:03 UTC+2 пользователь Pascal Rigaux написал:
понедельник, 12 декабря 2016 г., 22:52:03 UTC+2 пользователь Pascal Rigaux написал:
Pascal Rigaux
Dec 13, 2016, 4:54:15 AM12/13/16
to cas-...@apereo.org
If you really really want to do CAS protocol, and have access to the CAS server, you can do something like:
SetEnvIf Origin "http://area51.univ-paris1.fr" HTTP_ORIGIN=$0
Header set Access-Control-Allow-Origin "%{HTTP_ORIGIN}e" env=HTTP_ORIGIN
Header set Access-Control-Allow-Credentials true env=HTTP_ORIGIN
in CAS server.
This allows calling samlValidate in Ajax, for example
http://area51.univ-paris1.fr/prigaux/cas-implicit-grant-CORS.js
http://area51.univ-paris1.fr/prigaux/cas-implicit-grant-CORS.html
cu
On 13/12/2016 09:26, Iurii Sergiichuk wrote:
> Hi, that was the point I was afraid of...
>
> Maybe you can point me what exactly should I look for to use with our CAS ?
>
> понедельник, 12 декабря 2016 г., 22:52:03 UTC+2 пользователь Pascal Rigaux написал:
>
> Hi, is your app really only static html & js?
>
> If that's the case, you can't use CAS:
> - you need some server side code to call serviceValidate
> - mod-auth-cas can validate, check authorization, but it can't be used
> as a web-service that will return user attributes. You still need some
> apache SSI / CGI / PHP / servlet / ...
>
> For static web apps, you need oauth2/oidc implicit flow!
>
> cu
>
> Iurii Sergiichuk <savi...@gmail.com <javascript:>> a écrit :
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org <mailto:cas-user+u...@apereo.org>.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/16cf8db7-0d25-40c4-bc78-d4dec75f4bac%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/16cf8db7-0d25-40c4-bc78-d4dec75f4bac%40apereo.org?utm_medium=email&utm_source=footer>.
--
Pascal Rigaux
Expert en développement et déploiement d'applications
DSIUN-SAS (service applications et services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 402 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 44 07 86 59
SetEnvIf Origin "http://area51.univ-paris1.fr" HTTP_ORIGIN=$0
Header set Access-Control-Allow-Origin "%{HTTP_ORIGIN}e" env=HTTP_ORIGIN
Header set Access-Control-Allow-Credentials true env=HTTP_ORIGIN
in CAS server.
This allows calling samlValidate in Ajax, for example
http://area51.univ-paris1.fr/prigaux/cas-implicit-grant-CORS.js
http://area51.univ-paris1.fr/prigaux/cas-implicit-grant-CORS.html
cu
On 13/12/2016 09:26, Iurii Sergiichuk wrote:
> Hi, that was the point I was afraid of...
>
> Maybe you can point me what exactly should I look for to use with our CAS ?
>
> понедельник, 12 декабря 2016 г., 22:52:03 UTC+2 пользователь Pascal Rigaux написал:
>
> Hi, is your app really only static html & js?
>
> If that's the case, you can't use CAS:
> - you need some server side code to call serviceValidate
> - mod-auth-cas can validate, check authorization, but it can't be used
> as a web-service that will return user attributes. You still need some
> apache SSI / CGI / PHP / servlet / ...
>
> For static web apps, you need oauth2/oidc implicit flow!
>
> cu
>
>
> > Hi, I'd like to ask for some assistance on obtaining user information from
> > our frontend (raw html and js), that is hosted with tomcat behind Apache
> > proxy, using mod_auth_cas for handling CAS SSO authentication.
> >
> > I'm using CAS 4.2.4 and SSO do really work, but I cannot understand how can
> > I get any user-related information from frontend ? As far as I understood
> > user information should be obtained from /cas/serviceValidate call, but
> > while using Apache mod_auth_cas I do not actually see such calls, while
> > after login I'm automatically redirected to Application page and if I'm not
> > authorized - I'd be redirected to /cas/login page.
> >
> > Could anyone help me and tell what exactly I missed? I can prepare our
> > configurations upon request.
>
>
> --
> > Hi, I'd like to ask for some assistance on obtaining user information from
> > our frontend (raw html and js), that is hosted with tomcat behind Apache
> > proxy, using mod_auth_cas for handling CAS SSO authentication.
> >
> > I'm using CAS 4.2.4 and SSO do really work, but I cannot understand how can
> > I get any user-related information from frontend ? As far as I understood
> > user information should be obtained from /cas/serviceValidate call, but
> > while using Apache mod_auth_cas I do not actually see such calls, while
> > after login I'm automatically redirected to Application page and if I'm not
> > authorized - I'd be redirected to /cas/login page.
> >
> > Could anyone help me and tell what exactly I missed? I can prepare our
> > configurations upon request.
>
>
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org <mailto:cas-user+u...@apereo.org>.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/16cf8db7-0d25-40c4-bc78-d4dec75f4bac%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/16cf8db7-0d25-40c4-bc78-d4dec75f4bac%40apereo.org?utm_medium=email&utm_source=footer>.
--
Pascal Rigaux
Expert en développement et déploiement d'applications
DSIUN-SAS (service applications et services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 402 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 44 07 86 59
Reply all
Reply to author
Forward
0 new messages