Using a delegated authority with CAS auth providers
91 views
Skip to first unread message
Aaron Chantrill
Sep 27, 2023, 10:55:51 PM9/27/23
to CAS Community
I would like to be able to have my users type in their username and then use a regular expression match to direct the user to either a delegated authority or to a form where they put in their password for an ldap or JDBC authentication.
I see where I can use a regular expression to match to different delegated authorities, but it doesn't seem like I can say to use the non-delegated form if none are matched.
Has anyone figured out how to do something similar?
Thank you,
Aaron
Pablo Vidaurri
Oct 12, 2023, 8:33:45 PM10/12/23
to CAS Community, Aaron Chantrill
Considering some thing similar. For users with xyz email domain delegate to Azure AD, all others use out of the box ldap integration.
Find anything?
Aaron Chantrill
Oct 27, 2023, 2:50:26 PM10/27/23
to CAS Community, Pablo Vidaurri, Aaron Chantrill
No, I haven't found a way. Please let me know if you have found anything. I ended up writing a whole new login form to give my users two different buttons to press depending on whether they are logging in using the delegate provider (AzureAD) or one of the standard providers.
Thank you,
Aaron
Meysam Shirazi
Nov 7, 2023, 7:18:04 AM11/7/23
to CAS Community, Aaron Chantrill, Pablo Vidaurri
I think you can use groovy script to select the delegate provider using query parameter of service request, here is my sample script to detect auto redirect parameter and redirect to delegate provider :
import org.apereo.cas.web.*
import org.apereo.cas.configuration.model.support.delegation.*
import org.apereo.cas.authentication.principal.*
import java.net.*
def run(Object[] args) {
try {
// def requestContext = args[0]
def webApplicationService = args[1] as AbstractWebApplicationService
// def registeredService = args[2]
def provider = args[3][0] as DelegatedClientIdentityProviderConfiguration
def logger = args[4]
if (webApplicationService != null) {
def param = webApplicationService.getAttributes().get("nonce")
if (param != null && param.get(0).equalsIgnoreCase("autoredirect")) {
provider.autoRedirectType = DelegationAutoRedirectTypes.CLIENT
return provider
}
}
} catch (Exception ex) {
logger.error(ex);
}
return null
}
you can develop custom page to get user id and send it to login page.
import org.apereo.cas.configuration.model.support.delegation.*
import org.apereo.cas.authentication.principal.*
import java.net.*
def run(Object[] args) {
try {
// def requestContext = args[0]
def webApplicationService = args[1] as AbstractWebApplicationService
// def registeredService = args[2]
def provider = args[3][0] as DelegatedClientIdentityProviderConfiguration
def logger = args[4]
if (webApplicationService != null) {
def param = webApplicationService.getAttributes().get("nonce")
if (param != null && param.get(0).equalsIgnoreCase("autoredirect")) {
provider.autoRedirectType = DelegationAutoRedirectTypes.CLIENT
return provider
}
}
} catch (Exception ex) {
logger.error(ex);
}
return null
}
you can develop custom page to get user id and send it to login page.
Reply all
Reply to author
Forward
0 new messages