Using the username field pre-authentication to do home realm discovery?

95 views
Skip to first unread message

Sean F

unread,
Nov 27, 2023, 11:51:02 PM11/27/23
to CAS Community
Hi. I'm curious if CAS can be used to do home realm discovery after the user enters their username?

My proposed workflow would be:

1. User enters a username
2. The authentication strategy would depend on what the user entered by looking up the username with a REST service (or some other strategy)
3. One type of username would use LDAP authentication, a different type of username would be sent to Azure AD to complete the authentication.

Thanks!

Mohamed Amdouni

unread,
Nov 28, 2023, 4:40:42 AM11/28/23
to cas-...@apereo.org
Hello,

I think that it could be possible using pac4j (cas delegated authentication) and you choose the dynamic type with some groovy scripts : 

But I don’t know if you can process the ldap authentication with the same cas instance or you can delegate to a second instance. To test…

Best regards 

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7612de9b-7aa5-4622-8d0f-774915555100n%40apereo.org.

Ray Bon

unread,
Dec 5, 2023, 2:27:01 AM12/5/23
to cas-...@apereo.org
Sean,

If you have multiple authentication sources (cas.authn. properties), cas will check each one for the username, and stop when when authn completes. This will work if each username is unique across realms or you can put authn sources in an order that would catch users, in multiple realms, with their main realm.

I seem to remember a discussion on the list about two step authn (enter username on one page, then password on the next).

Ray

On Mon, 2023-11-27 at 18:45 -0800, Sean F wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Reply all
Reply to author
Forward
0 new messages