CAS 4.1.9 with pac4j latest version ?

[Kartik Mehta]

I am trying integrate CAS with OKTA using SAML 2.0 delegate authentication in CAS 4.1.9

If I use Maven CAS overlay for CAS 4.1.9, pac4j resolves to version 1.7.1.

The feature I am missing with 1.7.1 is the ability to use a JCEKS keystore, and being able to supply a keystore alias.

Can I use pac4j 1.9.3 with CAS 4.1.9 ? If so, how to make the CAS overlay resolve to pac4j 1.9.3 ?

I cannot use CAS 4.2.X or CAS 5, because (a) I need to use XML based Spring configuration, as we have customized the wiring to use our own DB authentication code, that authenticates differently compared to JDBC authenticators providers given with CAS 4.2.X and (b) due to backward compatibility reasons, we need to continue to specify some properties the same way for various custom authentication handlers in cas.properties the way we used to till now

(Currently we are on CAS 3.5.2 and only doing DB/LDAP authentication)

[Jérôme LELEU]

Hi,

The versions 1.7.x, 1.8.x and 1.9.x are major releases with breaking changes. So you cannot use pac4j 1.9.4 with CAS 4.1.x.

And we only support two major streams: 1.8.x and 1.9.x (until the release of the 2.0.0 version).

So I see two options:

1) You backport what you need to the 1.7.x branch and I'm willing to cut a new 1.7.x release

2) You customize the ClientAction and ClientAuthenticationHandler classes to work with the 1.9.4 version.

Thanks.

Best regards,

Jérôme

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/531557e9-3df6-4884-8094-d3d276cfcd66%40apereo.org.

[Kartik Mehta]

Thanks Jérôme. Let me see which way I can go. For now, I'll try to continue with my proof of concept using a JKS keystore.

One more question, is it possible to do the equivalent of completely replacing the entries in "handlers" Map of the class org.jasig.cas.authentication.PolicyBasedAuthenticationManager  in CAS 4.2.X ? Can it be done through Spring XML xonfiguration or Java configuration only ?

thanks and regards,

Kartik

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

[Jérôme LELEU]

Hi,

The handlers are defined via the authenticationHandlersResolvers bean in the deployerConfigContext.xml, based on the primaryAuthenticationHandler and primaryPrincipalResolver beans defined in the same file.

So I guess the XML way will be easier.

Thanks.

Best regards,

Jérôme

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/265983a0-8fb7-475a-b54a-d535a9c1e71d%40apereo.org.