CAS 4.1.x, use a different authentication provider based on the theme of Login page

[Yan Zhou]

Hello,

We have several data source of user credentials, they come from different applications and we are unable to merge them into one single source.  

Instead of configuring CAS to go through each authentication provider until one returns SUCCESS, I wish to select the right provider based on the application user is trying to login, i.e., the theme of login page.   Another way to explain this is that my login page has a "domain" field in addition to username and password field. 

This is not the best idea, but I cannot think of anything better.   

I can extend AbstractUsernamePasswordAuthenticationHandler and implement  authenticateUsernamePasswordInternal()  to carry out the authentication. 

1) How can I pass in an additional value (such as the CSS theme of login page) into this method? it only supports user name and password. I need an additional value to indicate which authentication provider I should use.

2) any alternative solution?

Thanks,

Yan

[Zhou, Yan]

Good idea, can you elaborate how I can get this data in authentication handler?

the data is at entity:  RegexRegisteredService.properties.values,  but how do I get it?  If I have to look up database, I would need a key to look up for.  If it is somewhere populated for the particular service user is logging into, how do I get to it from authentication handler?

Thx!

On 10/13/2016 1:32 PM, Dmitriy Kopylenko wrote:

The quick way to implement this would be to utilize Registered services custom properties: https://apereo.github.io/cas/4.1.x/installation/Configuring-Service-Custom-Properties.html and set which authentication source to use for each defined service. Then you’ll have access to this data at runtime via the ServicesManager, etc.

D.

--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a6dd16c1-ee2e-4bb6-8d46-6f44d1f891ed%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[Dmitriy Kopylenko]

Off the top of my head - you’d need to somehow make the current “Service” instance available to the authn handler - perhaps a SWF state to bind it to ThreadLocal and then use the ServicesManager instance to look up the Registered service based on the current Service requesting authentication transaction from CAS: https://github.com/apereo/cas/blob/4.1.x/cas-server-core-api/src/main/java/org/jasig/cas/services/ServicesManager.java#L57

In any case, you’d need to do some “gymnastics” there…

D.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b13f370-259a-ba90-058e-3ba14f167407%40gmail.com.

[Dmitriy Kopylenko]

On the other hand, CAS v5 has this functionality built-in! See the ‘requiredHandlers’ property: https://apereo.github.io/cas/development/installation/Service-Management.html

Could be another reason to consider CAS5 ;-)

Cheers,

D.

[Dmitriy Kopylenko]

The quick way to implement this would be to utilize Registered services custom properties: https://apereo.github.io/cas/4.1.x/installation/Configuring-Service-Custom-Properties.html and set which authentication source to use for each defined service. Then you’ll have access to this data at runtime via the ServicesManager, etc.

D.

On Oct 13, 2016, at 1:25 PM, Yan Zhou <yana...@gmail.com> wrote: