Database Lookup after OAuth (gmail authentication)

[Tausif Iqbal]

Hello CAS community,
I'm new to CAS,
I'm trying to implement a webflow that allows user to login through
i) email , password
ii) OAuth (gmail, authentication delegation)

so far I have integrated mysql database with CAS and I am able to login through email and password,
I also have integrated gmail authentication delegation, the issue I am facing , after authenticating with gmail the user is getting login in , even there is no entry for that user in the database.

below is my cas.properties
# Database connection
cas.authn.jdbc.query[0].driver-class=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].url=jdbc:mysql://user-db:3306/casdb
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].user=strand
cas.authn.jdbc.query[0].password=passwrod1234
cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE email = ?

cas.authn.jdbc.query[0].field-password=password

# OAuth

cas.authn.pac4j.oidc[0].google.discovery-uri=https://accounts.google.com/.well-known/openid-configuration
cas.authn.pac4j.oidc[0].google.id=1098068053073-d3gc447aoki6r3ro7a3fd1t14h8ig3an.apps.googleusercontent.com
cas.authn.pac4j.oidc[0].google.secret=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
cas.authn.pac4j.oidc[0].google.callback-url-type=QUERY_PARAMETER
cas.authn.pac4j.oidc[0].google.callback-url=https://localhost:8081/cas/login

Can someone provide a step-by-step guide or point me to relevant documentation on how to achieve this, mainly how to do database lookup after OAuth?
Any code examples or configuration snippets would be greatly appreciated.

Thank you in advance for your help!

[Ray Bon]

Tausif,

By default cas will try each authentication method until one is successful (or user can select authn source). It is expected that users in one store are not in another.

Take a look at https://apereo.github.io/cas/7.1.x/integration/Delegate-Authentication-PostProcessing.html 

and maybe https://fawnoos.com/2024/06/09/cas70x-authn-handlers/ 

Ray

On Thu, 2024-10-10 at 09:35 -0700, Tausif Iqbal wrote:

You don't often get email from tausifi...@gmail.com. Learn why this is important

[Tausif Iqbal]

Hi Ray,
Thankyou for reply and your time.
I tried writing groovy script as mentioned here https://apereo.github.io/cas/7.1.x/integration/Delegate-Authentication-PostProcessing.html.

and updated cas.properties  with this
cas.authn.pac4j.core.groovy-provider-post-processor.location=file:/etc/cas/config/PostProcessor.groovy

and added PostProcessor.groovy in  the above path.
```
import org.apereo.cas.web.*
import org.apereo.cas.web.support.*
import org.springframework.webflow.execution.*

def run(Object[] args) {
    def requestContext = args[0]
    logger.info("Hello inside post processor ")
    def provider = (args[1] as Set<DelegatedClientIdentityProviderConfiguration>)[0]
    def logger = args[2]
    logger.info("Checking provider ${provider.name}...")
    def response = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext)
    logger.info("Redirecting to ${provider.redirectUrl}")
    response.sendRedirect(provider.redirectUrl);
}
```
still I am not getting any log messages from PostProcessor.groovy.

I am using cas6.4   and I am not sure the method mentioned in the above link works for cas6.4.

If you know some documentation  for cas6.4 that is related to post -processing Delegated Authentication, could you please share .

Thankyou in advance for your time and effort.

Tausif