Pac4j delegate authentication, adding a PrincipalResolver to ClientAuthenticationHandler

[Charles Le Gallic]

Hi,

We are currently using CAS 4.2.5 as an OpenId Connect (OIDC) client to retrieve the identity provider attributes.

It works like a charm (congratulations to the CAS development team :)).

But we wish to add additional attributes, retrieved from our internal database, to the user CAS principal, once the user has been successfully authenticated through the OIDC authentication sequence.

As the ClientAuthenticationHandler is registered on the AuthenticationManager with no PrincipalResolver, we cannot use any attribute repository.

Is there a way to register a Principal Resolver for ClientAuthenticationHandler, or is there any other way to achieve our goal ?

Regards,

Charles

[Jérôme LELEU]

Hi,

You're right: there is no PrincipalResolver in the ClientAuthenticationHandler: I guess it would make sense to add that to be able to fetch additional information. Can you open a Github issue for that improvement?

Currently, you likely need to override the createResult method of the authentication handler.

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cdd6def3-4402-4146-975a-3e0503866725%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[Charles Le Gallic]

Hi,

Thanks for your answer.

The issue has been created here

I should have try to propose a PR, but I'm not quite enough comfortable with CAS 4.x for now ;)

Regards,

Charles

Le vendredi 30 septembre 2016 18:22:11 UTC+2, leleuj a écrit :

Hi,

You're right: there is no PrincipalResolver in the ClientAuthenticationHandler: I guess it would make sense to add that to be able to fetch additional information. Can you open a Github issue for that improvement?

Currently, you likely need to override the createResult method of the authentication handler.

Thanks.

Best regards,

Jérôme

2016-09-30 14:48 GMT+02:00 Charles Le Gallic <cha...@amoae.com>:

Hi,

We are currently using CAS 4.2.5 as an OpenId Connect (OIDC) client to retrieve the identity provider attributes.

It works like a charm (congratulations to the CAS development team :)).

But we wish to add additional attributes, retrieved from our internal database, to the user CAS principal, once the user has been successfully authenticated through the OIDC authentication sequence.

As the ClientAuthenticationHandler is registered on the AuthenticationManager with no PrincipalResolver, we cannot use any attribute repository.

Is there a way to register a Principal Resolver for ClientAuthenticationHandler, or is there any other way to achieve our goal ?

Regards,

Charles

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

[Jérôme LELEU]

Hi,

You'll need to submit a PR for the master as well (5.0.0).

Thanks for your contribution.

Best regards,

Jérôme

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/85aabf5b-68cd-4176-826b-fe92c94f5470%40apereo.org.