Sanitize username

63 views
Skip to first unread message

Rafiek M

unread,
Jan 18, 2021, 7:22:51 AM1/18/21
to CAS Community
Hi all,

Does anybody know how to sanitize the username? We are able to send any sequence of characters for the username, but we would like to limit the allowed set of characters.

regards,
Rafiek

Andy Ng

unread,
Jan 20, 2021, 9:08:17 PM1/20/21
to CAS Community, rafiek.moh...@gmail.com
Hi Rafiek,

I can think of 3 methods of implementing your requirement:
  1. Using Principal Transformation:
    1. e.g. https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties-Common.html#authentication-principal-transformation for Principal transformation for database
    2. However, this kind of principal transformation only do transformation, it will not output error if the transformation not work
    3. Also, you are bounded by the default set of princiapl transformation option allowed (to upper, to lower), which is doubt is your goal
  2. Using pre-processor by Groovy script :
    1. While I didn't used this before, by the description it seems match your use case:
    2. https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#authentication-pre-processing
    3. See if this will be useful, if not use the other options
  3. Using custom Authentication Handler:
    1. Another ways is to implement custom authentication handler
    2. see this for how to do it in older version of CAS: https://apereo.github.io/2018/06/12/cas53-authn-handlers/  
    3. It is a lot more custom code, but those code usually is backward compatible (I use custom authen starting from 5.1 all the way to 6.2, seems like still working without much edit)
    4. The best thing about this option, is that you will have full control on how you sanitize the username, including using maybe other component (e.g. JDBC) for your santization if you so choose
See if this is useful. Or maybe other option available as well, if so other can add in.

Cheers!
- Andy

Rafiek M

unread,
Jan 21, 2021, 12:30:34 PM1/21/21
to CAS Community, Andy Ng, Rafiek M
Hi Andy,

Thanks for the help! We went with a custom filter that sanitizes the username value. We might refactor it to a custom Authentication handler in the future, but a filter is seems like a pretty stable and simple solution for now.

kind regards,
Rafiek

Op donderdag 21 januari 2021 om 03:08:17 UTC+1 schreef Andy Ng:
Reply all
Reply to author
Forward
0 new messages