Additional step for login via Delegate Authentication
76 views
Skip to first unread message
Franck V.
Jul 2, 2024, 6:03:21 AM7/2/24
to CAS Community
Dear CAS community,
In my project users can register/log-in with either a username/password (implemented via Database Authentication or a Google account (implemented via the Delegate Authentication.
For the delegate authentication, we save the user profile in a database via a REST Provisioner.
The configuration looks like this.
cas:
authn:
pac4j:
provisioning:
rest:
method: POST
url: http://<some-user-management-service>
google:
id: <google-id>
secret: <google-secret>
A requested feature is for administrators of the application to be able to disable users so that they are not allowed to log in.
This is straightforward to implement for Database authentication (by checking a flag in the database for each user)) but I can't figure out how to do it for the Delegate Authentication. I tried to return an HTTP error code from the provisioning REST endpoint but it is not taken into account (I assumed that if the provisioning failed the user wouldn't be allowed to log in).
Does anyone have an idea how to do it?
In my project users can register/log-in with either a username/password (implemented via Database Authentication or a Google account (implemented via the Delegate Authentication.
For the delegate authentication, we save the user profile in a database via a REST Provisioner.
The configuration looks like this.
cas:
authn:
pac4j:
provisioning:
rest:
method: POST
url: http://<some-user-management-service>
google:
id: <google-id>
secret: <google-secret>
A requested feature is for administrators of the application to be able to disable users so that they are not allowed to log in.
This is straightforward to implement for Database authentication (by checking a flag in the database for each user)) but I can't figure out how to do it for the Delegate Authentication. I tried to return an HTTP error code from the provisioning REST endpoint but it is not taken into account (I assumed that if the provisioning failed the user wouldn't be allowed to log in).
Does anyone have an idea how to do it?
I could use my endpoint http://<some-user-management-service> to check if a user is disabled or not but couldn't figure out where to call it.
Would one of the solution be to use a Groovy script for "Delegated Authentication Post Processing" or "Extending CAS Webflow".
Thanks!
Franck
Would one of the solution be to use a Groovy script for "Delegated Authentication Post Processing" or "Extending CAS Webflow".
Thanks!
Franck
Reply all
Reply to author
Forward
0 new messages