can't get jdbc attribute query after facebook delegated authentication

61 views
Skip to first unread message

Sandy Lelarge

unread,
May 22, 2017, 12:39:48 PM5/22/17
to CAS Community
Hi all,

and firstly, thanks for your great job on cas.

I'm pretty new to it and I'm working with cas 5.0.3.1

I can succesfully logon with login/password via a rest service and once logged succesfully get attribute form an other database via jdbc.

Now, I'm trying to get authenticate by facebook. I successfully get logged it.


The problem is that I'm trying to make a request on my sql server where I'm looking for the 'email' field that facebook gave me.
(the same email get as username on login form and that gave me result.

I can event get a request to the sqlsever.
No error, simply no request.

Is it possible with a delegate authentication ?
I hopped to like some authentification mecanism by email address...

Thanks for your help

facebook throw this list of attribute :
access_token [masked]
email[masked]
first_name[masked]
genderMALE
last_name[masked]
link[masked]
localefr_FR
name[masked]
third_party_id[masked]
timezone2
updated_time1409185943000
verifiedfalse


Martin Bohun

unread,
May 22, 2017, 8:16:51 PM5/22/17
to CAS Community
This is very similar to what we (ALA) are doing in our cas-4.0.x: previously user could SignUp/SignIn with username/password stored in sql DB (mysql); I added/extended the project with "one click" SignUp/SignIn via "social media" (Facebook/Google/Twitter/LinkedIn/WindozeLive/GitHub):

You can have look at our:
(I intentionally try to keep it clean and "intuitively" ordered)

First we do the Delegated Authentication exactly as you mentioned; that does verify the user via (Facebook/Google/Twitter), and each of these sends back some profile info (email, firstName, lastName); I wrote a custom cas/pac4j Authenticator:
That takes the email address returned by the social media, and (reusing the old sql username/password code/components) tries to retrieve the user from the DB:

if an user with such email address does not exist, it will use a create new user sql query to create the user in the DB first and then resume the login process:

regards,

martin

Sandy Lelarge

unread,
May 23, 2017, 3:17:49 AM5/23/17
to CAS Community
Thank you for your response Martin.

I will take a look into your code.

BTW I still wonder if CAS 5 can do it by chaining something somewhere.

It can already do everthing but not the way I want to.

Perhaps I can make something similar to what you've done by chaining social networks auth with cas.authn.attributeRepository.jdbc on CAS 5

cheers

Martin Bohun

unread,
May 23, 2017, 3:46:53 AM5/23/17
to CAS Community
Hi Sandy,

I am not entirely sure what you mean by "BTW I still wonder if CAS 5 can do it by chaining something somewhere.", one place in our code where one can kinda "chain" something is currently hardcoded "null" (taken/followed from pac4j examples) in:

Clean/flexible approach is to create a proper "secondaryPrincipalResolver" (class and bean, instead of the hardcoded null :-) obviously) - i have already a refactoring task/branch for that - but that is one nice "chaining point" right there.

regards,

martin

Sandy Lelarge

unread,
May 23, 2017, 3:54:26 AM5/23/17
to CAS Community
Ho yes, I did not understood.
This is what I have in mind.

I'm to young to cas. I'll try to make this on version 5
I've to understand the structure of it and of pac4j

Thanks a lot
Reply all
Reply to author
Forward
0 new messages