Database Authentication and External Service for more information about principle object

Gangadhar Vulpay

unread,

Jan 27, 2017, 11:38:58 AM1/27/17

to CAS Community

First I would like to thanks all CAS Community users for you support.

We need to do following

1) Authenticate the user against database (Say MySQL)

2) On success full authentication Call external Service to get more information about user (It could be like authorization data)

3) then build the Principle with Step1 and Step2 Data.

I am planning to do this as follows

1) Write our own Database Authentication Handler for Authentication

2) Write web Service client to talk to Authorization service to get more data

As per documentation we no need to write our own DatabaseAuthentication handler.

If we configure below properties it will work

-----

cas.authn.jdbc.query[0].sql=

cas.authn.jdbc.query[0].healthQuery=

cas.authn.jdbc.query[0].isolateInternalQueries=

cas.authn.jdbc.query[0].url=

......

----

But since I need more data from other service to return final principle object,

I was thinking I will write Eternal web-service call inside .

CustomDatabaseDatabaseAuthenticationHandler.authenticateUsernamePasswordInternal {

1) check in database

2) On success, call external webservice.

}

I am thinking my design is not clean. It will be helpfull if any one has this type of use-case or any clean design to do with CAS with our doing custom coding.

Thanks,

Ganga

Dmitriy Kopylenko

unread,

Jan 27, 2017, 12:17:20 PM1/27/17

to cas-...@apereo.org

I wouldn’t do it this way. I’d personality plug in Groovy attribute resolver where you’d be able to do external systems HTTP calls, etc. All working within CAS’ framework without the need to reinvent the wheel

https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#groovy

Cheers,

D.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/aea725c7-2171-4f9a-a622-a8154f2ac3fd%40apereo.org.

Gangadhar Vulpay

unread,

Jan 27, 2017, 3:17:35 PM1/27/17

to CAS Community, dkopy...@unicon.net

Thanks Dmitriy,

Yes you are 100% correct. It's always good to use CAS features. I ahve No Idea why My CAS server is taking "ReturnAllowedAttributeReleasePolicy"

I am setting below one for my Service.

"attributeReleasePolicy" : {
  "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"

}

2017-01-27 15:04:48,822 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Calling attribute policy ReturnAllowedAttributeReleasePolicy to process attributes for ganga>

2017-01-27 15:04:48,822 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attribute policy ReturnAllowedAttributeReleasePolicy allows release of {} for ganga>

2017-01-27 15:04:48,822 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Checking default attribute policy attributes>

2017-01-27 15:04:48,822 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Located application context. Retrieving default attributes for release, if any>

2017-01-27 15:04:48,822 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes for release are: []>

Thanks,

Ganga

On Friday, January 27, 2017 at 12:17:20 PM UTC-5, Dmitriy Kopylenko wrote:

I wouldn’t do it this way. I’d personality plug in Groovy attribute resolver where you’d be able to do external systems HTTP calls, etc. All working within CAS’ framework without the need to reinvent the wheel

https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#groovy

Cheers,
D.

Dmitriy Kopylenko

unread,

Jan 27, 2017, 3:26:15 PM1/27/17

to cas-...@apereo.org

You’d want to make sure that the JSON svc registry you are using in fact is “in effect” and/or the policy in question is set on the correct service definition for which the log entry is emitted.

Best,

D.

From: Gangadhar Vulpay <vulpay.g...@gmail.com>
Reply: cas-...@apereo.org <cas-...@apereo.org>

Date: January 27, 2017 at 3:17:43 PM
To: CAS Community <cas-...@apereo.org>
Cc: dkopy...@unicon.net <dkopy...@unicon.net>
Subject: Re: [cas-user] Database Authentication and External Service for more information about principle object

Thanks Dmitriy,

Yes you are 100% correct. It's always good to use CAS features. I ahve No Idea why My CAS server is taking "ReturnAllowedAttributeReleasePolicy"

I am setting below one for my Service.

"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"

}

2017-01-27 15:04:48,822 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Calling attribute policy ReturnAllowedAttributeReleasePolicy to process attributes for ganga>

2017-01-27 15:04:48,822 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Attribute policy ReturnAllowedAttributeReleasePolicy allows release of {} for ganga>

2017-01-27 15:04:48,822 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Checking default attribute policy attributes>

2017-01-27 15:04:48,822 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Located application context. Retrieving default attributes for release, if any>

2017-01-27 15:04:48,822 DEBUG [org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy] - <Default attributes for release are: []>

Thanks,

Ganga

On Friday, January 27, 2017 at 12:17:20 PM UTC-5, Dmitriy Kopylenko wrote:

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d28d68be-4ce8-4261-bc4f-d9dfd6e51878%40apereo.org.

Gangadhar Vulpay

unread,

Jan 27, 2017, 4:46:58 PM1/27/17

to CAS Community, dkopy...@unicon.net

Thanks Dimity for your help.

The issue was. I registered my service "serviceId" : "^http://localhost:9080/sample/securelink/.*"

But I was re-directing to CAS with https://localhost:8443/cas/login?service=https://localhost:9443/sample/securelink/help.jsp

Since my registry has HTTP ONLY That was the issue.

After changing to "serviceId" : "^https://localhost:9443/sample/securelink/.*", things started working.

Thanks,

Ganga

On Friday, January 27, 2017 at 3:26:15 PM UTC-5, Dmitriy Kopylenko wrote:

You’d want to make sure that the JSON svc registry you are using in fact is “in effect” and/or the policy in question is set on the correct service definition for which the log entry is emitted.

Best,
D.

Reply all

Reply to author

Forward