Multiple callback urls for SAML2Client
133 views
Skip to first unread message
Anand Kumar
Jun 24, 2021, 12:43:49 PM6/24/21
to Pac4j users mailing list
Hi,
Is it possible to define multiple callback URLs for an application ?
Users should be able to come in through some thing like:
Thanks.
Jérôme LELEU
Jun 28, 2021, 2:28:12 AM6/28/21
to Anand Kumar, Pac4j users mailing list
Hi,
You may define multiple callback URLs, at the Client or Clients level.
Thanks.
Best regards,
Jérôme
--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/f4fda9f1-e231-409f-becf-33859225fb33n%40googlegroups.com.
Anand Kumar
Jun 28, 2021, 1:48:18 PM6/28/21
to Pac4j users mailing list
Hi Jerome,
I don't see a place to add multiple callbacks in the Clients.
final Clients clients = new Clients("http://localhost:8080/callback", saml2Client, anonymousClient);
How would I go about doing this ?
Thanks,
Anand
Jérôme LELEU
Jun 29, 2021, 1:59:02 AM6/29/21
to Anand Kumar, Pac4j users mailing list
Hi,
You can set the callback URL at the Client level.
For example: casClient.setCallbackURL(xxx);
Thanks.
Best regards,
Jérôme
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/b22253ad-1793-4e26-b80c-c50f804f5b2en%40googlegroups.com.
Anand Kumar
Jun 29, 2021, 3:33:02 PM6/29/21
to Pac4j users mailing list
Jerome,
I am assuming you are suggesting to create two saml2 clients and give them their own call backs (external and internal).
I tried this:
In Pac4jConfig.java:
saml2Client.setName("client1");
saml2Client.setCallbackUrl("https://external.domain.com/app/callback");
saml2Client2.setName("client2");
saml2Client2.setCallbackUrl("https://internal.domain.com/app/callback");
final Clients clients = new Clients("https://external.domain.com/app/callback", saml2Client, saml2Client2, anonymousClient);
In SecurityConfig.java
I added SecurityInterceptor for both client1 and client2 with exact same authorizers. I do not see the second interceptor executing if I come in through internal (https://external.domain.com/app) since the context, /app, is same for both client1 and client2.
In this example the /app should remain the same no matter which url is used.
How will pac4j determine which interceptors to fire since the app context is the same?
Thanks.
Jérôme LELEU
Jun 30, 2021, 2:53:49 AM6/30/21
to Anand Kumar, Pac4j users mailing list
Hi,
In that case, you don't need to set the callback URL in the Clients component.
How did you define your interceptors?
Thanks.
Best regards,
Jérôme
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/d05eb94c-0a37-4e29-b546-6dcb06e3688an%40googlegroups.com.
Anand Kumar
Jun 30, 2021, 7:26:15 PM6/30/21
to Jérôme LELEU, Pac4j users mailing list
Hi Jerome ,
What shouild I set the Clients callback to... "" ?
SecurityInterceptor client2 = new SecurityInterceptor(config,
"client1", new Authorizer[]{ new RequireAnyRoleAuthorizer(
...
)});
client2.setHttpActionAdapter(JEEHttpActionAdapter.INSTANCE);
The interceptor is defined like:
public class SecurityConfig implements WebMvcConfigurer {
@Autowired
private Config config;
@Override
public void addInterceptors(InterceptorRegistry registry) {
SecurityInterceptor client1 = new SecurityInterceptor(config,
"client1", new Authorizer[]{ new RequireAnyRoleAuthorizer(
...
)});
client1.setHttpActionAdapter(JEEHttpActionAdapter.INSTANCE);
@Autowired
private Config config;
@Override
public void addInterceptors(InterceptorRegistry registry) {
SecurityInterceptor client1 = new SecurityInterceptor(config,
"client1", new Authorizer[]{ new RequireAnyRoleAuthorizer(
...
)});
client1.setHttpActionAdapter(JEEHttpActionAdapter.INSTANCE);
SecurityInterceptor client2 = new SecurityInterceptor(config,
"client1", new Authorizer[]{ new RequireAnyRoleAuthorizer(
...
)});
client2.setHttpActionAdapter(JEEHttpActionAdapter.INSTANCE);
registry.addInterceptor(client1).addPathPatterns("/ui/*");registry.addInterceptor(client2).addPathPatterns("/ui/*");registry.addInterceptor(buildInterceptor("AnonymousClient")).addPathPatterns("/*").excludePathPatterns("/callback*");}
private SecurityInterceptor buildInterceptor(final String client) {
return new SecurityInterceptor(config, client, JEEHttpActionAdapter.INSTANCE);
}
}
Jérôme LELEU
Jul 1, 2021, 3:58:43 AM7/1/21
to Anand Kumar, Pac4j users mailing list
Hi,
Don't set any callback URL (no parameter) in the Clients component.
Both SecurityInterceptor apply on the same pattern that's why the second one is never called.
You need to add a Matcher to each SecurityInterceptor to trigger it when necessary: http://www.pac4j.org/docs/matchers.html
Thanks.
Best regards,
Jérôme
Anand Kumar
Jul 2, 2021, 10:09:21 PM7/2/21
to Jérôme LELEU, Pac4j users mailing list
Jerome,
Thanks for the clarification.
I can’t change the interceptor pattern because I need the url pattern to be the same across both urls.
Thanks,
Anand
Reply all
Reply to author
Forward
0 new messages