stackoom
  简体   繁体   中英

cas delegated authenticaion: dynamic client id and secret in cas pac4j

 原文  2019-11-06 09:56:50       cas/ pac4j

Question

I've cas configuration as below

cas.authn.pac4j.typed-id-used=true
cas.authn.pac4j.oauth2[0].principal-attribute-id=preferred_username
cas.authn.pac4j.oauth2[0].id=xxxxxxxxxxxxxx
cas.authn.pac4j.oauth2[0].secret=xxxxxxxxxx
cas.authn.pac4j.oauth2[0].client-name=salesforce
cas.authn.pac4j.oauth2[0].auth-url=https://login.salesforce.com/services/oauth2/authorize
cas.authn.pac4j.oauth2[0].token-url=https://login.salesforce.com/services/oauth2/token
cas.authn.pac4j.oauth2[0].profile-url=https://login.salesforce.com/services/oauth2/userinfo
cas.authn.pac4j.oauth2[0].use-path-based-callback-url=false
cas.authn.pac4j.oauth2[0].profile-attrs.preferred_username=preferred_username

In the login page I need to get the user email-id and based on email id fetch the client id and secret from database and then use in redirect-url.

Is it possible to achieve this?

1 answers

solution1
 0  2019-11-23 10:05:43

I need to get the user email-id and based on email id fetch the client id and secret from database and then use in redirect-url.

There is no way in CAS to modify the redirection-url for delegated authentication. The redirection-urls are built and calculated using pac4j automatically, and there is not a way out-of-the-box to dynamically manipulate that URL.

To accommodate this, you cannot rely on CAS creating pac4j clients for you automatically. Instead, you need to create your own pac4j clients manually. This means:

  • You will need to design a Spring configuration class
  • You will have to create and inject your own client into CAS
  • You will need to modify your newly-built client with a special implementation of RedirectionActionBuilder . Every client object has access to a RedirectionActionBuilder that knows how to build redirect-urls. You will need to write your own to make changes to the redirect-url.

CAS will eventually execute this code to make the redirection happen: 

final View result;
final RedirectAction action = client.getRedirectAction(webContext);
if (RedirectAction.RedirectType.SUCCESS.equals(action.getType())) {
    result = new DynamicHtmlView(action.getContent());
} else {
    final URIBuilder builder = new URIBuilder(action.getLocation());
    final String url = builder.toString();
    LOGGER.debug("Redirecting client [{}] to [{}] based on identifier [{}]", client.getName(), url, ticket.getId());
    result = new RedirectView(url);
}

The key line is client.getRedirectAction(webContext); , which is where the redirect-action is used and if your client is using your own implementation of that concept, then that would be the one to determine the final URL.

Alternatively , you can modify the DelegatedClientNavigationController.java in your overlay and manipulate the url (and the above code) as you like.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question CAS - Pac4J - SSLHandshakeException shiro pac4j cas ajax 401 when accessing another client UAA client CAS5 IDP OIDC Pac4j Session profile missing accessToken CAS 6.1 - State Parameter null with Pac4J shiro buji pac4j cas single sign out not work CAS Delegated Authentication and AttributeReleasePolicies CAS Delegated Authentication with ADFS Integrating Java CAS Server and Python CAS Client CAS client contacts CAS server for every request CAS attributes in wsfederation not being forwarded to CAS client
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM