This is very similar to what we (ALA) are doing in our cas-4.0.x: previously user could SignUp/SignIn with username/password stored in sql DB (mysql); I added/extended the project with "one click" SignUp/SignIn via "social media" (Facebook/Google/Twitter/LinkedIn/WindozeLive/GitHub): https://github.com/AtlasOfLivingAustralia/ala-cas-2.0
You can have look at our: https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml (I intentionally try to keep it clean and "intuitively" ordered) First we do the Delegated Authentication exactly as you mentioned; that does verify the user via (Facebook/Google/Twitter), and each of these sends back some profile info (email, firstName, lastName); I wrote a custom cas/pac4j Authenticator: https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L139-L144 https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L146-L158 https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L97 That takes the email address returned by the social media, and (reusing the old sql username/password code/components) tries to retrieve the user from the DB: https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L130-L139 if an user with such email address does not exist, it will use a create new user sql query to create the user in the DB first and then resume the login process: https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L142-L154 regards, martin On Tuesday, May 23, 2017 at 2:39:48 AM UTC+10, Sandy Lelarge wrote: > > Hi all, > > and firstly, thanks for your great job on cas. > > I'm pretty new to it and I'm working with cas 5.0.3.1 > > I can succesfully logon with login/password via a rest service and once > logged succesfully get attribute form an other database via jdbc. > > Now, I'm trying to get authenticate by facebook. I successfully get logged > it. > > > The problem is that I'm trying to make a request on my sql server where > I'm looking for the 'email' field that facebook gave me. > (the same email get as username on login form and that gave me result. > > I can event get a request to the sqlsever. > No error, simply no request. > > Is it possible with a delegate authentication ? > I hopped to like some authentification mecanism by email address... > > Thanks for your help > > facebook throw this list of attribute : > access_token [masked] > email [masked] > first_name [masked] > gender MALE > last_name [masked] > link [masked] > locale fr_FR > name [masked] > third_party_id [masked] > timezone 2 > updated_time 1409185943000 > verified false > > > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/62f58523-b569-44a8-a44f-adeab927fcd9%40apereo.org.
