Hi Sandy, I am not entirely sure what you mean by "BTW I still wonder if CAS 5 can do it by chaining something somewhere.", one place in our code where one can kinda "chain" something is currently hardcoded "null" (taken/followed from pac4j examples) in: https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L65
Clean/flexible approach is to create a proper "secondaryPrincipalResolver" (class and bean, instead of the hardcoded null :-) obviously) - i have already a refactoring task/branch for that - but that is one nice "chaining point" right there. regards, martin On Tuesday, May 23, 2017 at 5:17:49 PM UTC+10, Sandy Lelarge wrote: > > Thank you for your response Martin. > > I will take a look into your code. > > BTW I still wonder if CAS 5 can do it by chaining something somewhere. > > It can already do everthing but not the way I want to. > > Perhaps I can make something similar to what you've done by chaining > social networks auth with cas.authn.attributeRepository.jdbc on CAS 5 > > cheers > > Le mardi 23 mai 2017 02:16:51 UTC+2, Martin Bohun a écrit : >> >> This is very similar to what we (ALA) are doing in our cas-4.0.x: >> previously user could SignUp/SignIn with username/password stored in sql DB >> (mysql); I added/extended the project with "one click" SignUp/SignIn via >> "social media" (Facebook/Google/Twitter/LinkedIn/WindozeLive/GitHub): >> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0 >> >> You can have look at our: >> >> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml >> (I intentionally try to keep it clean and "intuitively" ordered) >> >> First we do the Delegated Authentication exactly as you mentioned; that >> does verify the user via (Facebook/Google/Twitter), and each of these sends >> back some profile info (email, firstName, lastName); I wrote a custom >> cas/pac4j Authenticator: >> >> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L139-L144 >> >> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L146-L158 >> >> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L97 >> That takes the email address returned by the social media, and (reusing >> the old sql username/password code/components) tries to retrieve the user >> from the DB: >> >> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L130-L139 >> >> if an user with such email address does not exist, it will use a create >> new user sql query to create the user in the DB first and then resume the >> login process: >> >> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L142-L154 >> >> >> regards, >> >> martin >> >> On Tuesday, May 23, 2017 at 2:39:48 AM UTC+10, Sandy Lelarge wrote: >>> >>> Hi all, >>> >>> and firstly, thanks for your great job on cas. >>> >>> I'm pretty new to it and I'm working with cas 5.0.3.1 >>> >>> I can succesfully logon with login/password via a rest service and once >>> logged succesfully get attribute form an other database via jdbc. >>> >>> Now, I'm trying to get authenticate by facebook. I successfully get >>> logged it. >>> >>> >>> The problem is that I'm trying to make a request on my sql server where >>> I'm looking for the 'email' field that facebook gave me. >>> (the same email get as username on login form and that gave me result. >>> >>> I can event get a request to the sqlsever. >>> No error, simply no request. >>> >>> Is it possible with a delegate authentication ? >>> I hopped to like some authentification mecanism by email address... >>> >>> Thanks for your help >>> >>> facebook throw this list of attribute : >>> access_token [masked] >>> email [masked] >>> first_name [masked] >>> gender MALE >>> last_name [masked] >>> link [masked] >>> locale fr_FR >>> name [masked] >>> third_party_id [masked] >>> timezone 2 >>> updated_time 1409185943000 >>> verified false >>> >>> >>> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/812ab837-720d-4b32-b273-cefbf6fdcbed%40apereo.org.
