Ho yes, I did not understood. This is what I have in mind. I'm to young to cas. I'll try to make this on version 5 I've to understand the structure of it and of pac4j
Thanks a lot Le mardi 23 mai 2017 09:46:53 UTC+2, Martin Bohun a écrit : > > Hi Sandy, > > I am not entirely sure what you mean by "BTW I still wonder if CAS 5 can > do it by chaining something somewhere.", one place in our code where one > can kinda "chain" something is currently hardcoded "null" (taken/followed > from pac4j examples) in: > > https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L65 > > Clean/flexible approach is to create a proper "secondaryPrincipalResolver" > (class and bean, instead of the hardcoded null :-) obviously) - i have > already a refactoring task/branch for that - but that is one nice "chaining > point" right there. > > regards, > > martin > > On Tuesday, May 23, 2017 at 5:17:49 PM UTC+10, Sandy Lelarge wrote: >> >> Thank you for your response Martin. >> >> I will take a look into your code. >> >> BTW I still wonder if CAS 5 can do it by chaining something somewhere. >> >> It can already do everthing but not the way I want to. >> >> Perhaps I can make something similar to what you've done by chaining >> social networks auth with cas.authn.attributeRepository.jdbc on CAS 5 >> >> cheers >> >> Le mardi 23 mai 2017 02:16:51 UTC+2, Martin Bohun a écrit : >>> >>> This is very similar to what we (ALA) are doing in our cas-4.0.x: >>> previously user could SignUp/SignIn with username/password stored in sql DB >>> (mysql); I added/extended the project with "one click" SignUp/SignIn via >>> "social media" (Facebook/Google/Twitter/LinkedIn/WindozeLive/GitHub): >>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0 >>> >>> You can have look at our: >>> >>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml >>> (I intentionally try to keep it clean and "intuitively" ordered) >>> >>> First we do the Delegated Authentication exactly as you mentioned; that >>> does verify the user via (Facebook/Google/Twitter), and each of these sends >>> back some profile info (email, firstName, lastName); I wrote a custom >>> cas/pac4j Authenticator: >>> >>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L139-L144 >>> >>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/webapp/WEB-INF/deployerConfigContext.xml#L146-L158 >>> >>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L97 >>> That takes the email address returned by the social media, and (reusing >>> the old sql username/password code/components) tries to retrieve the user >>> from the DB: >>> >>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L130-L139 >>> >>> if an user with such email address does not exist, it will use a create >>> new user sql query to create the user in the DB first and then resume the >>> login process: >>> >>> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L142-L154 >>> >>> >>> regards, >>> >>> martin >>> >>> On Tuesday, May 23, 2017 at 2:39:48 AM UTC+10, Sandy Lelarge wrote: >>>> >>>> Hi all, >>>> >>>> and firstly, thanks for your great job on cas. >>>> >>>> I'm pretty new to it and I'm working with cas 5.0.3.1 >>>> >>>> I can succesfully logon with login/password via a rest service and once >>>> logged succesfully get attribute form an other database via jdbc. >>>> >>>> Now, I'm trying to get authenticate by facebook. I successfully get >>>> logged it. >>>> >>>> >>>> The problem is that I'm trying to make a request on my sql server where >>>> I'm looking for the 'email' field that facebook gave me. >>>> (the same email get as username on login form and that gave me result. >>>> >>>> I can event get a request to the sqlsever. >>>> No error, simply no request. >>>> >>>> Is it possible with a delegate authentication ? >>>> I hopped to like some authentification mecanism by email address... >>>> >>>> Thanks for your help >>>> >>>> facebook throw this list of attribute : >>>> access_token [masked] >>>> email [masked] >>>> first_name [masked] >>>> gender MALE >>>> last_name [masked] >>>> link [masked] >>>> locale fr_FR >>>> name [masked] >>>> third_party_id [masked] >>>> timezone 2 >>>> updated_time 1409185943000 >>>> verified false >>>> >>>> >>>> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/66266e58-b443-4874-950e-9adadb7113f7%40apereo.org.
