One of the big limitations that I have at the organization's policy level is that I cannot allow anything external to the organization to go against our database, due to data protection and user issues, that is why I have to service our that is implemented, tested, validated and audited, then connect CAS with our service and it will return the answer if the user can enter or not, in addition to their role, name and personal data, but in this case the only thing I owe See at this time and I think that you could guide me, it is how I delegate the authentication to a custom handler, that just when I enter my username and password I can call a class in java that is in charge of communicating with my service. Unfortunately I have to do a very customized customization, where the CAS engine, basically is for the SSO function, to be accredited in the different domains we have.
El lunes, 16 de diciembre de 2019, 16:11:52 (UTC-3), rbon escribió: > > Fernando, > > CAS can connect to the database for authentication, > https://apereo.github.io/cas/6.1.x/installation/Database-Authentication.html > It can also get attributes from a database, > https://apereo.github.io/cas/6.1.x/integration/Attribute-Resolution.html > which can be released to your application with SAML1.1 or CAS protocol v3, > https://apereo.github.io/cas/6.1.x/protocol/Protocol-Overview.html > > You say 'What I use for login is the CAS', then you say, 'I have to solve > is the authentication'. Login with CAS _is_ authentication. Do you mean > authorization? That is, what actions a user might perform in your > application (read data, update data etc.)? > > If you are trying to restrict user access to your application, CAS can do > that with attributes from the database. In the service definition, you can > say a user must have this attribute and value to log in, > https://apereo.github.io/cas/6.1.x/services/Configuring-Service-Access-Strategy.html > > The roll of CAS comes first, is the user whom they claim to be? If yes, > then your application has to determine what the user can do. > > Just in case your application has to make calls to another application > (not to a database), there is the proxy flow that CAS offers, > https://apereo.github.io/cas/6.1.x/installation/Configuring-Proxy-Authentication.html > > I hope this clears things up. > > Ray > > On Mon, 2019-12-16 at 10:41 -0800, Fernando Gómez wrote: > > Hi Ray, I really appreciate you answering me; It is possible that I > explained myself badly, for my implementation and for this post, I am > abstracting from the client, assuming that it already exists as indeed it > is. What I use for login is the CAS but what I have to solve is the > authentication, that process cannot be done to CAS, I must use my external > services that go against my database, the user looks for compares the user > and password and it returns a result which I pass it to the CAS server, and > CAS must generate the tickets to be able to enter my application that I > already have, my doubts is how do I tell CAS to check my external service? > > > > El lunes, 16 de diciembre de 2019, 15:15:26 (UTC-3), rbon escribió: > > Fernando, > > The purpose of CAS is to eliminate your application's login page. > For your application to use CAS, it needs a CAS client, > https://apereo.github.io/cas/6.1.x/integration/CAS-Clients.html > > A simplified CAS login flow might be: > > visit your application (cas client checks if user is logged in) > redirect to cas > enter username/password > redirect to your application with username (and optionally some other user > attributes) > > You want to avoid having a user's password. If it is really necessary, it > can be retrieved from CAS. > > Ray > > On Mon, 2019-12-16 at 09:57 -0800, Fernando Gómez wrote: > > > Greetings dear community, I am writing on this occasion for need of > guidance from you. > > I have the following development scheme for an implementation of CAS SSO > V6 for the University. > > > The life cycle that I must implement is as follows: The user enters his > username and password, through POST the data passes to my classes that must > receive the information, encode it and then send it to an external service > of mine that is responsible for validating and to obtain the information of > the user to my database, then my service generates a response that is > returned to the CAS server, and if it is an affirmative answer, CAS allows > the entry, if it is not, it rejects it. > > > In theory there would be no complication but, I don't get the way or the > documentation or an example, how to connect CAS SSO version 6, with my > services, could someone help me guide me with some example some document > that I can analyze to achieve the goal? I have reviewed all of the official > documentation and I do not get how to do it, I have given it many laps and > invested months and nothing, so I come to you to see if someone can only > guide me what route to take, or where to investigate, basically: How do I > do that when the details of the CAS login form are filled in, I send that > information by POST to a class of mine and that class to a service with an > external URL, how do I connect CAS to my JAVA classes? > > > Grateful in advance. > > > > Fernando > > [image: life cicle cas sso elpais.png] > > -- > > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0739a792-7112-419c-9634-e00c60e2f105%40apereo.org.
