[cas-user] Additional step for login via Delegate Authentication

Tue, 02 Jul 2024 03:03:21 -0700 

Dear CAS community,

In  my project users can register/log-in with either a username/password 
(implemented via Database Authentication 
<https://apereo.github.io/cas/6.6.x/authentication/Database-Authentication.htm> 
or 
a Google account (implemented via the Delegate Authentication 
<https://apereo.github.io/cas/6.6.x/integration/Delegate-Authentication-Google.html>
.
For the delegate authentication, we save the user profile in a database via 
a REST Provisioner 
<https://apereo.github.io/cas/6.6.x/integration/Delegate-Authentication-Provisioning.html#rest-provisioner>
.

The configuration looks like this.
cas:
  authn:
    pac4j:
      provisioning:
        rest:
          method: POST
          url: http://<some-user-management-service>
      google:
        id: <google-id>
        secret: <google-secret>


A requested feature is for administrators of the application to be able to 
disable users so that they are not allowed to log in. 
This is straightforward to implement for Database authentication (by 
checking a flag in the database for each user)) but I can't figure out how 
to do it for the Delegate Authentication. I tried to return an HTTP error 
code from the provisioning REST endpoint but it is not taken into account 
(I assumed that if the provisioning failed the user wouldn't be allowed to 
log in).
Does anyone have an idea how to do it? 
I could use my endpoint http://<some-user-management-service> to check if a 
user is disabled or not but couldn't figure out where to call it.
Would one of the solution be to use a Groovy script for "Delegated 
Authentication Post Processing" 
<https://apereo.github.io/cas/6.6.x/integration/Delegate-Authentication-PostProcessing.html>
 or 
"Extending CAS Webflow" 
<https://apereo.github.io/cas/6.6.x/webflow/Webflow-Customization-Extensions.html#extending-cas-webflow>
.

Thanks!
Franck

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a14e454e-fe08-4a68-a693-4757f32040cen%40apereo.org.

Reply via email to