Extending JASIG CAS for Authorization

Question

I have to build a Centralized Authentication And Authorization Service. I am trying to use the JASIG CAS. But its mentioned that its a authentication protocol.My scenario is as follows.

1. My application redirect to cas server on the first access.
2. CAS redirect the user for google authentication
3. User signs in with the desired email and redirect back to CAS

4. At this moment i need to validate the user in my local jdbc store for user enabled or not and if not already registered user, and the email domain is abc.com i need to auto register the user.

5. CAS redirect to the calling service

6. My service do the validateService api call. I would like to get the user authorities for the requested service in the result response from the CAS

Does this scenario can be achieved by CAS, if extension possible for CAS, can someone suggest how to do that, basically the classes that i need to modify

Answer 1

Does this scenario can be achieved by CAS

Jasig CAS is highly customizable and because it is build with spring framework and spring security you can extend it to any your needs.

basically the classes that i need to modify

classes of your interests are:

• PolicyBasedAuthenticationManager

Entry point into authentication subsystem. It accepts one or more credentials and delegates authentication to configured AuthenticationHandler components. It collects the results of each attempt and determines effective security policy.

• AuthenticationHandler

Authenticates a single credential and reports one of three possible results: success, failure, not attempted.

• PrincipalResolver

Converts information in the authentication credential into a security principal that commonly contains additional metadata attributes (i.e. user details such as affiliations, group membership, email, display name).

Jasig CAS is well documented. you should be able to find all information that you need there.