Reputation: 2631
cas delegated authenticaion: dynamic client id and secret in cas pac4j
I've cas configuration as below
cas.authn.pac4j.typed-id-used=true
cas.authn.pac4j.oauth2[0].principal-attribute-id=preferred_username
cas.authn.pac4j.oauth2[0].id=xxxxxxxxxxxxxx
cas.authn.pac4j.oauth2[0].secret=xxxxxxxxxx
cas.authn.pac4j.oauth2[0].client-name=salesforce
cas.authn.pac4j.oauth2[0].auth-url=https://login.salesforce.com/services/oauth2/authorize
cas.authn.pac4j.oauth2[0].token-url=https://login.salesforce.com/services/oauth2/token
cas.authn.pac4j.oauth2[0].profile-url=https://login.salesforce.com/services/oauth2/userinfo
cas.authn.pac4j.oauth2[0].use-path-based-callback-url=false
cas.authn.pac4j.oauth2[0].profile-attrs.preferred_username=preferred_username
In the login page I need to get the user email-id and based on email id fetch the client id and secret from database and then use in redirect-url.
Is it possible to achieve this?
Upvotes: 1
Views: 469
Answers (1)
Reputation: 4318
I need to get the user email-id and based on email id fetch the client id and secret from database and then use in redirect-url.
There is no way in CAS to modify the redirection-url for delegated authentication. The redirection-urls are built and calculated using pac4j automatically, and there is not a way out-of-the-box to dynamically manipulate that URL.
To accommodate this, you cannot rely on CAS creating pac4j clients for you automatically. Instead, you need to create your own pac4j clients manually. This means:
- You will need to design a Spring configuration class
- You will have to create and inject your own client into CAS
- You will need to modify your newly-built client with a special implementation of
RedirectionActionBuilder. Every client object has access to aRedirectionActionBuilderthat knows how to build redirect-urls. You will need to write your own to make changes to the redirect-url.
CAS will eventually execute this code to make the redirection happen:
final View result;
final RedirectAction action = client.getRedirectAction(webContext);
if (RedirectAction.RedirectType.SUCCESS.equals(action.getType())) {
result = new DynamicHtmlView(action.getContent());
} else {
final URIBuilder builder = new URIBuilder(action.getLocation());
final String url = builder.toString();
LOGGER.debug("Redirecting client [{}] to [{}] based on identifier [{}]", client.getName(), url, ticket.getId());
result = new RedirectView(url);
}
The key line is client.getRedirectAction(webContext);, which is where the redirect-action is used and if your client is using your own implementation of that concept, then that would be the one to determine the final URL.
Alternatively, you can modify the DelegatedClientNavigationController.java in your overlay and manipulate the url (and the above code) as you like.
Upvotes: 0
Related Questions
- Apereo CAS 5.3.x: how to get logged user, from CAS server, after login in java cas client
- CAS for multiple clients of same name on multiple instances
- CAS Custom Authentication Handler Principal JSON Problem
- Acceptable Usage policy issue with delegate authentication
- Restful CAS client and Proxy Granting Tickets
- CAS clients over HTTP
- CAS client contacts CAS server for every request
- Authentication with CAS for rest service call
- authentication on CAS Server by using JAAS
- CAS Services ACL