Emis
Reputation: 602
Apereo CAS 7.0.3 - External Custom Identity Provider (Identication delegation)
This is my scenario:
- User tries to reach ServiceA or B
- ServiceA throws an exception(user does not have sso session yet) and redirects User to Cas web form for user input credentials
- User have a choose, to enter username/password in the CAS form or click the link to reach external identity provider portal.
- If user chooses External Identity Provider (EIDP), the user will be redirected to new web page of EIDP for user credentials input. I put redirectURL after success EIDP identificaiton.
- If success identification in EIDP: user will be redirected to redirectURL (for example to serviceA, to serviceB or to my Custom Authentication Service). The EIDP provides ticket in redirect URL to retrieve User Details later. I need here to create new user in DB or if user exists- immediately authenticate via CAS (to create sso session and redirect to Service(A,B)). For that purpose i have created my Custom Authentication Service.
My questions is:
- How to create Cas SSO session via Custom Authentication Service? I'm using here CAS REST API. Maybe it is wrong idea
- How to separate CAS login form username/password and REST API authentication to use different CAS Authentication handlers.
CAS is responsible to create TGC. How to implement this via Custom authentication service?
Upvotes: 0
Views: 91
Answers (0)
Related Questions
- Apereo CAS two-factor authentication with REST
- Apereo CAS integration with other idp platform
- How to implement REST token-based authentication with JAX-RS and Jersey
- How Spring Security Filter Chain works
- Keycloak Custom User Federation and Identity Provider Working Order
- Apereo CAS Protocol: is it allowed for the CAS Server to change the URL?
- SSO with CAS or OAuth?
- CAS - Redirect to custom login page when credentials are wrong
- Forms Authentication with JASIG CAS Custom operation after logon
- Integrating CAS with an external SAML identity provider