Hello, I would like a few pointers - or possible a suggestion to where to get further help.
I have some users that are authenticated via OpenID delegates (works) and some users that are authenticated via a web service to a central database. I also need to let the user pick a "role" before the authentication concludes. I must decide via which auth route to take based on a webservice call using their email address. 1. USER enter email 1b. CAS call webservice to lookup account type 1c. if(password) then (goto 3) if(google openid) then (goto 2) end if 2. CAS trigger openid client delegate 2b. CAS collect user profile 2c. goto 4 3. USER enter password 3b. CAS authenticate using username and password to webservice 3c. goto 4. 4. CAS lookup roles using webservice 4a. USER choose role 4b. define a Principle that includes the email address and attributes based on the role chosen 5. login complete, grant tickets and service access etc. In order to provide these components I just need to gain a better understanding of the CAS Terminology that describes the workings. I will use a simple webflow and actions to perform all of (1) I already have working the openid client for (2), i just need to wire it up in the scheme. I can use a custom Handler to make the authentication call for (3) I will use a policy that appreciates the state of either (2) or (3) and only authenticates properly when (4) has been concluded also. I will use a sub-flow and actions to perform the role choosing components in the form of a RoleChoiceCredential and a custom handler for that to to implement (4) I think I can use a custom PrincipleResolver to solve (4b) but haven't quite worked out how to glue together the results of a few stages of the authentication My current understanding fails at the follow points: Looking at the source: within AuthenticationViaFormAction.submit(...) I can see whole heap of internal logic to do with tickets and cookies etc that I don't want to break the functionality of. E.g. isRequestAskingForServiceTicket(...) & grantServiceTicket(...) Do these need to be retained somewhere? I don't see these being used in other login actions (such as x509) Any pointers would be appreciated. Thanks Rob -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6d70c068-4af9-4088-8fa6-7c7ff4126ca7%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
