Hi, About CAS and OAuth interoperability, I would not try to change a proxy ticket into an access token or any other conversion (though I think this may be achieved as they carry similar information).
The point is that the OAuth UI flows (authorization code, implicit) delegate the login process to CAS, so if you are already CAS authenticated, you will be automatically authenticated for OAuth. Does it help? Thanks. Best regards, Jérôme 2016-11-15 19:19 GMT+01:00 Lewis Henderson <[email protected]>: > Probably the cleanest way of doing this is to create RunAsManagers. One to > convert an OAuth2Authentication to a CasAuthenticationToken and one to do > the opposite. > > Does anyone think that this is the correct method? > > On Tuesday, 15 November 2016 16:11:02 UTC, Dmitriy Kopylenko wrote: >> >> That would probably be a question for Jérôme >> >> D. >> >> >> From: Lewis Henderson <[email protected]> >> Reply: [email protected] <[email protected]> >> Date: November 15, 2016 at 10:04:13 AM >> To: CAS Community <[email protected]> >> Cc: [email protected] <[email protected]>, >> [email protected] <[email protected]> >> Subject: Re: [cas-user] Re: CAS and OAuth interoperability >> >> Hi Dimitriy, >> >> I'm not sure how that will help me. >> >> I'm in an application that has currently authenticated and the >> SecurityContextHolder contains a CasAuthenticationToken. >> >> The application is also 'wired' for OAuth. >> >> I would like to forward the current request on to an OAuth2 resource >> service. I assume that I need to remove the ticket parameter and add a >> Bearer authorization header. It is the value of this header that I need to >> retrieve. >> >> It would be nice if I could do it in a similar way to the >> CasAuthenticationToken.getAssertion().getPrincipal().getProxyTicketFor("xxxxxxx") >> does for cas proxy tickets... >> >> >> Cheers >> >> On Tuesday, 15 November 2016 14:23:50 UTC, Dmitriy Kopylenko wrote: >>> >>> There’s this factory API you could try: https://github.com/apereo >>> /cas/blob/master/support/cas-server-support-oauth/src/main/ >>> java/org/apereo/cas/ticket/accesstoken/AccessTokenFactory.java >>> >>> D. >>> >>> >>> From: Lewis Henderson <[email protected]> >>> Reply: [email protected] <[email protected]> >>> Date: November 15, 2016 at 9:11:06 AM >>> To: CAS Community <[email protected]> >>> Subject: [cas-user] Re: CAS and OAuth interoperability >>> >>> Ok, >>> >>> So after trying with a new proxyTicket, it fails with >>> >>> 2016-11-15T13:54:11.561707727Z java.lang.ClassCastException: Ticket >>> [PT-74-1LaIaLLzAZaJBte9SXzU-f63a5c259f31 is of type class >>> org.apereo.cas.ticket.ProxyTicketImpl when we were expecting interface >>> org.apereo.cas.ticket.accesstoken.AccessToken >>> >>> understandably! >>> >>> So, now the question is, how do I swap a CAS ticket for a OAuth token? >>> >>> >>> Cheers >>> >>> >>> >>> On Tuesday, 15 November 2016 12:31:45 UTC, Lewis Henderson wrote: >>>> >>>> Everything is Spring Cloud based. >>>> >>>> I have a CAS 5.0.0 service sitting behind a Zuul Gateway. >>>> >>>> All the OAuth secured applications work properly! >>>> >>>> >>>> I have an external CAS client that needs to talk to an OAuth resource >>>> server behind Zuul via a proxyTicket. >>>> >>>> The CAS client successfully authenticates against the Gateway and >>>> receives it's proxyTicket and needs to now get a Bearer token to talk to >>>> the resource server. >>>> >>>> How do I go about this? Is the proxyTicket equivalent to the Bearer >>>> token, can I just pass that on? >>>> >>>> I'm so close!!!! >>>> >>>> >>>> >>>> Cheers >>>> >>> -- >>> - CAS gitter chatroom: https://gitter.im/apereo/cas >>> - CAS mailing list guidelines: https://apereo.github.io/cas/M >>> ailing-Lists.html >>> - CAS documentation website: https://apereo.github.io/cas >>> - CAS project website: https://github.com/apereo/cas >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/a/ap >>> ereo.org/d/msgid/cas-user/d1b7a656-07e7-41f4-8088-098b4815b2 >>> 45%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1b7a656-07e7-41f4-8088-098b4815b245%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: https://apereo.github.io/cas/M >> ailing-Lists.html >> - CAS documentation website: https://apereo.github.io/cas >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/a/ap >> ereo.org/d/msgid/cas-user/e3ee8599-61ad-4bbf-8cb3-3b7d47d90e >> 38%40apereo.org >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3ee8599-61ad-4bbf-8cb3-3b7d47d90e38%40apereo.org?utm_medium=email&utm_source=footer> >> . >> >> -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/423b55fe-bcb1-4010-bcc5- > 3fbfe1fec361%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/423b55fe-bcb1-4010-bcc5-3fbfe1fec361%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LwKEjQ6z9yt3-K--YY8KD3%2B4Z-TU_2uoSFW1pvhfBTofg%40mail.gmail.com.
