So you're saying: allow Peter to authenticate via Facebook, then come back to CAS, authenticate and verify credentials and then possibly reject Peter because he's not allowed?
You cannot do this without changing source code, but it's strange that you present an option first only to possibly reject it later. It would be better if you tied that policy to a service record in CAS where you could then say: if you want to log into application X, you can use any of the following authorized providers (because there is code that knows what to authorize/prepare for each delegated scenario). Also requires code, but I submit it's the more sensible approach. --Misagh From: "Ng Sek Long" <[email protected]> To: "CAS Community" <[email protected]> Sent: Monday, August 14, 2017 7:59:25 PM Subject: [cas-user] Is it possible in my app to allow only authorized user to use pac4j delegation to login Hi all, and first of all, thanks in advance. Here's my problem: [ CAS version ]: 5.2.0-RC1 (I need features from this version) [ Background ]: My application used pac4j to allow user to login using for example Fb, Google Linkedin and such. [ Problem ]: However, only certain users that are authorized are allowed to login using those pac4j method. However, now I use pac4j as login method everybody can login. [ Question ]: Is it possible to allow only authorized user to use pac4j authentication? For example maybe I can use a database, which specified only Peter, Mary and John can use Fb to login. Then other random people cannot use pac4j as login method. [ Things I tried ]: I tried to configure this bean: "clientAuthenticationHandler" in "org.apereo.cas.support.pac4j.config.support.authentication", and I found out that nothing I can do that can implement what I need. I would like to edit this: ClientAuthenticationHandler -> doAuthentication, and add my customization, but it is not a bean. and I don't really want to replace any source code. Any help would be appreciated! -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8f051eb3-3f84-4e48-aba8-45cdee90dab4%40apereo.org . -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/322829933.3724913.1502816034949.JavaMail.zimbra%40unicon.net.
