Thanks for your suggestion! I don't mind editing cas source code if my use case is specific for me. Because of my use case, I think I will use the less elegant approach for now until I get time to implement the better approach.
-Andy On Wednesday, 16 August 2017 00:53:59 UTC+8, Misagh Moayyed wrote: > > So you're saying: allow Peter to authenticate via Facebook, then come back > to CAS, authenticate and verify credentials and then possibly reject Peter > because he's not allowed? > > You cannot do this without changing source code, but it's strange that you > present an option first only to possibly reject it later. It would be > better if you tied that policy to a service record in CAS where you could > then say: if you want to log into application X, you can use any of the > following authorized providers (because there is code that knows what to > authorize/prepare for each delegated scenario). Also requires code, but I > submit it's the more sensible approach. > > --Misagh > > ------------------------------ > *From: *"Ng Sek Long" <[email protected] <javascript:>> > *To: *"CAS Community" <[email protected] <javascript:>> > *Sent: *Monday, August 14, 2017 7:59:25 PM > *Subject: *[cas-user] Is it possible in my app to allow only authorized > user to use pac4j delegation to login > > Hi all, and first of all, thanks in advance. Here's my problem: > > [*CAS version*]: 5.2.0-RC1 (I need features from this version) > > [*Background*]: > My application used pac4j to allow user to login using for example Fb, > Google Linkedin and such. > > [*Problem*]: > However, only certain users that are authorized are allowed to login using > those pac4j method. However, now I use pac4j as login method everybody can > login. > > [*Question*]: > Is it possible to allow only authorized user to use pac4j authentication? > For example maybe I can use a database, which specified only Peter, Mary > and John can use Fb to login. Then other random people cannot use pac4j as > login method. > > [*Things I tried*]: > I tried to configure this bean: "clientAuthenticationHandler" in > "org.apereo.cas.support.pac4j.config.support.authentication", and I found > out that nothing I can do that can implement what I need. > > I would like to edit this: ClientAuthenticationHandler > -> doAuthentication, and add my customization, but it is not a bean. and I > don't really want to replace any source code. > > > > Any help would be appreciated! > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/8f051eb3-3f84-4e48-aba8-45cdee90dab4%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8f051eb3-3f84-4e48-aba8-45cdee90dab4%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/07ee04a7-fd96-4622-bd62-696275dcf5e6%40apereo.org.
