Fernando, CAS can connect to the database for authentication, https://apereo.github.io/cas/6.1.x/installation/Database-Authentication.html It can also get attributes from a database, https://apereo.github.io/cas/6.1.x/integration/Attribute-Resolution.html which can be released to your application with SAML1.1 or CAS protocol v3, https://apereo.github.io/cas/6.1.x/protocol/Protocol-Overview.html
You say 'What I use for login is the CAS', then you say, 'I have to solve is the authentication'. Login with CAS _is_ authentication. Do you mean authorization? That is, what actions a user might perform in your application (read data, update data etc.)? If you are trying to restrict user access to your application, CAS can do that with attributes from the database. In the service definition, you can say a user must have this attribute and value to log in, https://apereo.github.io/cas/6.1.x/services/Configuring-Service-Access-Strategy.html The roll of CAS comes first, is the user whom they claim to be? If yes, then your application has to determine what the user can do. Just in case your application has to make calls to another application (not to a database), there is the proxy flow that CAS offers, https://apereo.github.io/cas/6.1.x/installation/Configuring-Proxy-Authentication.html I hope this clears things up. Ray On Mon, 2019-12-16 at 10:41 -0800, Fernando Gómez wrote: Hi Ray, I really appreciate you answering me; It is possible that I explained myself badly, for my implementation and for this post, I am abstracting from the client, assuming that it already exists as indeed it is. What I use for login is the CAS but what I have to solve is the authentication, that process cannot be done to CAS, I must use my external services that go against my database, the user looks for compares the user and password and it returns a result which I pass it to the CAS server, and CAS must generate the tickets to be able to enter my application that I already have, my doubts is how do I tell CAS to check my external service? El lunes, 16 de diciembre de 2019, 15:15:26 (UTC-3), rbon escribió: Fernando, The purpose of CAS is to eliminate your application's login page. For your application to use CAS, it needs a CAS client, https://apereo.github.io/cas/6.1.x/integration/CAS-Clients.html A simplified CAS login flow might be: visit your application (cas client checks if user is logged in) redirect to cas enter username/password redirect to your application with username (and optionally some other user attributes) You want to avoid having a user's password. If it is really necessary, it can be retrieved from CAS. Ray On Mon, 2019-12-16 at 09:57 -0800, Fernando Gómez wrote: Greetings dear community, I am writing on this occasion for need of guidance from you. I have the following development scheme for an implementation of CAS SSO V6 for the University. The life cycle that I must implement is as follows: The user enters his username and password, through POST the data passes to my classes that must receive the information, encode it and then send it to an external service of mine that is responsible for validating and to obtain the information of the user to my database, then my service generates a response that is returned to the CAS server, and if it is an affirmative answer, CAS allows the entry, if it is not, it rejects it. In theory there would be no complication but, I don't get the way or the documentation or an example, how to connect CAS SSO version 6, with my services, could someone help me guide me with some example some document that I can analyze to achieve the goal? I have reviewed all of the official documentation and I do not get how to do it, I have given it many laps and invested months and nothing, so I come to you to see if someone can only guide me what route to take, or where to investigate, basically: How do I do that when the details of the CAS login form are filled in, I send that information by POST to a class of mine and that class to a service with an external URL, how do I connect CAS to my JAVA classes? Grateful in advance. Fernando [life cicle cas sso elpais.png] -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<javascript:> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2514203b1bcb3a33063dbddb352243a452565ec4.camel%40uvic.ca.
