Hi Ray Bon, Thankyou for suggestion, what I noticed that if the CustomDelegatedClientAuthenticationHandler fails to authenticate a credential then CAS picks next handler that is DelegatedAuthenticationHandler and authenticate the credential. is there a way I can tell CAS not to pick DelegatedAuthenticationHandler at all?
Thankyou On Friday, November 8, 2024 at 8:23:20 AM UTC+5:30 Ray Bon wrote: > Tausif, > > Check out springframework sortOrder. It should affect the order of bean > creation. (It goes in the Configurer.) > However if the default handlers list is actually a set ... > > Ray > > On Thu, 2024-11-07 at 10:32 -0800, Tausif Iqbal wrote: > > You don't often get email from [email protected]. Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification> > > Hi Ray Bon, > Thank you for the link, > after spending some time I am able to write a > CustomDelegatedClientAuthenticationHandler and register it. > now the issue is when I start the cas overlay somtime it picks > DelegatedClientAuthenticationHandler and sometime > CustomDelegatedClientAuthenticationHandler depending upon the order in the > Default Handlers list > > *[ProxyAuthenticationHandler,DelegatedClientAuthenticationHandler,CustomDelegatedClientAuthenticationHandler,QueryDatabaseAuthenticationHandler,Static > > Credentials] or > **[ProxyAuthenticationHandler,CustomDelegatedClientAuthenticationHandler,DelegatedClientAuthenticationHandler,QueryDatabaseAuthenticationHandler,Static > > Credentials] is there way I can fix the order of handlers in the list? * > Thankyou > Tausif > > On Tuesday, November 5, 2024 at 12:11:31 AM UTC+5:30 Ray Bon wrote: > > Tausif, > > There are things you can do before and after authentication. see > https://apereo.github.io/cas/7.1.x/authentication/Configuring-Authentication-Components.html > > Ray > > On Sun, 2024-11-03 at 03:57 -0800, Tausif Iqbal wrote: > > You don't often get email from [email protected] why this is > important <https://aka.ms/LearnAboutSenderIdentification> > > Hi Ng Sek Long, > > I am also trying to do something similar, I already have database setup > for authentication, now I want to add google OAuth on top of it, so that > genuine user can directly login without typing credential, but now the > issue is anyone can login with google OAuth. > > Could you let me know what steps you followed to achieve this? > > Thanks in advance > > > On Wednesday, August 16, 2017 at 6:46:14 AM UTC+5:30 Ng Sek Long wrote: > > Thanks for your suggestion! I don't mind editing cas source code if my use > case is specific for me. Because of my use case, I think I will use the > less elegant approach for now until I get time to implement the better > approach. > > -Andy > > > On Wednesday, 16 August 2017 00:53:59 UTC+8, Misagh Moayyed wrote: > > So you're saying: allow Peter to authenticate via Facebook, then come back > to CAS, authenticate and verify credentials and then possibly reject Peter > because he's not allowed? > > You cannot do this without changing source code, but it's strange that you > present an option first only to possibly reject it later. It would be > better if you tied that policy to a service record in CAS where you could > then say: if you want to log into application X, you can use any of the > following authorized providers (because there is code that knows what to > authorize/prepare for each delegated scenario). Also requires code, but I > submit it's the more sensible approach. > > --Misagh > > ------------------------------ > *From: *"Ng Sek Long" <[email protected]> > *To: *"CAS Community" <[email protected]> > *Sent: *Monday, August 14, 2017 7:59:25 PM > *Subject: *[cas-user] Is it possible in my app to allow only authorized > user to use pac4j delegation to login > > Hi all, and first of all, thanks in advance. Here's my problem: > > [*CAS version*]: 5.2.0-RC1 (I need features from this version) > > [*Background*]: > My application used pac4j to allow user to login using for example Fb, > Google Linkedin and such. > > [*Problem*]: > However, only certain users that are authorized are allowed to login using > those pac4j method. However, now I use pac4j as login method everybody can > login. > > [*Question*]: > Is it possible to allow only authorized user to use pac4j authentication? > For example maybe I can use a database, which specified only Peter, Mary > and John can use Fb to login. Then other random people cannot use pac4j as > login method. > > [*Things I tried*]: > I tried to configure this bean: "clientAuthenticationHandler" in > "org.apereo.cas.support.pac4j.config.support.authentication", and I found > out that nothing I can do that can implement what I need. > > I would like to edit this: ClientAuthenticationHandler > -> doAuthentication, and add my customization, but it is not a bean. and I > don't really want to replace any source code. > > > > Any help would be appreciated! > > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/84bf5dc6-600a-447f-9ce4-bc81f43e16d6n%40apereo.org.
