[cas-user] Re: CAS 5.3.8 deployment on Wildfly 5.3.8 is succesfull but it makes the wildfly console logging to stop

[P Shreyas Holla]

Correction : WIldFly version 10.0.0 FInal

On Thursday, March 14, 2019 at 10:44:38 AM UTC+5:30, P Shreyas Holla wrote:
>
> Hi,
>
> CAS 5.3.8 deployment on Wildfly 5.3.8 is succesfull but it makes the 
> wildfly console logging to stop with following logs,
>
> WFLYJCA0001: Bound data source [java:/jdbc/WSREGISTRY]
> IJ020018: Enabling  for java:/DB2DSXA
> WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS]
> WFLYJCA0001: Bound data source [java:/DB2DSXA]
> WFLYDS0013: Started FileSystemDeploymentService for directory 
> E:\FusionBanking\FBP531.5\WildFly\wildfly-10.0.0.Final\standalone\deployments
> WFLYSRV0027: Starting deployment of "cas.war" (runtime-name: "cas.war")
> WFLYSRV0027: Starting deployment of "BankFusion.ear" (runtime-name: 
> "BankFusion.ear")
> ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final
> ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final
> ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final
> JBWS022052: Starting JBossWS 5.1.3.Final (Apache CXF 3.1.4)
> WFLYSRV0059: Class Path entry xml-apis.jar in 
> /E:/FusionBanking/FBP531.5/WildFly/wildfly-10.0.0.Final/bin/content/cas.war/WEB-INF/lib/serializer-2.7.2.jar
>   
> does not point to a valid jar for a Class-Path reference.
> WFLYSRV0059: Class Path entry xercesImpl.jar in 
> /E:/FusionBanking/FBP531.5/WildFly/wildfly-10.0.0.Final/bin/content/cas.war/WEB-INF/lib/xalan-2.7.2.jar
>   
> does not point to a valid jar for a Class-Path reference.
> WFLYSRV0059: Class Path entry xml-apis.jar in 
> /E:/FusionBanking/FBP531.5/WildFly/wildfly-10.0.0.Final/bin/content/cas.war/WEB-INF/lib/xalan-2.7.2.jar
>   
> does not point to a valid jar for a Class-Path reference.
> WFLYSRV0059: Class Path entry serializer.jar in 
> /E:/FusionBanking/FBP531.5/WildFly/wildfly-10.0.0.Final/bin/content/cas.war/WEB-INF/lib/xalan-2.7.2.jar
>   
> does not point to a valid jar for a Class-Path reference.
> WFLYEE0007: Not installing optional component 
> org.springframework.http.server.ServletServerHttpAsyncRequestControl due to 
> an exception (enable DEBUG log level to see the cause)
> WFLYEE0007: Not installing optional component 
> org.springframework.web.context.request.async.StandardServletAsyncWebRequest 
> due to an exception (enable DEBUG log level to see the cause)
> WFLYWELD0013: Deployment deployment "cas.war" contains CDI annotations but 
> no bean archive was not found. (No beans.xml nor class with bean defining 
> annotations)
> 2 Spring WebApplicationInitializers detected on classpath
>
> Can someone help on this?
>
> Thanks And Regards,
> Shreyas Holla P.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/47c17f43-2ac1-428d-b240-231b05b23554%40apereo.org.

[cas-user] CAS 5.3.8 deployment on Wildfly 5.3.8 is succesfull but it makes the wildfly console logging to stop

[P Shreyas Holla]

Hi,

CAS 5.3.8 deployment on Wildfly 5.3.8 is succesfull but it makes the 
wildfly console logging to stop with following logs,

WFLYJCA0001: Bound data source [java:/jdbc/WSREGISTRY]
IJ020018: Enabling  for java:/DB2DSXA
WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS]
WFLYJCA0001: Bound data source [java:/DB2DSXA]
WFLYDS0013: Started FileSystemDeploymentService for directory 
E:\FusionBanking\FBP531.5\WildFly\wildfly-10.0.0.Final\standalone\deployments
WFLYSRV0027: Starting deployment of "cas.war" (runtime-name: "cas.war")
WFLYSRV0027: Starting deployment of "BankFusion.ear" (runtime-name: 
"BankFusion.ear")
ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final
ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final
ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final
JBWS022052: Starting JBossWS 5.1.3.Final (Apache CXF 3.1.4)
WFLYSRV0059: Class Path entry xml-apis.jar in 
/E:/FusionBanking/FBP531.5/WildFly/wildfly-10.0.0.Final/bin/content/cas.war/WEB-INF/lib/serializer-2.7.2.jar
  
does not point to a valid jar for a Class-Path reference.
WFLYSRV0059: Class Path entry xercesImpl.jar in 
/E:/FusionBanking/FBP531.5/WildFly/wildfly-10.0.0.Final/bin/content/cas.war/WEB-INF/lib/xalan-2.7.2.jar
  
does not point to a valid jar for a Class-Path reference.
WFLYSRV0059: Class Path entry xml-apis.jar in 
/E:/FusionBanking/FBP531.5/WildFly/wildfly-10.0.0.Final/bin/content/cas.war/WEB-INF/lib/xalan-2.7.2.jar
  
does not point to a valid jar for a Class-Path reference.
WFLYSRV0059: Class Path entry serializer.jar in 
/E:/FusionBanking/FBP531.5/WildFly/wildfly-10.0.0.Final/bin/content/cas.war/WEB-INF/lib/xalan-2.7.2.jar
  
does not point to a valid jar for a Class-Path reference.
WFLYEE0007: Not installing optional component 
org.springframework.http.server.ServletServerHttpAsyncRequestControl due to 
an exception (enable DEBUG log level to see the cause)
WFLYEE0007: Not installing optional component 
org.springframework.web.context.request.async.StandardServletAsyncWebRequest 
due to an exception (enable DEBUG log level to see the cause)
WFLYWELD0013: Deployment deployment "cas.war" contains CDI annotations but 
no bean archive was not found. (No beans.xml nor class with bean defining 
annotations)
2 Spring WebApplicationInitializers detected on classpath

Can someone help on this?

Thanks And Regards,
Shreyas Holla P.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/05864217-3748-45be-aceb-31134d0495ed%40apereo.org.

Re: [cas-user] Re: interfacing CAS with angular 7 applications

[Trenton D. Adams]

It sounds very much like it's open to an easy exploit, where an attacker just says 
"I'm person X, give me access", by overriding the javascript on the client 
side.  Anything done in the browser cannot be trusted, especially when it comes to 
authentication.

On 3/13/19 3:28 AM, Ian Wright wrote:

Yes it is browser client side and does authenticate the client side app against 
CAS without any server side interactions.

What it also allows is, once you've auth'ed the client app, that you can use 
the bearer token to auth against a server side app as well.

On Tuesday, 12 March 2019 22:39:46 UTC, Trenton D. Adams wrote:

So, I mean, as in browser client side.

So are you saying that this module is passing cas validation to the server side 
for the server to do the ticket validation?

On 3/12/19 10:21 AM, Ian Wright wrote:
I'm not quite sure what you mean but yes it's client only.

For context I have an openapi based application using the generator for 
typescript-angular on the client side.

The angular-oauth2-oidc component allows a bearer token to be passed through to 
the server side

My server side is also generated from the openapi spec - I'm using python-flask 
for development and AWS lambda elsewhere - the python-flask generated code 
works out of the box and it's a little more effort for the lambdas but not much.

The openapi 3 spec is as follows:

 securitySchemes:
   OAuthSecurity:
 type: oauth2
 x-tokenInfoUrl: .../oauth2.0/profile
 flows:
   authorizationCode:
 authorizationUrl: .../oauth2.0/authorize
 tokenUrl: .../oauth2.0/accessToken
 scopes:
   myscope: Access all areas


On Tuesday, 12 March 2019 16:08:34 UTC, Trenton D. Adams wrote:

Do you know if this is a client side library only Ian?

On 3/12/19 2:54 AM, Ian Wright wrote:
Short answer is yes.

I'm currently using
"angular-oauth2-oidc": "^4.0.3",
with CAS 5.3.7
I'm using oauth rather than oidc, mainly because I wanted to bypass the 
approval prompt which, at least when I tried it, could be configured for oauth 
but not oidc but IIRC oidc worked fine.

On Monday, 11 March 2019 18:03:54 UTC, maxwell_g wrote:
Has anyone been successful at setting up  “angular-oauth2-oidc” library to 
interface with CAS? We are currently using version CAS 5.2.2 and would like to 
authenticate Angular 7 applications using Oauth and OpenId connect. Would the 
“angular-oauth2-oidc” component be compatible or is there alternative?

Thanks Gary
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+u...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f38bc4f7-59e8-4441-acf5-af490c8adcfe%40apereo.org.

--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195

It is only when you are surrounded by a supportive team, that you can achieve
your best.  Instead of tearing people down, try building them up!

--
This communication is intended for the use of the recipient to whom it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take action 
relying on it. Any communications received in error, or subsequent reply, 
should be deleted or destroyed.
---

--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195

It is only when you are surrounded by a supportive team, that you can achieve
your best.  Instead of tearing people down, try building them up!

--
This communication is intended for the use of the recipient to whom it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the intended 
recipient of this communication, and do not copy, distribute, or take action 
relying on it. Any communications received in error, or subsequent reply, 
should be deleted or destroyed.
---

--
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195

It is only when you are surrounded by a supportive team, that you can achieve
your best.  Instead of tearing people down, try building them up!

--
This communication is intended for the use of the recipient to whom it is 
addressed, and may contain confidential, personal, and or privileged 
information. Please contact us immediately if you are not the 

Re: [cas-user] Re: CAS ver >=6.0.0 is not working for 'TARGET' service parameter

['Robert Bond' via CAS Community]

Dear Mike,

You are the best. It worked! Not sure why I did not have to do this on
previous versions of CAS.
Thanks so much, this has been the last piece preventing me from going
forward with a new deployment of cas using 6.1.0 RC2
You are seriously the best.

How has your deployment of "Banner 9" apps and cas gone?

We are setting up a new CAS cluster using containers k8s with hazelcast
ticket replication

On Wed, Mar 13, 2019 at 9:27 AM mbar...@scad.edu  wrote:

> Robert,
>
> I am very new at this, but I have that functioning in a test environment
> using CAS deployed from the 6.0 branch of the cas-overlay-template.  It's
> working to Ellucian's application navigator and admin common web
> applications.
>
> I added the following to the build.gradle
>
> compile "org.apereo.cas:cas-server-support-saml:${project.'cas.version'}"
>
> and these settings to the cas.properties
>
> --
> cas.samlCore.ticketidSaml2=false
> cas.samlCore.skewAllowance=5
> cas.samlCore.issueLength=30
> cas.samlCore.attributeNamespace=http://www.ja-sig.org/products/cas/
> cas.samlCore.issuer=poc-sso.scad.edu
> cas.samlCore.securityManager=org.apache.xerces.util.SecurityManager
> --
>
> I hope that helps.
>
> -Mike
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/47c08c5a-7dc8-4f73-9316-bb2d280e7822%40apereo.org
> 
> .
>


-- 
Robert Bond
Application Developer / System Administrator
(918) 444-5936
Northeastern State University

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOA9z6pzZSALED%2Bmxg40OxpDLCesNx3jwfU7ZUNQzj8JKgVg9A%40mail.gmail.com.

[cas-user] Re: CAS ver >=6.0.0 is not working for 'TARGET' service parameter

[mbar...@scad.edu]

Robert,

I am very new at this, but I have that functioning in a test environment 
using CAS deployed from the 6.0 branch of the cas-overlay-template.  It's 
working to Ellucian's application navigator and admin common web 
applications.

I added the following to the build.gradle

compile "org.apereo.cas:cas-server-support-saml:${project.'cas.version'}"

and these settings to the cas.properties

--
cas.samlCore.ticketidSaml2=false
cas.samlCore.skewAllowance=5
cas.samlCore.issueLength=30
cas.samlCore.attributeNamespace=http://www.ja-sig.org/products/cas/
cas.samlCore.issuer=poc-sso.scad.edu
cas.samlCore.securityManager=org.apache.xerces.util.SecurityManager
--

I hope that helps.

-Mike

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/47c08c5a-7dc8-4f73-9316-bb2d280e7822%40apereo.org.

[cas-user] Re: CAS 5.3.x, OpenID Connect, Getting 401 on token request

[Andy Ng]

Hello,

Hmm that is very strange, I am still using CAS 5.3.x and POST working fine.

I don't think trying for ID-token directly might not be what you want, 
since ID-token is different than the authentication code flow, so you are 
testing 2 things here.


I do see that your POST is a bit strange, did you put all your parameter on 
the query like so
https://localhost:8543/cas5/oidc/authorize?client_id=demoOIDC_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug=openid_type=code%20id_token_mode=form_post=gb63gw2hmqk

The url should only be https://localhost:8543/cas5/oidc/authorize, and the 
parameter should be sent using other means.

You can use Postman or insomnia or some software like that to help you make 
an proper post request.

If you use Postman:
1. put url as only https://localhost:8543/cas5/oidc/authorize
2 Select POST method
3. Select Body tab
4. Add all your query parameter to the key and value pairs in body


At least that what works for me, see if that works for you too!

Cheers!
- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a373017-cf50-402b-8881-e97b8b93937d%40apereo.org.

[cas-user] Re: CAS SSO with OpenID Connect and CAS protocol

[Andy Ng]

Yup. when you login using either CAS Protocol or OAuth/OpenID protocol it 
will login the other way too.

- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2261e02f-df84-4ed8-b5f2-3050a31a5fc4%40apereo.org.

Re: [cas-user] Re: Advice for getting user from database after OIDC delegated authentication login

[juancho]

Hello Martin,

Thank you very much for sharing it. I'll have a look to undestand it and
adapt it to my needs.

Best regards,
Juan



On Wed, Mar 13, 2019 at 10:02 AM Martin Bohun 
wrote:

> Hi Juan,
>
> We (ALA) are doing exactly that with a custom AuthenticationHandler:
>
> https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L99
>
> Basically one of the "social media" OAuth1.0, OAuth2.0, OICD, SAML, etc.
> does the authentication and returns an email_address, first_name, surname,
> I take the email and check if it already exists in our user DB, if yes, i
> just SignIn the user, if the user does not exist I create the user in the
> DB (SignUp) and then SignIn
>
> We had originally only username/password login (the user credentials are
> stored in mysql DB) so I simply reused all the existing DB beans,
> properties (like the SQL query to get the user with user attributes etc),
> the only addition was the authentication with "social media", and getting
> the email address, from there on it connected to the existing
> username/password login scenario.
>
> kind regards,
>
> martin
>
> On Wednesday, March 13, 2019 at 7:32:48 PM UTC+11, Juan David Sánchez
> wrote:
>>
>> Hi,
>>
>>
>> I’m using Cas with OpenId Connect support. The authentication is
>> deletaged to Azure Active Directory but I also have a user database (which
>> regularly pulls users from the active directory) from which I would like to
>> retrieve some user attributes after a sucessfull login in Azure.
>>
>>
>> I would like to extract the unique_name, which I’m getting from Azure,
>> and then fetch a user from database whose email matches that unique_name,
>> and finally return to the application releasing the user attributes fetched
>> from database.
>>
>>
>> Before throwing myself into a custom development, I would like to ask to
>> the community if there is built-in way in which I could achive this.
>>
>>
>> Thank you for the support
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e1dd9bd-9286-42b0-a71b-884b9ef06b12%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CADtce6PUnVSqW-%2BdtfkZ_by4%3DFasic%3Dac6eQFjAsC92mK9m5Nw%40mail.gmail.com.

Re: [cas-user] Nginx App Protected with CAS SSO

[Pascal Rigaux]

Hi,

I have created a functional nginx-auth-cas-lua, quite simple and more  
similar to mod_auth_cas:

https://github.com/prigaux/nginx-auth-cas-lua .

It is not tested in production yet. But i do have nginx-lua in  
production for https://framagit.org/snippets/2820 .


cu

Pascal Rigaux  a écrit :


Hi,

Look at https://github.com/toshipiazza/ngx-http-cas-client-lua

I may try it in the future:
- I would simplify it a bit by replacing "generate_cookie" with  
using the "ticket" as the cookie (as done in phpCAS, which  
simplifies SLO)

- I also would add "REMOTE_USER" handling

cu

On 11/03/2019 13:30, Fernando Gomez wrote:
Hello, I currently have an APP with apache mod_auth_cas, that  
protects it, but the application in production I have in Nginx, is  
there any way to do something similar to what I already have in  
Nginx?


Thanks in advance



--
Pascal Rigaux

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190313104539.Horde.IR5BS8Apxwq0mRYspRUMq9R%40courrier.univ-paris1.fr.

Re: [cas-user] Re: interfacing CAS with angular 7 applications

[Ian Wright]

Yes it is browser client side and does authenticate the client side app 
against CAS without any server side interactions.

What it also allows is, once you've auth'ed the client app, that you can 
use the bearer token to auth against a server side app as well.

On Tuesday, 12 March 2019 22:39:46 UTC, Trenton D. Adams wrote:
>
> So, I mean, as in browser client side.
>
> So are you saying that this module is passing cas validation to the server 
> side for the server to do the ticket validation?
> On 3/12/19 10:21 AM, Ian Wright wrote:
>
> I'm not quite sure what you mean but yes it's client only.
>
> For context I have an openapi based application using the generator for 
> typescript-angular on the client side.
>
> The angular-oauth2-oidc component allows a bearer token to be passed 
> through to the server side
>
> My server side is also generated from the openapi spec - I'm using 
> python-flask for development and AWS lambda elsewhere - the python-flask 
> generated code works out of the box and it's a little more effort for the 
> lambdas but not much.
>
> The openapi 3 spec is as follows:
>
>   securitySchemes:
> OAuthSecurity:
>   type: oauth2
>   x-tokenInfoUrl: .../oauth2.0/profile
>   flows:
> authorizationCode:
>   authorizationUrl: .../oauth2.0/authorize
>   tokenUrl: .../oauth2.0/accessToken
>   scopes:
> myscope: Access all areas
>
>
> On Tuesday, 12 March 2019 16:08:34 UTC, Trenton D. Adams wrote: 
>>
>> Do you know if this is a client side library only Ian?
>> On 3/12/19 2:54 AM, Ian Wright wrote:
>>
>> Short answer is yes.
>>
>> I'm currently using 
>> "angular-oauth2-oidc": "^4.0.3",
>> with CAS 5.3.7
>> I'm using oauth rather than oidc, mainly because I wanted to bypass the 
>> approval prompt which, at least when I tried it, could be configured for 
>> oauth but not oidc but IIRC oidc worked fine. 
>>
>> On Monday, 11 March 2019 18:03:54 UTC, maxwell_g wrote: 
>>>
>>> Has anyone been successful at setting up  “angular-oauth2-oidc” library 
>>> to interface with CAS? We are currently using version CAS 5.2.2 and would 
>>> like to authenticate Angular 7 applications using Oauth and OpenId connect. 
>>> Would the “angular-oauth2-oidc” component be compatible or is there 
>>> alternative?
>>>
>>>  
>>>
>>> Thanks Gary
>>>
>>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f38bc4f7-59e8-4441-acf5-af490c8adcfe%40apereo.org
>>  
>> 
>> .
>>
>> -- 
>> Trenton D. Adams
>> Senior Systems Analyst/Web Software Developer
>> Applications Unit - ITS
>> Athabasca University
>> (780) 675-6195
>>
>> It is only when you are surrounded by a supportive team, that you can 
>> achieve 
>> your best.  Instead of tearing people down, try building them up!
>>
>> -- 
>>
>> This communication is intended for the use of the recipient to whom it is 
>> addressed, and may contain confidential, personal, and or privileged 
>> information. Please contact us immediately if you are not the intended 
>> recipient of this communication, and do not copy, distribute, or take 
>> action relying on it. Any communications received in error, or subsequent 
>> reply, should be deleted or destroyed. 
>>
>> ---
>>
> -- 
> Trenton D. Adams
> Senior Systems Analyst/Web Software Developer
> Applications Unit - ITS
> Athabasca University
> (780) 675-6195
>
> It is only when you are surrounded by a supportive team, that you can achieve 
> your best.  Instead of tearing people down, try building them up!
>
> -- 
>
> This communication is intended for the use of the recipient to whom it is 
> addressed, and may contain confidential, personal, and or privileged 
> information. Please contact us immediately if you are not the intended 
> recipient of this communication, and do not copy, distribute, or take 
> action relying on it. Any communications received in error, or subsequent 
> reply, should be deleted or destroyed. 
>
> ---
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 

[cas-user] Re: Advice for getting user from database after OIDC delegated authentication login

[Martin Bohun]

Hi Juan,

We (ALA) are doing exactly that with a custom AuthenticationHandler:
https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ALAClientAuthenticationHandler.java#L99

Basically one of the "social media" OAuth1.0, OAuth2.0, OICD, SAML, etc. 
does the authentication and returns an email_address, first_name, surname, 
I take the email and check if it already exists in our user DB, if yes, i 
just SignIn the user, if the user does not exist I create the user in the 
DB (SignUp) and then SignIn

We had originally only username/password login (the user credentials are 
stored in mysql DB) so I simply reused all the existing DB beans, 
properties (like the SQL query to get the user with user attributes etc), 
the only addition was the authentication with "social media", and getting 
the email address, from there on it connected to the existing 
username/password login scenario.

kind regards,

martin

On Wednesday, March 13, 2019 at 7:32:48 PM UTC+11, Juan David Sánchez wrote:
>
> Hi,
>
>
> I’m using Cas with OpenId Connect support. The authentication is deletaged 
> to Azure Active Directory but I also have a user database (which regularly 
> pulls users from the active directory) from which I would like to retrieve 
> some user attributes after a sucessfull login in Azure.
>
>
> I would like to extract the unique_name, which I’m getting from Azure, and 
> then fetch a user from database whose email matches that unique_name, and 
> finally return to the application releasing the user attributes fetched 
> from database.
>
>
> Before throwing myself into a custom development, I would like to ask to 
> the community if there is built-in way in which I could achive this.
>
>
> Thank you for the support
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e1dd9bd-9286-42b0-a71b-884b9ef06b12%40apereo.org.

[cas-user] Advice for getting user from database after OIDC delegated authentication login

[Juan David Sánchez]

 

Hi,


I’m using Cas with OpenId Connect support. The authentication is deletaged 
to Azure Active Directory but I also have a user database (which regularly 
pulls users from the active directory) from which I would like to retrieve 
some user attributes after a sucessfull login in Azure.


I would like to extract the unique_name, which I’m getting from Azure, and 
then fetch a user from database whose email matches that unique_name, and 
finally return to the application releasing the user attributes fetched 
from database.


Before throwing myself into a custom development, I would like to ask to 
the community if there is built-in way in which I could achive this.


Thank you for the support

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0c9ab2b0-265a-46a7-a0b8-b0713378be3e%40apereo.org.