[cas-user] Re: Overlay and custom webflow

2022-01-26 Thread Pablo Vidaurri 
I struggled with the same. With help from this community, going thru some 
cas code, and reading thru springboot docs I was finally able to get thru 
it. I'll try to summarize.

There is a default login webflow already defined for you. What I did was 
let the default flow execute but then intercepted the last transition from 
REAL_SUBMIT -> TickgetGrantingTicket. So now the flow looks like 
DEFAULT_WEBFLOW->REAL_SUBMIT->MY_CUSTOM_WEBFLOW->TICKET_GRANTING_TICKET. My 
custom webflow consist of a dozen or so actions.

1) First you need to define a Configurer class, see cas doc 
SomethingWebflowConfigurer 

 as 
an example. The main point in hooking your webflow with something like:
createTransitionForState(realsubmit, 
CasWebflowConstants.STATE_ID_SUCCESS, , true);
 Then create your new action and handling each transition your action 
is capable of returning:
val newActionState = createActionState(flow, 
 , );   //step1Action is the name of your 
action class Step1Action that you have autowired
createTransitionForState(newActionState, 
CasWebflowConstants.STATE_ID_SUCCESS, );
createTransitionForState(newActionState, "error", 
https://github.com/apereo/cas/blob/6e29bc0001e3c304375efc5f8cbb04918d8f8691/support/cas-server-support-yubikey-core/src/main/java/org/apereo/cas/adaptors/yubikey/web/flow/YubiKeyAuthenticationWebflowAction.java>
 
to model you class from. Place your logic inside of doExecute(). You 
doExecute must return an event. To keep it simple let say it all goes well 
or it fails. In such case either return success or error:
if(allGoo) {
 return super.success();
   } else {
super.error();
   }

3) Finally, at your final step of your custom webflow, you want to go back 
tot he TicketGrantingTicket
 val newActionState = createActionState(flow, 
,  < step2Action  >  );  //step2Action is the name 
of your action class Step2Action that you have autowired
createTransitionForState(newActionState, 
CasWebflowConstants.STATE_ID_SUCCESS, 
CasWebflowConstants.STATE_ID_CREATE_TICKET_GRANTING_TICKET);

4) Next, you'll need to tell spring about your configuration. Create a 
spring.factories file inside src/main/resources/META-INF. Include a 
reference to your configurer class:
org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
org.apereo.cas.config.Step1Configurer,\
org.apereo.cas.config.Step2Configurer

Good luck, hope this provides some useful insight.
-psv


On Wednesday, January 26, 2022 at 10:50:55 AM UTC-6 spfma...@e.mail.fr 
wrote:

> Hi,
>  
> I am trying to replace an old CAS 3.5, and having been far from this 
> product during all these years, things have changed a lot !
>  
> After some trials and errors, I was able to clone the overlay repo, 
> extract the fragments I needed to customize and build the WAR.
>  
> Then I managed to add the required dependencies to get a working LDAP auth 
> source (unfortunately without pooling) and a JSON services registry, and 
> build a more complete WAR.
>  
> But now I am facing a problem I can not solve : the old CAS had some 
> customized webflow and some Java code to provide dynamic authentication 
> depending on a list of network addresses (either direct LDAP or SPNEGO) 
>  
> I guess adapting this part will be something, but right now I am 
> struggling at the very first step !
>  
> Wanting to give a try to this example : 
> https://apereo.github.io/cas/6.4.x/webflow/Webflow-Customization-Extensions.html
>  I 
> am not able to compile " SomethingConfiguration" and I get the following 
> errors :
>  
> /opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:5: 
> error: cannot find symbol
> public class SomethingConfiguration implements 
> CasWebflowExecutionPlanConfigurer {
> ^
> symbol: class CasWebflowExecutionPlanConfigurer
> /opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:3: 
> error: cannot find symbol
> @Configuration("somethingConfiguration")
> ^
> symbol: class Configuration
> /opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:4: 
> error: cannot find symbol
> @EnableConfigurationProperties(CasConfigurationProperties.class)
> ^
> symbol: class EnableConfigurationProperties
> /opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:8: 
> error: cannot find symbol
> private CasConfigurationProperties casProperties;
> ^
> symbol: class CasConfigurationProperties
> location: class SomethingConfiguration
> /opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:12: 
> error: cannot find symbol
> private FlowDefinitionRegistry loginFlowDefinitionRegistry;
> ^
> symbol: class FlowDefinitionRegistry
> lo

[cas-user] CAS Shibboleth, check user attribute before granting acess

2022-01-26 Thread Pablo Vidaurri 
Currently using standalone shib. I have a configuration in flow/intercept 
to check for a user attribute. If it is not a certain value, then we deny 
him access to the app he trying to log into. Shib allows me to define the 
entity-id in rely party to force this check, so I can decide which service 
needs this attribute set.

Now, trying to use CAS-Shib. How can I do the same?
1) Check user attribute, if not value "X" then display message that he 
needs to do something first.
2) Be able to define which SAML service needs this attribute set.

Thanks.
-psv

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1c29502f-388f-4e2a-b99f-8eb5591dab48n%40apereo.org.

[cas-user] Hide authentication providers

2022-01-26 Thread 'Oscar Alonso' via CAS Community 
Hi,

This may already be answered somewhere but I've gone crazy looking in the 
documentation and can't find it.

Is it possible to hide the authentication methods that are not allowed for 
a registered service so that they do not appear in the CAS login menu?

I mean, if I have defined on one hand an LDAP authentication handler (and 
named it), and on the other hand delegated authentication through Pac4j to 
a SAML IdP, is it possible to define in the registered service that each 
one only sees in the menu its allowed authentication method?

I have managed to make the automatic redirection in the case of the service 
with delegated authentication (which is fine), but I would like to avoid 
the external authentication provider appearing in the menu for the other 
case.

I know (and checked) that authenticating through a not allowed 
authentication handler is denied, but I want to have a login screen as 
clean as possible.

Thanks in advance.

BTW, my CAS version is 6.4.5.

Best regards,
Oscar.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b159cf9-e3fa-4040-9c07-b673a6a24f08n%40apereo.org.

[cas-user] Overlay and custom webflow

2022-01-26 Thread spfma . tech 
Hi,   I am trying to replace an old CAS 3.5, and having been far from this 
product during all these years, things have changed a lot !   After some trials 
and errors, I was able to clone the overlay repo, extract the fragments I 
needed to customize and build the WAR.   Then I managed to add the required 
dependencies to get a working LDAP auth source (unfortunately without pooling) 
and a JSON services registry, and build a more complete WAR.   But now I am 
facing a problem I can not solve : the old CAS had some customized webflow and 
some Java code to provide dynamic authentication depending on a list of network 
addresses (either direct LDAP or SPNEGO)I guess adapting this part will be 
something, but right now I am struggling at the very first step !   Wanting to 
give a try to this example : 
https://apereo.github.io/cas/6.4.x/webflow/Webflow-Customization-Extensions.html
 I am not able to compile " SomethingConfiguration" and I get the following 
errors :   
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:5: 
error: cannot find symbol
public class SomethingConfiguration implements 
CasWebflowExecutionPlanConfigurer {
^
symbol: class CasWebflowExecutionPlanConfigurer
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:3: 
error: cannot find symbol
@Configuration("somethingConfiguration")
^
symbol: class Configuration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:4: 
error: cannot find symbol
@EnableConfigurationProperties(CasConfigurationProperties.class)
^
symbol: class EnableConfigurationProperties
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:8: 
error: cannot find symbol
private CasConfigurationProperties casProperties;
^
symbol: class CasConfigurationProperties
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:12: 
error: cannot find symbol
private FlowDefinitionRegistry loginFlowDefinitionRegistry;
^
symbol: class FlowDefinitionRegistry
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:15: 
error: cannot find symbol
private ApplicationContext applicationContext;
^
symbol: class ApplicationContext
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:18: 
error: cannot find symbol
private FlowBuilderServices flowBuilderServices;
^
symbol: class FlowBuilderServices
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:22: 
error: cannot find symbol
public CasWebflowConfigurer somethingWebflowConfigurer() {
^
symbol: class CasWebflowConfigurer
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:28: 
error: cannot find symbol
public void configureWebflowExecutionPlan(final CasWebflowExecutionPlan plan) {
^
symbol: class CasWebflowExecutionPlan
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:4: 
error: cannot find symbol
@EnableConfigurationProperties(CasConfigurationProperties.class)
^
symbol: class CasConfigurationProperties
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:7: 
error: cannot find symbol
@Autowired
^
symbol: class Autowired
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:10: 
error: cannot find symbol
@Autowired
^
symbol: class Autowired
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:11: 
error: cannot find symbol
@Qualifier("loginFlowRegistry")
^
symbol: class Qualifier
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:14: 
error: cannot find symbol
@Autowired
^
symbol: class Autowired
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:17: 
error: cannot find symbol
@Autowired
^
symbol: class Autowired
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:20: 
error: cannot find symbol
@ConditionalOnMissingBean(name = "somethingWebflowConfigurer")
^
symbol: class ConditionalOnMissingBean
location: class SomethingConfiguration
/opt/cas/src/main/java/org/example/something/SomethingConfiguration.java:21: 
error: cannot find symbol
@Bean
^
symbol: class Bean
location: class SomethingConfiguration   It seems SpringBoot dependencies are 
not satisfied (I discovered all the concepts ten days ago so I might be wrong) 
but after "finding", "greping" and adding dozens of combinations like these, 
nothing has improved :   implementation 
"org.apereo.cas:cas-server-core-api-configuration-model:${project.'cas.version'}"
implementation 
"org.apereo.cas:cas-server-core-configuration:${project.'cas.version'}