Re: [cas-user] Re: SPNEGO Client Selection Strategy

2018-05-28 Thread Charles Le Gallic 
Hi,

I'm glad to see that you confirm the bug. I'll try to make a Pull Request, 
but I need to setup a full CAS dev env before.

Regards,

Charles


Le mercredi 23 mai 2018 18:59:17 UTC+2, Christian Poirier a écrit :
>
> I think I know what you mean by "is buggy". I check the code and it misses 
> something. The webflow is not configured correctly even if you configure to 
> use hostname filter and/or IP address filter. It just jumps directly to 
> SPNEGO negotiate transition. I corrected this with the changes I made to 
> the code. There was no way to choose to go directly to SPNEGO or evaluate 
> the client before starts SPNEGO.
>
> Christian Poirier
> Mobile: 418-473-2824
>
> 2018-05-23 1:58 GMT-04:00 Charles Le Gallic  >:
>
>> Ok thanks. Let me know if you can confirm that current native 
>> implementation is buggy.
>>
>> Regards,
>>
>> Charles
>>
>> <http://www.amoae.com/>
>> 12, impasse du Malrigou, 31140 Montberon 
>> <https://maps.google.com/?q=12,+impasse+du+Malrigou,%C2%A031140+Montberon&entry=gmail&source=g>
>> con...@amoae.com  | 06 24 73 04 98 | *amoae.com* 
>> <http://amoae.com/>
>>
>>
>> Le mer. 23 mai 2018 à 04:46, Christian Poirier > > a écrit :
>>
>>> Hi Charles
>>>
>>> Yes I did, but with my own development and my properties. I will check 
>>> if I can implement with Client Access Strategy by implementing my own 
>>> SPNEGO Service Access Strategy
>>>
>>> Christian Poirier
>>> Mobile: 418-473-2824
>>>
>>> 2018-05-22 1:58 GMT-04:00 Charles Le Gallic >> >:
>>>
>>>> Hi Christian,
>>>>
>>>> Did you achieved to make IP based SPNEGO client selection works on CAS 
>>>> 5.x ?
>>>>
>>>> In that case, is there any other configuration to setup in addition to 
>>>> cas.properties configuration ?
>>>>
>>>> Regards,
>>>>
>>>> Charles
>>>>
>>>> <http://www.amoae.com/>
>>>> 12, impasse du Malrigou, 31140 Montberon 
>>>> <https://maps.google.com/?q=12,+impasse+du+Malrigou,%C2%A031140+Montberon&entry=gmail&source=g>
>>>> con...@amoae.com  | 06 24 73 04 98 | *amoae.com* 
>>>> <http://amoae.com/>
>>>>
>>>>
>>>> Le ven. 18 mai 2018 à 14:14, Christian Poirier >>> > a écrit :
>>>>
>>>>> Hi Charles
>>>>>
>>>>> I am using the 5.3.0-RC3. I illustrated the webflow to see the logic. 
>>>>> The webflow logic is built in the code.
>>>>> I will check if the implementation based on a 
>>>>> RegisteredServiceAccessStrategy is possible.
>>>>>
>>>>> Christian Poirier
>>>>> Mobile: 418-473-2824
>>>>>
>>>>> 2018-05-18 1:28 GMT-04:00 Charles Le Gallic >>>> >:
>>>>>
>>>>>> Hi Christian,
>>>>>>
>>>>>> Which version of CAS do you use ?
>>>>>>
>>>>>> It seems to be a version below CAS 5.0.x (org.jasig packages and XML 
>>>>>> spring configurations). SPNEGO client selection strategy was working on 
>>>>>> 4.x 
>>>>>> version, but I cannot make it work after having upgrade to CAS 5.1.x
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Charles
>>>>>>
>>>>>> <http://www.amoae.com/>
>>>>>> 12, impasse du Malrigou, 31140 Montberon 
>>>>>> <https://maps.google.com/?q=12,+impasse+du+Malrigou,%C2%A031140+Montberon&entry=gmail&source=g>
>>>>>> con...@amoae.com  | 06 24 73 04 98 | *amoae.com* 
>>>>>> <http://amoae.com/>
>>>>>>
>>>>>>
>>>>>> Le jeu. 17 mai 2018 à 15:25, Christian Poirier >>>>> > a écrit :
>>>>>>
>>>>>>> Hi Nicolas,
>>>>>>>
>>>>>>> In our organization, we need to let the user choose between the 
>>>>>>> default login and SPNEGO upon a list of criteria and sometimes we need 
>>>>>>> to 
>>>>>>> go directly to the SPNEGO authentication upon other criteria. For this 
>>>>>>> feature, I extended the SPNEGO module. I show a button with the label 
>>>>>>> "LO

Re: [cas-user] Re: SPNEGO Client Selection Strategy

2018-05-22 Thread Charles Le Gallic 
Ok thanks. Let me know if you can confirm that current native
implementation is buggy.

Regards,

Charles

<http://www.amoae.com/>
12, impasse du Malrigou, 31140 Montberon
cont...@amoae.com | 06 24 73 04 98 | *amoae.com* <http://amoae.com/>


Le mer. 23 mai 2018 à 04:46, Christian Poirier  a
écrit :

> Hi Charles
>
> Yes I did, but with my own development and my properties. I will check if
> I can implement with Client Access Strategy by implementing my own SPNEGO
> Service Access Strategy
>
> Christian Poirier
> Mobile: 418-473-2824
>
> 2018-05-22 1:58 GMT-04:00 Charles Le Gallic :
>
>> Hi Christian,
>>
>> Did you achieved to make IP based SPNEGO client selection works on CAS
>> 5.x ?
>>
>> In that case, is there any other configuration to setup in addition to
>> cas.properties configuration ?
>>
>> Regards,
>>
>> Charles
>>
>> <http://www.amoae.com/>
>> 12, impasse du Malrigou, 31140 Montberon
>> <https://maps.google.com/?q=12,+impasse+du+Malrigou,%C2%A031140+Montberon&entry=gmail&source=g>
>> cont...@amoae.com | 06 24 73 04 98 | *amoae.com* <http://amoae.com/>
>>
>>
>> Le ven. 18 mai 2018 à 14:14, Christian Poirier  a
>> écrit :
>>
>>> Hi Charles
>>>
>>> I am using the 5.3.0-RC3. I illustrated the webflow to see the logic.
>>> The webflow logic is built in the code.
>>> I will check if the implementation based on a
>>> RegisteredServiceAccessStrategy is possible.
>>>
>>> Christian Poirier
>>> Mobile: 418-473-2824
>>>
>>> 2018-05-18 1:28 GMT-04:00 Charles Le Gallic :
>>>
>>>> Hi Christian,
>>>>
>>>> Which version of CAS do you use ?
>>>>
>>>> It seems to be a version below CAS 5.0.x (org.jasig packages and XML
>>>> spring configurations). SPNEGO client selection strategy was working on 4.x
>>>> version, but I cannot make it work after having upgrade to CAS 5.1.x
>>>>
>>>> Regards,
>>>>
>>>> Charles
>>>>
>>>> <http://www.amoae.com/>
>>>> 12, impasse du Malrigou, 31140 Montberon
>>>> <https://maps.google.com/?q=12,+impasse+du+Malrigou,%C2%A031140+Montberon&entry=gmail&source=g>
>>>> cont...@amoae.com | 06 24 73 04 98 | *amoae.com* <http://amoae.com/>
>>>>
>>>>
>>>> Le jeu. 17 mai 2018 à 15:25, Christian Poirier 
>>>> a écrit :
>>>>
>>>>> Hi Nicolas,
>>>>>
>>>>> In our organization, we need to let the user choose between the
>>>>> default login and SPNEGO upon a list of criteria and sometimes we need to
>>>>> go directly to the SPNEGO authentication upon other criteria. For this
>>>>> feature, I extended the SPNEGO module. I show a button with the label
>>>>> "LOGIN WITH MY WINDOWS ACCOUNT" when the IP address matches a regular
>>>>> expression. When the service matches a regular expression and the IP
>>>>> address also matches its regular expression, I force SPNEGO authentication
>>>>> without giving the user the chance to authenticate otherwise. If none of
>>>>> the previous conditions are present, then the user must authenticate
>>>>> normally with his user ID and password.
>>>>> If you look the following webflow, you will find this logic inside.
>>>>>
>>>>> >>>> "org.jasig.cas.authentication.principal.UsernamePasswordCredentials"
>>>>> />
>>>>>
>>>>> 
>>>>>
>>>>> 
>>>>>
>>>>>
>>>>>
>>>>> 
>>>>>
>>>>>
>>>>> 
>>>>>
>>>>>   >>>> "hasServiceCheck" else="gatewayRequestCheck" />
>>>>>
>>>>> 
>>>>>
>>>>>
>>>>> 
>>>>>
>>>>>   >>>> "gatewayServicesManagementCheck" else="startAuthenticateCheck" />
>>>>>
>>>>> 
>>>>>
>>>>>
>>>>> 
>>>>>
>>>>>   >>>> "viewGenericLoginSuccess" />
>>>>>
>>>>> 
>>>>>
>>>>>
>>>>> 
>>>>>
>>>>> >>>> ="startAut

Re: [cas-user] Re: SPNEGO Client Selection Strategy

2018-05-21 Thread Charles Le Gallic 
Hi Christian,

Did you achieved to make IP based SPNEGO client selection works on CAS 5.x ?

In that case, is there any other configuration to setup in addition to
cas.properties configuration ?

Regards,

Charles

<http://www.amoae.com/>
12, impasse du Malrigou, 31140 Montberon
cont...@amoae.com | 06 24 73 04 98 | *amoae.com* <http://amoae.com/>


Le ven. 18 mai 2018 à 14:14, Christian Poirier  a
écrit :

> Hi Charles
>
> I am using the 5.3.0-RC3. I illustrated the webflow to see the logic. The
> webflow logic is built in the code.
> I will check if the implementation based on a
> RegisteredServiceAccessStrategy is possible.
>
> Christian Poirier
> Mobile: 418-473-2824
>
> 2018-05-18 1:28 GMT-04:00 Charles Le Gallic :
>
>> Hi Christian,
>>
>> Which version of CAS do you use ?
>>
>> It seems to be a version below CAS 5.0.x (org.jasig packages and XML
>> spring configurations). SPNEGO client selection strategy was working on 4.x
>> version, but I cannot make it work after having upgrade to CAS 5.1.x
>>
>> Regards,
>>
>> Charles
>>
>> <http://www.amoae.com/>
>> 12, impasse du Malrigou, 31140 Montberon
>> <https://maps.google.com/?q=12,+impasse+du+Malrigou,%C2%A031140+Montberon&entry=gmail&source=g>
>> cont...@amoae.com | 06 24 73 04 98 | *amoae.com* <http://amoae.com/>
>>
>>
>> Le jeu. 17 mai 2018 à 15:25, Christian Poirier  a
>> écrit :
>>
>>> Hi Nicolas,
>>>
>>> In our organization, we need to let the user choose between the default
>>> login and SPNEGO upon a list of criteria and sometimes we need to go
>>> directly to the SPNEGO authentication upon other criteria. For this
>>> feature, I extended the SPNEGO module. I show a button with the label
>>> "LOGIN WITH MY WINDOWS ACCOUNT" when the IP address matches a regular
>>> expression. When the service matches a regular expression and the IP
>>> address also matches its regular expression, I force SPNEGO authentication
>>> without giving the user the chance to authenticate otherwise. If none of
>>> the previous conditions are present, then the user must authenticate
>>> normally with his user ID and password.
>>> If you look the following webflow, you will find this logic inside.
>>>
>>> >> "org.jasig.cas.authentication.principal.UsernamePasswordCredentials" />
>>>
>>> 
>>>
>>> 
>>>
>>>
>>>
>>> 
>>>
>>>
>>> 
>>>
>>>   >> "hasServiceCheck" else="gatewayRequestCheck" />
>>>
>>> 
>>>
>>>
>>> 
>>>
>>>   >> "gatewayServicesManagementCheck" else="startAuthenticateCheck" />
>>>
>>> 
>>>
>>>
>>> 
>>>
>>>   >> "viewGenericLoginSuccess" />
>>>
>>> 
>>>
>>>
>>> 
>>>
>>> >> "startAuthenticateCheck" else="generateServiceTicket" />
>>>
>>> 
>>>
>>>
>>> 
>>>
>>> 
>>>
>>>   >> "redirect" />
>>>
>>> 
>>>
>>>
>>> 
>>>
>>> 
>>>
>>>   >> "generateLoginTicket" else="spnegoForceCheckAction" />
>>>
>>> 
>>>
>>>
>>> 
>>>
>>>>> then="spnegoIPCheckAction2" else="spnegoAppCheckAction" />
>>>
>>> 
>>>
>>>
>>> 
>>>
>>>
>>>
>>>
>>>
>>>   
>>>
>>> 
>>>
>>>
>>> 
>>>
>>> 
>>>
>>> 
>>>
>>> 
>>>
>>>
>>>   
>>>
>>>   
>>>
>>> 
>>>
>>>
>>> 
>>>
>>>
>>>
>>> 
>>>
>>>  
>>>
>>> 
>>>
>>>
>>> 
>>>
>>>   
>>>
>>>   
>>>
>>> 
>>>
>>>
>>> 
>>>
>>>  
>>>
>>>
>>>
>>>   
>>>
>>> 
>>>
>>>
>>> 
>>>
>>> >> "generateLoginTicketAction.generate(f

Re: [cas-user] Re: SPNEGO Client Selection Strategy

2018-05-17 Thread Charles Le Gallic 
Hi Christian,

Which version of CAS do you use ?

It seems to be a version below CAS 5.0.x (org.jasig packages and XML spring
configurations). SPNEGO client selection strategy was working on 4.x
version, but I cannot make it work after having upgrade to CAS 5.1.x

Regards,

Charles


12, impasse du Malrigou, 31140 Montberon
cont...@amoae.com | 06 24 73 04 98 | *amoae.com* 


Le jeu. 17 mai 2018 à 15:25, Christian Poirier  a
écrit :

> Hi Nicolas,
>
> In our organization, we need to let the user choose between the default
> login and SPNEGO upon a list of criteria and sometimes we need to go
> directly to the SPNEGO authentication upon other criteria. For this
> feature, I extended the SPNEGO module. I show a button with the label
> "LOGIN WITH MY WINDOWS ACCOUNT" when the IP address matches a regular
> expression. When the service matches a regular expression and the IP
> address also matches its regular expression, I force SPNEGO authentication
> without giving the user the chance to authenticate otherwise. If none of
> the previous conditions are present, then the user must authenticate
> normally with his user ID and password.
> If you look the following webflow, you will find this logic inside.
>
>  "org.jasig.cas.authentication.principal.UsernamePasswordCredentials" />
>
> 
>
> 
>
>
>
> 
>
>
> 
>
>"hasServiceCheck" else="gatewayRequestCheck" />
>
> 
>
>
> 
>
>"gatewayServicesManagementCheck" else="startAuthenticateCheck" />
>
> 
>
>
> 
>
>"viewGenericLoginSuccess" />
>
> 
>
>
> 
>
>  "startAuthenticateCheck" else="generateServiceTicket" />
>
> 
>
>
> 
>
> 
>
>"redirect" />
>
> 
>
>
> 
>
> 
>
>"generateLoginTicket" else="spnegoForceCheckAction" />
>
> 
>
>
> 
>
> then="spnegoIPCheckAction2" else="spnegoAppCheckAction" />
>
> 
>
>
> 
>
>
>
>
>
>   
>
> 
>
>
> 
>
> 
>
> 
>
> 
>
>
>   
>
>   
>
> 
>
>
> 
>
>
>
> 
>
>  
>
> 
>
>
> 
>
>   
>
>   
>
> 
>
>
> 
>
>  
>
>
>
>   
>
> 
>
>
> 
>
>  "generateLoginTicketAction.generate(flowRequestContext)" />
>
>
>
> 
>
>
> Here are my new spnego.properties
> # cas.authn.spnego.spnegoMode=direct: indicates to go directly to the
> SPNEGO by changing the succes transition of initialLoginForm action-state
> to startSpnegoAuthenticate
> # cas.authn.spnego.spnegoMode=evaluateClient: indicates to evaluate the
> client based on the client action strategy defined in 
> evaluateClientActionStrategy.
>
> # It changes the
> success transition of initialLoginForm action-state to evaluateClientRequest
> cas.authn.spnego.spnegoMode=evaluateClient|direct
> # The following property is deprecated
>
> #cas.authn.spnego.hostNameClientActionStrategy=serviceNameSpnegoClientAction
> # cas.authn.spnego.evaluateClientActionStrategy=hostnameSpnegoClientAction
> where CAS checks to see if the request?s remote hostname matches a
> predefine pattern
> # cas.authn.spnego.evaluateClientActionStrategy=ldapSpnegoClientAction
> where CAS checks an LDAP instance for the remote hostname,
> #
>  to locate a pre-defined attribute whose mere existence would allow the
> webflow to resume to SPNEGO
> # cas.authn.spnego.evaluateClientActionStrategy=serviceNameSpnegoClientAction
> where CAS checks if the service corresponds to a regularExpression
> #defined in
> serviceNamePatternString and the ip corresponds to ipsToCheckPattern
> implemented
> #in baseSpnegoClientAction
> cas.authn.spnego.evaluateClientActionStrategy=
> serviceNameSpnegoClientAction
> cas.authn.spnego.ipsToCheckPattern=((127\.0)|(122.110))(\.[0-9]{1,3}){2}
>
> cas.authn.spnego.serviceNamePatternString=(app1\.domain\.ca)|(app2\.domain\.ca)
>
>
> It works well for me. If you want it, I could send you the code.
>
> Le jeudi 17 mai 2018 01:47:54 UTC-4, Nicholas Wylie a écrit :
>>
>> Hi CAS Community,
>>
>> I've successfully configured CAS 5.2 with LDAP/SPNEGO authentication
>> against our Active Directory.
>>
>> What we have noticed though is that non-domain joined computers see a
>> pop-up prompt for credentials when they visit the CAS login page. From my
>> reading, I believe we can fix this by configuring the LDAP Client Selection
>> Strategy for SPNEGO, but the documentation for which properties need to be
>> configured seems to be a bit scarce.
>>
>> Can someone offer any guidance (or a link to some documentation) as to
>> which properties I need to configure to use the LDAP Client Selection
>> Strategy?
>>
>> Thanks,
>> Nicholas
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "CAS Community" group.
> To unsubscribe from t

[cas-user] Re: SPNEGO Client Selection Strategy

2018-05-17 Thread Charles Le Gallic 
Hi Nicholas,

It's seems to me that Kerberos / SPNEGO client selection strategy is broken 
since Alfresco 5.0.x.

Indeed, there are several other messages in this discussion list referring 
to this problem : here 
,
 
here 

 
and here 
,
 
and I didn't achieved to make it work (IP based) in CAS 5.1.7 release.

SPNEGO Client Selection strategy setup is done in the 
SpengoWebflowConfigurer 

 
class, using the "cas.authn.spnego.hostNameClientActionStrategy" parameter 
value to set the strategy (default to "hostnameSpnegoClientAction"). You 
can use the "ldapSpnegoClientAction" value to use a LDAP Client Selection 
Strategy.

The problem is the Spring MVC Web Flow is configured for using the 
"START_SPNEGO_AUTHENTICATE" 
action state by default 
,
 
instead of the "EVALUATE_SPNEGO_CLIENT" action state (evaluateClientRequest) 

.

Therefore, the Client Selection Strategy is never applied. I didn't found 
any way to use CAS configuration properties to add the 
*evaluateClientRequest* action state before the *startSpnegoAuthenticate* 
state.

The only way to do this may be to overidde the 
CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM 
state (as done here 
)
 
in a custom bean and configure it to transition to the 
evaluateClientRequest state.

I may have missed something, and I hope a CAS Developer can clarify it.

Regards,

Charles






Le jeudi 17 mai 2018 07:47:54 UTC+2, Nicholas Wylie a écrit :
>
> Hi CAS Community,
>
> I've successfully configured CAS 5.2 with LDAP/SPNEGO authentication 
> against our Active Directory.
>
> What we have noticed though is that non-domain joined computers see a 
> pop-up prompt for credentials when they visit the CAS login page. From my 
> reading, I believe we can fix this by configuring the LDAP Client Selection 
> Strategy for SPNEGO, but the documentation for which properties need to be 
> configured seems to be a bit scarce.
>
> Can someone offer any guidance (or a link to some documentation) as to 
> which properties I need to configure to use the LDAP Client Selection 
> Strategy?
>
> Thanks,
> Nicholas
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9f3f6c1a-5510-498d-afe6-ea478a2de75c%40apereo.org.

Re: [cas-user] Pac4j delegate authentication, adding a PrincipalResolver to ClientAuthenticationHandler

2016-10-03 Thread Charles Le Gallic 
Hi,

Thanks for your answer.

The issue has been created here <https://github.com/apereo/cas/issues/2030>

I should have try to propose a PR, but I'm not quite enough comfortable 
with CAS 4.x for now ;)

Regards,

Charles

Le vendredi 30 septembre 2016 18:22:11 UTC+2, leleuj a écrit :
>
> Hi,
>
> You're right: there is no PrincipalResolver in the 
> ClientAuthenticationHandler: I guess it would make sense to add that to be 
> able to fetch additional information. Can you open a Github issue for that 
> improvement?
>
> Currently, you likely need to override the createResult method of the 
> authentication handler.
>
> Thanks.
> Best regards,
> Jérôme
>
>
>
> 2016-09-30 14:48 GMT+02:00 Charles Le Gallic  >:
>
>> Hi,
>>
>> We are currently using CAS 4.2.5 as an OpenId Connect (OIDC) client to 
>> retrieve the identity provider attributes.
>>
>> It works like a charm (congratulations to the CAS development team :)).
>>
>> But we wish to add additional attributes, retrieved from our internal 
>> database, to the user CAS principal, once the user has been successfully 
>> authenticated through the OIDC authentication sequence.
>>
>> As the ClientAuthenticationHandler is registered on the 
>> AuthenticationManager with no PrincipalResolver, we cannot use any 
>> attribute repository.
>>
>> Is there a way to register a Principal Resolver for 
>> ClientAuthenticationHandler, or is there any other way to achieve our goal ?
>>
>> Regards,
>>
>> Charles
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To post to this group, send email to cas-...@apereo.org .
>> Visit this group at 
>> https://groups.google.com/a/apereo.org/group/cas-user/.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cdd6def3-4402-4146-975a-3e0503866725%40apereo.org
>>  
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cdd6def3-4402-4146-975a-3e0503866725%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/85aabf5b-68cd-4176-826b-fe92c94f5470%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[cas-user] Pac4j delegate authentication, adding a PrincipalResolver to ClientAuthenticationHandler

2016-09-30 Thread Charles Le Gallic 
Hi,

We are currently using CAS 4.2.5 as an OpenId Connect (OIDC) client to 
retrieve the identity provider attributes.

It works like a charm (congratulations to the CAS development team :)).

But we wish to add additional attributes, retrieved from our internal 
database, to the user CAS principal, once the user has been successfully 
authenticated through the OIDC authentication sequence.

As the ClientAuthenticationHandler is registered on the 
AuthenticationManager with no PrincipalResolver, we cannot use any 
attribute repository.

Is there a way to register a Principal Resolver for 
ClientAuthenticationHandler, or is there any other way to achieve our goal ?

Regards,

Charles

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cdd6def3-4402-4146-975a-3e0503866725%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.