I have a user authenticated against LDAP using CAS. I now have the UID. Is it possible to use CAS to also query an oracle database using the UID to get other user attributes stored from oracle?
I've tried to use SingleRowJdbcPersonAttributeDao class in my bean but I can't get any attributes to release from it ... I'm not even sure if the query is being executed.
Yes. authentication in CAS is different from attribute retrieval. You can authenticate via one source, and get attributes from another. Authentication is handled via authN handlers, and attribute retrieval is handled via attribute repositories.
Once you have retrieved attributes, you need to configure your service definition to release those attributes. You need to define an attribute policy that authorizes the release of all or select attributes.
See http://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html
Related
Currently, trying to use WSO2 Identity Server to authenticate users from a mysql user store that I created with my own schema. However, whenever I add this user store as a secondary one in WSO2, the users do not appear on the management console.
And when I attempt to authenticate a user from that store I get the error message:
[2019-05-24 10:01:15,951] ERROR{org.wso2.carbon.identity.auth.service.handler.impl.BasicAuthenticationHandler}
- Error occurred while trying to authenticate,
Error when handling event : PRE_AUTHENTICATION
The user stores of the WSO2 servers need to have the specific schema (the schema script located in the dbscripts folder). You need to import users using this from your existing schema or scim2 endpoints to programmably import users
I you cannot migrate user store to wso2 schema as senthalan explained then you have two options to plug custom schema.
Change SQL queries from Advanced option of secondary user store configuration
Writing custom user store manager by extending necessary functions like doAuthenticate, doAddUser [1]
Error when handling event : PRE_AUTHENTICATION basically coming from below listener
org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener in identity.xml while handling pre authenticate event. You can even disable it.
[1]https://github.com/GayanM/custom-user-store
I'm using WSO2 Products, IS and API Gateway.
My use case is : I have a ReadOnly LDAP User Store that have some attributes such name, surname, email etc.. Obviously in LDAP Read Only i can't add new user's property, for example I would like to add a attribute (claime) with name "Profile". I found some documentation but i don't understand how to do this. (https://docs.wso2.com/display/IS510/Writing+a+Custom+User+Store+Manage).
If I understand well, I have to create a new User Store (such MYSQL DB) where i can mapping the LDAP's users and i can also add custom attribute.
This is the right way to do it?
And another question is : If the consideration above is right, How can I do provisioning of the 2 User Store ?
One way to do it without any code is as follows.
Create a new claim in WSO2 according to your preference, e.g. "Profile".
Map this claim to an existing unused attribute of your ReadOnly LDAP.
e.g. Map profile to FAX or Street Addres etc.
Modify configuration of your service provider and send this new claim in authentication response to your service provider.
Now you can update this LDAP attribute with whatever value you want and Service Provider will receive this as claim named as "profile".
I'm developing API in laravel and trying to implement token base auth with jwtAuth but what I cannot understand is that how to use mysql table 'customers' for authentication and generate token.
I have gone through multiple tutorials but none of them explain mysql table for authentication .
Does mysql really required for jwtAuth ?
How to manage jwtAuth::attempt() function for mysql ?
What is default table for jwtAuth() ?
Some of the tutorial that I have followed are : this and this
JWT authentication is an extension of the base Authentication, and uses the same configuration and methods as defined in your config/auth.php file.
User data will be stored in the defined users table - if using the standard Authentication scaffolding this is just users.
The JWT sessions themselves will be stored based on your session configuration. By default this uses file based session, stored within the
folder storage/framework/sessions
What is the standard practice for using JWTs in authentication mechanisms which require roles?
Should roles be contained somewhere within the predefined public claim names?
['iss', 'sub', 'aud', 'exp', 'nbf', 'iat', 'jti]
... Or should an application specific private claim name be used?
Or should the application refrain from putting roles in JWTs and keep all role based logic within the application only?
More detail:
When using JSON web tokens as a user authentication mechanism, and you apply the authentication on a set of routes, when a token is valid, authentication is valid for all routes in the set. If the token is not valid, it is invalid for all routes in the set.
This is great if all users have the same level of access. However, if users have different roles, say "user" and "admin", and only the "admin"s have access to certain routes, this falls down.
I have a Tomcat 5.5 server that hosts some HTML pages. I want to control the access to these pages. The incoming users' HTTP requests are supposed to have special authentication values.
What I need is to write a function that returns true/false based on the authentication value for each user request. Based on this true/false value, the user should be granted the access or not.
Any idea about how to do that?
Thanks
A pragmatic solution would be to create a ServletFilter and map it to all resources (/*). Reading your question, I guess your authentication method will not be based on sessions (JSESSIONID cookie), but on tokens part of the URL itself.
You have to write your own Authenticator in Tomcat.
Edit:
Subclass the AuthencatorBase class and implement the the abstract method authenticate
Place your jar in the lib folder of tomcat, not your webapp
specify in your web.xml which resources your want to protect.
Declare your authenticator in your context.xml => this technically a Valve
deploy your application and be happy!
With Tomcat, you'll need to use a Realm to protect your pages.
http://tomcat.apache.org/tomcat-4.1-doc/realm-howto.html