-
Notifications
You must be signed in to change notification settings - Fork 26
Stormpath Authentication Support
Stormpath is a cloud-based access and identity management provider. It offers premium as well as free authentication and access control for any application. After setting up Stormpath administrative account, obtaining Stormpath accessID and secretKey and setting up one or more Applications and Accounts representing users, then the configuration option is available to use Stormpath as a primary authentication source that CAS server could use to authenticate users via a simple to configure, cas-addons provided AuthenticationHandler. To configure Strormpath accounts and obtain API keys, refer to the Documentation
There is a StormpathAuthenticationHandler and a custom Spring XML cas namespace element for defining it:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cas="http://unicon.net/schema/cas"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://unicon.net/schema/cas
http://unicon.net/schema/cas/cas-addons.xsd">
<cas:stormpath-authentication-handler
access-id="${stormpath.apiKey.id}"
secret-key="${stormpath.apiKey.secret}"
application-id="${stormpath.application.id}"/>
</beans>There is also a CredentialsToPrincipalResolver implementation that fetches a set of Stormpath's Account attributes during Principal resolution and exposes them as regular CAS' Principal attributes Map. The fixed set of Stormpath's Account attributes exposed by this resolver implementation are:
usernameemailgivenNamemiddleNamesurnamestatus- List of
groups
To configure this resolver, simply add the bean definition to a list of credentialToPrincipalResolvers of the main AuthenticationManager bean. Here is the example of of the AuthenticationManager bean definition with StrompathAuthenticationHandler reference and StormpathPrincipalResolver along with other CAS defaults:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cas="http://unicon.net/schema/cas"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://unicon.net/schema/cas
http://unicon.net/schema/cas/cas-addons.xsd">
<cas:stormpath-authentication-handler
access-id="${stormpath.apiKey.id}"
secret-key="${stormpath.apiKey.secret}"
application-id="${stormpath.application.id}"/>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"/>
<bean class="net.unicon.cas.addons.authentication.principal.StormpathPrincipalResolver"
c:stormpathAuthenticationHandler-ref="stormpathAuthenticationHandler"/>
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" />
<ref local="stormpathAuthenticationHandler"/>
</list>
</property>
</bean>
</beans>On the other hand, if you are OK with all the defaults and just want Stormpath authentication and default set of Stormpath Account attributes, the above AuthenticationManager bean definition could be reduced with a custom cas namespace element down to this one! :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cas="http://unicon.net/schema/cas"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://unicon.net/schema/cas
http://unicon.net/schema/cas/cas-addons.xsd">
<cas:authentication-manager-with-stormpath-handler
access-id="${stormpath.apiKey.id}"
secret-key="${stormpath.apiKey.secret}"
application-id="${stormpath.application.id}"/>
</beans>