Add support for Digest authentication #1879
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Conflicts: # cas-server-support-pac4j/src/main/java/org/jasig/cas/support/pac4j/web/flow/ClientAction.java
# Conflicts: # cas-management-webapp-support/src/main/java/org/jasig/cas/mgmt/config/CasManagementWebAppConfiguration.java # cas-server-core-services/src/test/java/org/jasig/cas/authentication/DefaultMultifactorTriggerSelectionStrategyTest.java # cas-server-core-web/src/main/java/org/jasig/cas/web/support/WebUtils.java # cas-server-support-basic/src/main/java/org/jasig/cas/web/flow/BasicAuthenticationAction.java # cas-server-support-ldap/src/main/java/org/jasig/cas/authorization/generator/LdapAuthorizationGenerator.java # cas-server-support-mongo/src/main/java/org/jasig/cas/authentication/MongoAuthenticationHandler.java # cas-server-support-oauth/src/main/java/org/jasig/cas/config/OAuthConfiguration.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/authenticator/OAuthClientAuthenticator.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/authenticator/OAuthUserAuthenticator.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/profile/OAuthClientProfile.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/profile/OAuthUserProfile.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20AccessTokenController.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20AuthorizeController.java # cas-server-support-oauth/src/test/java/org/jasig/cas/support/oauth/web/OAuth20AuthorizeControllerTests.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/AbstractTokenWrapperAuthenticationHandler.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/AbstractWrapperAuthenticationHandler.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/UsernamePasswordWrapperAuthenticationHandler.java # cas-server-support-pac4j/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ClientAuthenticationHandler.java # cas-server-support-pac4j/src/main/java/org/jasig/cas/support/pac4j/web/flow/ClientAction.java # cas-server-support-radius-mfa/src/main/java/org/jasig/cas/config/RadiusMultifactorConfiguration.java # cas-server-support-radius/src/main/java/org/jasig/cas/config/RadiusConfiguration.java # cas-server-support-stormpath/src/main/java/org/jasig/cas/authentication/StormpathAuthenticationHandler.java # cas-server-support-token/src/main/java/org/jasig/cas/authentication/handler/support/TokenAuthenticationHandler.java # cas-server-webapp-config/src/main/java/org/jasig/cas/config/CasSecurityContextConfiguration.java # settings.gradle
# Conflicts: # cas-management-webapp-support/src/main/java/org/jasig/cas/mgmt/config/CasManagementWebAppConfiguration.java # cas-server-core-services/src/test/java/org/jasig/cas/authentication/DefaultMultifactorTriggerSelectionStrategyTest.java # cas-server-core-web/src/main/java/org/jasig/cas/web/support/WebUtils.java # cas-server-support-basic/src/main/java/org/jasig/cas/web/flow/BasicAuthenticationAction.java # cas-server-support-ldap/src/main/java/org/jasig/cas/authorization/generator/LdapAuthorizationGenerator.java # cas-server-support-mongo/src/main/java/org/jasig/cas/authentication/MongoAuthenticationHandler.java # cas-server-support-oauth/src/main/java/org/jasig/cas/config/OAuthConfiguration.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/authenticator/OAuthClientAuthenticator.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/authenticator/OAuthUserAuthenticator.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/profile/OAuthClientProfile.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/profile/OAuthUserProfile.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20AccessTokenController.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20AuthorizeController.java # cas-server-support-oauth/src/test/java/org/jasig/cas/support/oauth/web/OAuth20AuthorizeControllerTests.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/AbstractTokenWrapperAuthenticationHandler.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/AbstractWrapperAuthenticationHandler.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/UsernamePasswordWrapperAuthenticationHandler.java # cas-server-support-pac4j/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ClientAuthenticationHandler.java # cas-server-support-pac4j/src/main/java/org/jasig/cas/support/pac4j/web/flow/ClientAction.java # cas-server-support-radius-mfa/src/main/java/org/jasig/cas/config/RadiusMultifactorConfiguration.java # cas-server-support-radius/src/main/java/org/jasig/cas/config/RadiusConfiguration.java # cas-server-support-stormpath/src/main/java/org/jasig/cas/authentication/StormpathAuthenticationHandler.java # cas-server-support-token/src/main/java/org/jasig/cas/authentication/handler/support/TokenAuthenticationHandler.java # cas-server-webapp-config/src/main/java/org/jasig/cas/config/CasSecurityContextConfiguration.java # settings.gradle
# Conflicts: # settings.gradle
| @@ -176,7 +157,7 @@ protected void prepareForLoginPage(final RequestContext context) { | |||
| final IndirectClient indirectClient = (IndirectClient) client; | |||
| // clean Client suffix for default names | |||
| final String name = client.getName().replace("Client", ""); | |||
| final String redirectionUrl = indirectClient.getRedirectionUrl(webContext); | |||
| final String redirectionUrl = indirectClient.getRedirectAction(webContext).getLocation(); | |||
There was a problem hiding this comment.
Here is my real concern. This is the comeback of the hardly-understandable concept of direct / indirect redirection.
If you do that, it will work. But you may encounter performance issues. If you choose Twitter for example (which is based on OAuth 10), the computation of the redirection url requires to call the Twitter server. So if it is down or slow, you will have troubles to display the login page even if you don't click on the "Twitter login" button.
I think an intermediate url (/delegateauthentication?client_name=TwitterClient) would be necessary to avoid this downside.
|
A great work, but I think we need to fix the issue I mentioned before the merge (and wait for the version 1.9.1 of pac4j). |
|
Sounds good. I'll leave this hanging. Got an ETA? |
|
I'll do the releases at the beginning of next week. |
# Conflicts: # cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/model/core/authentication/AuthenticationProperties.java # cas-server-documentation/installation/Configuration-Properties.md # cas-server-support-ldap/src/main/java/org/apereo/cas/config/LdapAuthenticationConfiguration.java # cas-server-webapp/src/main/resources/application.properties # settings.gradle
# Conflicts: # cas-management-webapp-support/src/main/java/org/apereo/cas/mgmt/config/CasManagementWebAppConfiguration.java
So auto config can inject the right dependency based on Presence of a module.
| final IndirectClient indirectClient = (IndirectClient) client; | ||
| // clean Client suffix for default names | ||
| final String name = client.getName().replace("Client", ""); | ||
| final String redirectionUrl = indirectClient.getRedirectAction(webContext).getLocation(); |
There was a problem hiding this comment.
I'll raise a warning on this: for OAuth 1.0 and OpenID Connect support, this will require to call the identity server and may generate performance issues.
|
I released pac4j v1.9.1 and spring-webmvc-pac4j v1.1.1: you can safely upgrade to these ones. Notice that the signature of the |
|
Great. Thanks for the update |
# Conflicts: # cas-server-support-wsfederation/src/main/java/org/apereo/cas/support/wsfederation/config/WsFederationAuthenticationConfiguration.java
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #1384
See the included docs for more info please. This effectively requires CAS to be on pac4j 1.9, since Digest AuthN support is heavily borrowed from pac4j.