-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Digest authentication #1879
Conversation
# Conflicts: # cas-server-support-pac4j/src/main/java/org/jasig/cas/support/pac4j/web/flow/ClientAction.java
# Conflicts: # cas-management-webapp-support/src/main/java/org/jasig/cas/mgmt/config/CasManagementWebAppConfiguration.java # cas-server-core-services/src/test/java/org/jasig/cas/authentication/DefaultMultifactorTriggerSelectionStrategyTest.java # cas-server-core-web/src/main/java/org/jasig/cas/web/support/WebUtils.java # cas-server-support-basic/src/main/java/org/jasig/cas/web/flow/BasicAuthenticationAction.java # cas-server-support-ldap/src/main/java/org/jasig/cas/authorization/generator/LdapAuthorizationGenerator.java # cas-server-support-mongo/src/main/java/org/jasig/cas/authentication/MongoAuthenticationHandler.java # cas-server-support-oauth/src/main/java/org/jasig/cas/config/OAuthConfiguration.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/authenticator/OAuthClientAuthenticator.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/authenticator/OAuthUserAuthenticator.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/profile/OAuthClientProfile.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/profile/OAuthUserProfile.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20AccessTokenController.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20AuthorizeController.java # cas-server-support-oauth/src/test/java/org/jasig/cas/support/oauth/web/OAuth20AuthorizeControllerTests.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/AbstractTokenWrapperAuthenticationHandler.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/AbstractWrapperAuthenticationHandler.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/UsernamePasswordWrapperAuthenticationHandler.java # cas-server-support-pac4j/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ClientAuthenticationHandler.java # cas-server-support-pac4j/src/main/java/org/jasig/cas/support/pac4j/web/flow/ClientAction.java # cas-server-support-radius-mfa/src/main/java/org/jasig/cas/config/RadiusMultifactorConfiguration.java # cas-server-support-radius/src/main/java/org/jasig/cas/config/RadiusConfiguration.java # cas-server-support-stormpath/src/main/java/org/jasig/cas/authentication/StormpathAuthenticationHandler.java # cas-server-support-token/src/main/java/org/jasig/cas/authentication/handler/support/TokenAuthenticationHandler.java # cas-server-webapp-config/src/main/java/org/jasig/cas/config/CasSecurityContextConfiguration.java # settings.gradle
# Conflicts: # cas-management-webapp-support/src/main/java/org/jasig/cas/mgmt/config/CasManagementWebAppConfiguration.java # cas-server-core-services/src/test/java/org/jasig/cas/authentication/DefaultMultifactorTriggerSelectionStrategyTest.java # cas-server-core-web/src/main/java/org/jasig/cas/web/support/WebUtils.java # cas-server-support-basic/src/main/java/org/jasig/cas/web/flow/BasicAuthenticationAction.java # cas-server-support-ldap/src/main/java/org/jasig/cas/authorization/generator/LdapAuthorizationGenerator.java # cas-server-support-mongo/src/main/java/org/jasig/cas/authentication/MongoAuthenticationHandler.java # cas-server-support-oauth/src/main/java/org/jasig/cas/config/OAuthConfiguration.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/authenticator/OAuthClientAuthenticator.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/authenticator/OAuthUserAuthenticator.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/profile/OAuthClientProfile.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/profile/OAuthUserProfile.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20AccessTokenController.java # cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20AuthorizeController.java # cas-server-support-oauth/src/test/java/org/jasig/cas/support/oauth/web/OAuth20AuthorizeControllerTests.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/AbstractTokenWrapperAuthenticationHandler.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/AbstractWrapperAuthenticationHandler.java # cas-server-support-pac4j-authentication/src/main/java/org/jasig/cas/integration/pac4j/authentication/handler/support/UsernamePasswordWrapperAuthenticationHandler.java # cas-server-support-pac4j/src/main/java/org/jasig/cas/support/pac4j/authentication/handler/support/ClientAuthenticationHandler.java # cas-server-support-pac4j/src/main/java/org/jasig/cas/support/pac4j/web/flow/ClientAction.java # cas-server-support-radius-mfa/src/main/java/org/jasig/cas/config/RadiusMultifactorConfiguration.java # cas-server-support-radius/src/main/java/org/jasig/cas/config/RadiusConfiguration.java # cas-server-support-stormpath/src/main/java/org/jasig/cas/authentication/StormpathAuthenticationHandler.java # cas-server-support-token/src/main/java/org/jasig/cas/authentication/handler/support/TokenAuthenticationHandler.java # cas-server-webapp-config/src/main/java/org/jasig/cas/config/CasSecurityContextConfiguration.java # settings.gradle
# Conflicts: # settings.gradle
@@ -176,7 +157,7 @@ protected void prepareForLoginPage(final RequestContext context) { | |||
final IndirectClient indirectClient = (IndirectClient) client; | |||
// clean Client suffix for default names | |||
final String name = client.getName().replace("Client", ""); | |||
final String redirectionUrl = indirectClient.getRedirectionUrl(webContext); | |||
final String redirectionUrl = indirectClient.getRedirectAction(webContext).getLocation(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here is my real concern. This is the comeback of the hardly-understandable concept of direct / indirect redirection.
If you do that, it will work. But you may encounter performance issues. If you choose Twitter for example (which is based on OAuth 10), the computation of the redirection url requires to call the Twitter server. So if it is down or slow, you will have troubles to display the login page even if you don't click on the "Twitter login" button.
I think an intermediate url (/delegateauthentication?client_name=TwitterClient) would be necessary to avoid this downside.
A great work, but I think we need to fix the issue I mentioned before the merge (and wait for the version 1.9.1 of pac4j). |
Sounds good. I'll leave this hanging. Got an ETA? |
I'll do the releases at the beginning of next week. |
# Conflicts: # cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/model/core/authentication/AuthenticationProperties.java # cas-server-documentation/installation/Configuration-Properties.md # cas-server-support-ldap/src/main/java/org/apereo/cas/config/LdapAuthenticationConfiguration.java # cas-server-webapp/src/main/resources/application.properties # settings.gradle
# Conflicts: # cas-management-webapp-support/src/main/java/org/apereo/cas/mgmt/config/CasManagementWebAppConfiguration.java
So auto config can inject the right dependency based on Presence of a module.
final IndirectClient indirectClient = (IndirectClient) client; | ||
// clean Client suffix for default names | ||
final String name = client.getName().replace("Client", ""); | ||
final String redirectionUrl = indirectClient.getRedirectAction(webContext).getLocation(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll raise a warning on this: for OAuth 1.0 and OpenID Connect support, this will require to call the identity server and may generate performance issues.
I released pac4j v1.9.1 and spring-webmvc-pac4j v1.1.1: you can safely upgrade to these ones. Notice that the signature of the |
Great. Thanks for the update |
# Conflicts: # cas-server-support-wsfederation/src/main/java/org/apereo/cas/support/wsfederation/config/WsFederationAuthenticationConfiguration.java
Closes #1384
See the included docs for more info please. This effectively requires CAS to be on pac4j 1.9, since Digest AuthN support is heavily borrowed from pac4j.