search

Letractively / rubycas-server

Automatically exported from code.google.com/p/rubycas-server
GNU Lesser General Public License v2.1
0 stars 0 forks source link

Need ability to identify source of authentication data when using multiple authenticators #27

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
I'm using RubyCAS-Server 0.5.0 and have configured it to chain through
multiple authentication sources. I'm hoping to be able to do two things
that I don't see the code providing today.

First is the ability to identify which of the many possible authentication
sources worked (assuming a successful login of course.) The web site code
in use after authentication needs to vary based on the source of
authentication data. So for example if a login verified against a reseller
account they'd see reseller information rather than customer information.

Second is the ability to try authenticating against ALL of the
authenticators in a chain and, if at least one succeeded, make available a
list of all the successful authenticators. The purpose of this is to make
it easy to consolidate accounts into a single central authenticator without
have to do a massive merge all in one shot. It would be possible instead to
migrate accounts one at a time (if desired) into the central system from
older legacy systems.

What version of RubyCAS-Server are you using? How is it installed (rubygem,
manual install)? How are you running it (webrick, mongrel, cgi, etc.)? 

If relevant, please paste your RubyCAS-Server config.yml file here.

Please provide any additional information below.

Original issue reported on code.google.com by Rocan...@gmail.com on 17 Oct 2007 at 7:53

GoogleCodeExporter commented 8 years ago 
Have you considered just writing a custom authenticator to do this? It would 
probably
be easier to just write an authenticator that takes care of the business logic 
you're
talking about. You could for example write an authenticator that calls other
authenticators. I'm not sure if it's worth making the authenticator-chaining
mechanism more complicated if all of the functionality you're talking about can 
be
better achieved via a Ruby code (i.e. we don't want to be reinventing the wheel 
here...)

That said, one piece of this that's definitely missing in RubyCAS-Server (and 
to some
extent in the JA-SIG CAS Server) is the ability to add arbitrary data to your 
CAS
responses. This is where you would put info like the authentication source. 
This is
at the top of the TODO list, and will almost certainly be done for the next 
release.
See issue #10: http://code.google.com/p/rubycas-server/issues/detail?id=10

Original comment by matt.zuk...@gmail.com on 17 Oct 2007 at 9:00

GoogleCodeExporter commented 8 years ago 
Matt, this would work just fine. I'm already using a custom authenticator so 
simply
being able to add more data to the CAS response would work great!

Original comment by Rocan...@gmail.com on 17 Oct 2007 at 9:07

GoogleCodeExporter commented 8 years ago

Original comment by matt.zuk...@gmail.com on 17 Oct 2007 at 10:09