Using Custom AuthenticationProvider with CAS

amy

Hello everyone,

I was wondering if anyone has any advice or opinion on this. I wrote a custom AuthenticationProvider that authenticates a user against our mainframe. This works really well in a standard Spring app, and we get back a custom Authentication object with lots of info about the user.

We now want to use CAS to authenticate the user. I understand how to add a custom authenticator to CAS (well I think so  and I know it's outside the remit of these forums), but I'm puzzled how I would get Authentication object back into the app. I'm assuming that CAS won't return it to the app - that would be asking too much  

Has anyone else faced the same issue?

Sorry if the question is a bit vague, I only started looking at CAS yesterday and it's all rather daunting ...

Cheers, John

It should work the same way regardless of how you authenticate in CAS. Take a look at the CAS sample app that comes with Spring Security. Typically CAS will just supply the username to Spring Security, which will then load the application-specific user roles etc.

Running quot;gradle casquot; (or quot;./gradlew casquot; if you don't have gradle installed) from the checked out codebase should setup a working CAS server and client application.

Thanks for the reply Luke.

We've taken a different approach now, which fits in with how Spring typically works (i.e. only needing the user ID). So I don't need any extra fields coming back from CAS.

Cheers, john