renew=true and accessStrategy ignored for OAuth Services

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

renew=true and accessStrategy ignored for OAuth Services

Robert
I'm trying to setup an OAuth 2.0 Service. which enforces reauthentication, but neither "renew=true" URL parameter, nor accessStrategy - ssoEnabled: false, works. I'm just getting the access_token, as my response type is token.
I dont see anything in the OAuth Support Modules related to reauthentication, but Facebook, Twitter, and other OAuth Provider support it. Is there something missing in CAS?

I'm referencing 5.3.0-RC2.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
Reply | Threaded
Open this post in threaded view
|

renew=true and accessStrategy ignored for OAuth Services

Robert
Nobody has an idea?

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
Reply | Threaded
Open this post in threaded view
|

Re: renew=true and accessStrategy ignored for OAuth Services

Robert
In reply to this post by Robert
Ok, Ive found out, that somehow the OAuth20HandlerInterceptorAdapter has to be extended. PAC4J is used to check if access is given to /oauth2.0/authorize URL and if not CASClient from PAC4J is used to make authentication. So how can we check for some renew param in request params (maybe acr_values ???) and delete profile from PAC4J SessionStore if needed to enforce reauthentication? Is this a PAC4J Issue?

Am Freitag, 9. März 2018 11:58:40 UTC+1 schrieb Robert:
I'm trying to setup an OAuth 2.0 Service. which enforces reauthentication, but neither "renew=true" URL parameter, nor accessStrategy - ssoEnabled: false, works. I'm just getting the access_token, as my response type is token.
I dont see anything in the OAuth Support Modules related to reauthentication, but Facebook, Twitter, and other OAuth Provider support it. Is there something missing in CAS?

I'm referencing 5.3.0-RC2.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
Reply | Threaded
Open this post in threaded view
|

Re: renew=true and accessStrategy ignored for OAuth Services

Robert
No more issues on github and zero response rate here.

Is CAS dead?

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.
Reply | Threaded
Open this post in threaded view
|

Re: renew=true and accessStrategy ignored for OAuth Services

David Curry
CAS is most certainly not dead.

But you're posting to the wrong list. Try directing your question(s) to the cas-user list instead.

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • [hidden email]

The New School


On Wed, Apr 25, 2018 at 12:33 PM, Robert <[hidden email]> wrote:
No more issues on github and zero response rate here.

Is CAS dead?

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.