[mitreid-connect] Custom AuthenticationProvider

Luiz Omori luiz.omori at duke.edu
Tue Jun 6 17:08:25 EDT 2017


Well, is the LDAP overlay working? That one seems to be using “alias” instead of “id”.

Regards,
Luiz

From: Justin Richer <jricher at mit.edu>
Date: Tuesday, June 6, 2017 at 3:34 PM
To: Luiz Omori <luiz.omori at duke.edu>
Cc: "mitreid-connect at mit.edu" <mitreid-connect at mit.edu>
Subject: Re: [mitreid-connect] Custom AuthenticationProvider

The new version does upgrade the version of Spring Security and there were a few changes that were required in that upgrade. For one, if you’ve got your auth manager in with “alias” instead of “id”, it can fail in weird ways. Also note that the field names for username and password, as well as the username/password filter, have all changed by default. The other issues had to do with the default session and CSRF behavior in the new version of spring, but that shouldn’t affect the initial login.

 — Justin

On Jun 6, 2017, at 1:40 PM, Luiz Omori <luiz.omori at duke.edu<mailto:luiz.omori at duke.edu>> wrote:

Thanks.  I took a look and my configuration is very similar. Maybe my problem is elsewhere. The login page shows up but it always fails even with proper username and password (obviously as the authentication provider is not being called). Nothing in the logs at info level and couldn’t find anything useful in debug. Interesting that when I try using a previous MitreID 1.2.x that we have it works. Maybe something new with 1.3.x?

Regards,
Luiz

From: Justin Richer <jricher at mit.edu<mailto:jricher at mit.edu>>
Date: Monday, June 5, 2017 at 4:33 PM
To: Luiz Omori <luiz.omori at duke.edu<mailto:luiz.omori at duke.edu>>
Cc: "mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>" <mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>>
Subject: Re: [mitreid-connect] Custom AuthenticationProvider

MIT has a server that uses a stack of different providers for different authentication methods:

https://github.com/MIT-CSAIL-TIG/oidc.csail.mit.edu/blob/master/oidc-mit-overlay/src/main/webapp/WEB-INF/user-context.xml<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_MIT-2DCSAIL-2DTIG_oidc.csail.mit.edu_blob_master_oidc-2Dmit-2Doverlay_src_main_webapp_WEB-2DINF_user-2Dcontext.xml&d=DwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=bX9mWylWGUk4aJmRHhF98--u7tYmMkrOqvqnMatSQb4&s=a1JjBG13ol3etHvwxtoo2rb1WmqLl1K_VzeVGICxQHY&e=>

 — Justin

On Jun 5, 2017, at 1:35 PM, Luiz Omori <luiz.omori at duke.edu<mailto:luiz.omori at duke.edu>> wrote:

Hi,

We need to be able to authenticate an user using a third party application web service that does the password check and sends back the user details. For that I’ve been trying to implement a custom authentication provider but so far couldn’t make it to work. The constructor is called but neither supports nor authenticate methods are. Using an overlay project for that, overriding user-context.xml with the security:authentication-provider setting pointing to our custom provider. As far as I can see, our project is very similar to the LDAP overlay.

Has anybody tried this? If yes, would you mind sending me a skeleton project?

Regards,
Luiz
_______________________________________________
mitreid-connect mailing list
mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>
http://mailman.mit.edu/mailman/listinfo/mitreid-connect<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.mit.edu_mailman_listinfo_mitreid-2Dconnect&d=DwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=bX9mWylWGUk4aJmRHhF98--u7tYmMkrOqvqnMatSQb4&s=He3Mte3oSlW53K3UO9iF0wpf8-VnYsIjpOQFXpbUPFQ&e=>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20170606/9f5fb094/attachment.html


More information about the mitreid-connect mailing list