-
Notifications
You must be signed in to change notification settings - Fork 26
Stormpath Authentication Support
Stormpath is a cloud-based access and identity management provider. It offers premium as well as free authentication and access control for any application. After setting up Stormpath administrative account, obtaining Stormpath accessID and secretKey and setting up one or more Applications
and Accounts
representing users, then the configuration option is available to use Stormpath as a primary authentication source that CAS server could use to authenticate users via a simple to configure, cas-addons provided AuthenticationHandler. To configure Strormpath accounts and obtain API keys, refer to the Documentation
There is a StormpathAuthenticationHandler
and a custom Spring XML cas
namespace element for defining it:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cas="http://unicon.net/schema/cas"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://unicon.net/schema/cas
http://unicon.net/schema/cas/cas-addons.xsd">
<cas:stormpath-authentication-handler
access-id="${stormpath.apiKey.id}"
secret-key="${stormpath.apiKey.secret}"
application-id="${stormpath.application.id}"/>
</beans>
There is also a CredentialsToPrincipalResolver
implementation that fetches a set of Stormpath's Account
attributes during Principal resolution and exposes them as regular CAS' Principal attributes Map. The fixed set of Stormpath's Account
attributes exposed by this resolver implementation are:
username
email
givenName
middleName
surname
status
- List of
groups
To configure this resolver, simply add the bean definition to a list of credentialToPrincipalResolvers of the main AuthenticationManager
bean. Here is the example of of the AuthenticationManager
bean definition with StrompathAuthenticationHandler reference and StormpathPrincipalResolver
along with other CAS defaults:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cas="http://unicon.net/schema/cas"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://unicon.net/schema/cas
http://unicon.net/schema/cas/cas-addons.xsd">
<cas:stormpath-authentication-handler
access-id="${stormpath.apiKey.id}"
secret-key="${stormpath.apiKey.secret}"
application-id="${stormpath.application.id}"/>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"/>
<bean class="net.unicon.cas.addons.authentication.principal.StormpathPrincipalResolver"
c:stormpathAuthenticationHandler-ref="stormpathAuthenticationHandler"/>
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" />
<ref local="stormpathAuthenticationHandler"/>
</list>
</property>
</bean>
</beans>
On the other hand, if you are OK with all the defaults and just want Stormpath authentication and default set of Stormpath Account attributes, the above AuthenticationManager bean definition could be reduced with a custom cas
namespace element down to this one! :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cas="http://unicon.net/schema/cas"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://unicon.net/schema/cas
http://unicon.net/schema/cas/cas-addons.xsd">
<cas:authentication-manager-with-stormpath-handler
access-id="${stormpath.apiKey.id}"
secret-key="${stormpath.apiKey.secret}"
application-id="${stormpath.application.id}"/>
</beans>