I have a full working version of that at: https://github.com/AtlasOfLivingAustralia/ala-cas-2.0 However that version is based on cas-4.0.4/pac4j-1.7.2 so you have to adjust it to your needs; I was using it and tested it succesfully for "one click" SignUP/SignIN with: - Facebook - Google - Twitter - LinkedIn - GitHub - Windoze
basically the user clicks on the social media button, we do the auth with pac4j, the social media sends back attributes, we use to either: 1. lookup an existing user (based on the email returned back by social media) and log them in, or: 2. if the user (email) does not exist we create them (suing the email, first name, second name) and log them in (avoiding the need for the signup confirmation email) The actual attribute extraction is done in: https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/tree/master/src/main/java/au/org/ala/cas https://github.com/AtlasOfLivingAustralia/ala-cas-2.0/blob/master/src/main/java/au/org/ala/cas/AttributeParser.java It is a good starting point, easy to adopt to whatever you need, cheers, martin On Thursday, October 26, 2017 at 3:28:45 PM UTC+11, Edward wrote: > > Hi All, > Thank you very much for your response: > > 1. my scope for google is: > cas.authn.pac4j.google.scope=EMAIL_AND_PROFILE > > 2. after add logging.level.org.pac4j=DEBUG > i can see in the log that google return lot of attributes: > 2017-10-26 11:56:34,573 INFO > [org.pac4j.oauth.profile.creator.OAuth20ProfileCreator] - <UserProfile: { > "kind": "plus#person", > "etag": "\"xxxxxxxxxx/xxxxxxxxxxxxxxxxx\"", > "emails": [ > { > "value": "xxxxx.x...@gmail.com <javascript:>", > "type": "account" > } > ], > "objectType": "person", > "id": "15125125125125", > "displayName": "xxxxxx", > "name": { > "familyName": "XXXXX", > "givenName": "Xxxxxxx" > }, > "url": "https://plus.google.com/15125125125125";, > "image": { > "url": " > https://lh4.googleusercontent.com/-XXXXXFxyqk/XXX/XXXXXXXcv/-XXXasaXX/photo.jpg?sz=50 > ", > "isDefault": false > }, > "isPlusUser": true, > "language": "en_GB", > "circledByCount": 6, > "verified": false > } > > > > but the final user profile JSON string i got is still the same, not the > full one like above. > { > "attributes": > { > "clientName": "Google" > }, > "id": "15125125125125" > } > > > 3. this is how i get CAS user profile : > HttpClient client = new HttpClient(); > tring profileUrl = " > https://mydomain.dom.com:8443/cas/oauth2.0/profile?access_token=AT-5-BXWqunDZXTVBZT6jSC6bjqfqodO7JStxJUf > "; > GetMethod method = new GetMethod(profileUrl); > client.executeMethod(method); > resultStr = method.getResponseBodyAsString(); > //*resultStr* only contain above JSON string. > > 4. in the service configuration: > { > @class: org.apereo.cas.support.oauth.services.OAuthRegisteredService > serviceId: ^https://mydomain.dom.com:8443/cas-users-management/.* > name: CAS User Management > id: 1506918968305 > description: CAS user management > proxyPolicy: > { > @class: org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy > } > evaluationOrder: 0 > usernameAttributeProvider: > { > @class: > org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider > canonicalizationMode: NONE > encryptUsername: false > } > attributeReleasePolicy: > { > @class: org.apereo.cas.services.*ReturnAllAttributeReleasePolicy* > principalAttributesRepository: > { > @class: > org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository > expiration: 2 > timeUnit: HOURS > } > authorizedToReleaseCredentialPassword: false > authorizedToReleaseProxyGrantingTicket: false > excludeDefaultAttributes: false > } > > ...... > > i still cannot get the additional attributes from google. > Any suggestion? > > Thanks! > >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c6a86508-8e28-4515-aa0b-a202cd9a926e%40apereo.org.
