custom authentication script get client

By: Vivien Besson user 15 Feb 2017 at 11:27 a.m. CST

6 Responses
Vivien Besson gravatar
Hi, I want to make a custom authentication script who check some information but it depend of the client who request the authorisation. So, is it possible to get the Client, or better to get all the authorization request parameter (like client_id, prompt, scope, ...) inside the script ?
U1404
closed

Answers

By Mohib Zico staff 17 Feb 2017 at 6:50 a.m. CST

Copy
Mohib Zico gravatar
Hello Vivien, I think it's possible. The reason I am saying because we have covered such use case ( not exactly like you stated but.. ) before. Let's check [Duo-Gluu Server](https://gluu.org/docs/authn-guide/duo/) doc. Here we are prompting Duo who are inside 'duo_group'; others will not get Duo.

By Vivien Besson user 17 Feb 2017 at 8:25 a.m. CST

Copy
Vivien Besson gravatar
Hello Mohi, Thank's for your reply. I already check the duo security script, in this script, the user pass first a basic authent, so the script got the user object and look the parameter "memberOf". I want to get the client before show the authentification form. I look at the code of the oxauth server and specially the services, the srcipt don't get the client id, or the session id who would permit to load the client use for the authorisation request.

By Mohib Zico staff 17 Feb 2017 at 8:29 a.m. CST

Copy
Mohib Zico gravatar
Gotcha. We will discuss internally with our developer who are developing these scripts to find a pseudo code / procedure for you but if you have any budget on that; feel free to let us know; we will be able to engage quickly.

By Michael Schwartz Account Admin 20 Feb 2017 at 2:10 p.m. CST

Copy
Michael Schwartz gravatar
Not sure what you mean by "client" Do you mean the auth2 client? You have the authentication script, so if you can figure out some way to get the information into the Gluu LDAP server, or how to call some API, you can accomplish your goal.

By Vivien Besson user 21 Feb 2017 at 10:23 a.m. CST

Copy
Vivien Besson gravatar
Hi, Yes "client" is for "auth2 client". My problem is that i don't have the context who came with the authent. For exemple, in the script UMA Authorization Policies, we have a variable "authorizationContext" who give the context of the authorisation request. I will try to describe my problem, i'm not very good in english, so please be nice :p 1) I have 3 app who will use gluu authent. each app have is oauth2 client. Some user have access to only app1, other only to app 2 and 3, ... At first i would make 1 authent script who look the client use for the authent request, and filter. But i can't find a way to know the client use for the authent request in the script. 2) I have the same problem with Scim script : all gluu users will be create by other application / website, and i want to indicate on each user, the app / website who create it. But even if each app have a different auth2/uma client, i didn't find a way to get the client who create the user. I know each app can specify this parameter at the creation, but that's not the only property that i want to set.

By Yuriy Movchan staff 02 Mar 2017 at 2:43 p.m. CST

Copy
Yuriy Movchan gravatar
In authentication script you can get map of authorization and authentication attributes using commands: ``` context = Contexts.getEventContext() sessionAttributes = context.get("sessionAttributes") ``` You can use this map to get client_id

Post an answer