Develop Reference

Implementation of Google authentication (OAuth) in CAS

I'm trying to implement Google authentication (OAuth) in CAS 4.1.9.
First of all I have created a new project on console.developers.google.com in which I have generated a new client id for my application.
Then, I have installed CAS using Maven overlays. In my pom.xml I included the pac4j dependency as it follows:
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-oauth</artifactId>
<version>3.4.0</version>
<scope>runtime</scope>
</dependency>
Moreover,this is what I have added in my applicationContext.xml file:
<bean id="GoogleAuthenticationHandler"
class="org.pac4j.oauth.client.Google2Client"
p:key="<MYKEY>"
p:secret="<MYSECRET>"
p:scope="EMAIL_AND_PROFILE" />
<bean id="clients"
class="org.pac4j.core.client.Clients">
<property name="callbackUrl" value="https://myapplication.com/cas" />
<property name="clients">
<list>
<ref bean="GoogleAuthenticationHandler" />
</list>
</property>
</bean>
And finally I have added the following line in casLoginView.jsp
Authenticate with Google <br />
The maven compilation worked fine and the war file deployed successfully on my tomcat server.
The problem is that the href to Google in my CAS login web page does not contain the correct OAuth url but the same redirect url I have defined for my client under console.developers.google.com.
As second attempt I tried to substitute ${Google2ClientUrl} with the OAuth url:
<a href="https://accounts.google.com/o/oauth2/auth?redirect_uri=https://myapplication.com/cas&response_type=code&client_i
d=<MY CLIENT ID>&scope=https://www.googleapis.com/auth/analytics.re
adonly+https://www.googleapis.com/auth/userinfo.email&approval_prompt=force&access_type=offline">Authenticate with Google</a> <br />
In this case the Google login page shows up and it accepts user authentication, but it seems that CAS does not recognize a successfully user authentication by Google (i.e. it does not show the normal page containing the authentication success message).
Did I miss something?
Thanks a lot for your help!

I managed to solve the problem by installing a newer version of CAS (5.3.6). Here the Google authenticator configuration is much easier. Actually only two steps are needed :
1) add pac4j dependency in the pom.xml file
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-pac4j-webflow</artifactId>
<version>${cas.version}</version>
</dependency>
2) add the Google authenticator parameter in the cas.properties file:
cas.authn.pac4j.google.id=<MY_CLIENT_ID>
cas.authn.pac4j.google.secret=<MY_SECRET>
cas.authn.pac4j.google.clientName=<MY_CLIENT_NAME>
cas.authn.pac4j.google.autoRedirect=false
cas.authn.pac4j.google.principalAttributeId=
cas.authn.pac4j.google.scope=EMAIL_AND_PROFILE
Once this is done a link to Google authentication shows up in the CAS login page automatically.

Azure Web App redirects to localhost URL when testing on web; redirects to web URL when testing locally

I am attempting to have seamless movement between locally testing and cloud testing of my Azure Web App. The following is a snippet from my Web.Config file.
<appSettings>
<add key="ida:ClientId" value="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" />
... more items ...
</appSettings>
The value of ClientId corresponds to the value of an "App Registrations" object within my Azure Active Directory instance. When I click on that object and navigate to Settings --> Reply URLs, the entry is https://localhost:xxxxx/.
My problem is: When I publish the Azure Web App to the cloud, I am redirected to the above localhost URL. However, if I add another Reply URL entry of https://mywebappname.mydomain.com, then when I attempt to test locally, I am redirected to the web URL instead of the localhost URL.
I would like a method of seamless local and cloud testing: When testing locally and on the cloud, I would like to be redirected to the correct URL. What configurations am I missing in order to accomplish this?
---- UPDATE ----
Also when I right click on the Web Application project in Visual Studio 2017 and then click Properties, I am taken to this screen. Here are some additional properties I have set, which redirect to https://localhost:xxxxx/. Do I need to change this? And if so, how can I have both redirect URLs within the project's properties?

I ended up solving this problem by using the Web.config Transformation Syntax (see Stephen Muecke's link in the comments on the original post).
In the same directory as the Web.config, I added a Web.Release.config. Now, if in Visual Studio I select "Release" build, then the Web.Release.config transform config file will be used to replace the Web.config file's "ida:RedirectUri" key with the value in the transform config file.
Here is the Web.Release.config
<?xml version="1.0"?>
<!-- For more information on using Web.config transformation visit https://go.microsoft.com/fwlink/?LinkId=301874 -->
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<appSettings>
<add key="ida:RedirectUri" value="https://<mywebappname>.<mywebappdomain>.com/" xdt:Transform="Replace" />
</appSettings>
</configuration>
And here a snippet from the very large Web.config
<?xml version="1.0"?>
<!-- For more information on using Web.config transformation visit https://go.microsoft.com/fwlink/?LinkId=301874 -->
...
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
...
<appSettings>
<add key="ida:RedirectUri" value="https://localhost:xxxxx/" xdt:Transform="Replace" />
...
</appSettings>
...
</configuration>
That way, redirecting to localhost is the default.

log4net not working using log4net appender azure in MVC applcation

same log4net appender azure nuget code working fine for console app,
but not working in MVC application.
I'm using this nuget log4net.Appender.Azure 1.1.1
already added log4net.Config.XmlConfigurator.Configure();
in Global.asax
web.config
<log4net>
<!-- Azure Table Appender, uncomment, set proper QueueName and AWS credentials (appSettings) to try it out -->
<appender name="AzureAppender1" type="log4net.Appender.AzureTableAppender, log4net.Appender.Azure">
<param name="TableName" value="test" />
<param name="ConnectionString" value="***" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date [%thread] %-5level %logger [%property{NDC}] - %message%newline" />
</layout>
</appender>
Can anyone know why it is not working ?

I am not sure - but I would be a little careful about using Tables for large scale logging scenarios. Take a look at the logging anti-pattern in this Table Design Guide. It can often lead to hot partitions - and often times the scenario is much better supported using Blobs.

Here we go I found that it is problem od log4net dll version.
in nuget log4net appender azure version of log4net dll is 1.2.12 it is the older one. need should be updated to newer version 1.2.13
that solves the above issue.

Connect orbeon 3.8 to external exist database v. 1.4.1

I am trying to connect Orbeon Forms to external exist database. So I added parameter
<property as="xs:anyURI"
name="oxf.fr.persistence.service.exist.uri"
value="http://orbeon:secret#localhost:8080/exist/rest/db/orbeon/fr"/>
to properties-local.xml as written here http://wiki.orbeon.com/forms/doc/developer-guide/exist-configuration#TOC-Configuring-Form-Runner but that doesn't work, orbeon still trying to connect to embeded exist DB, and says that DB is already locked by some another DB instance (it's external exist instance). I was trying to change web.xml to turn off all embeded exist servlets, but still no result.
What am I doing wrong?
May be there another configurations need to be changed?
Thanks, for any reply.

With 3.8, Orbeon Forms was using eXist to store some internal XForms state (in addition to being the default Form Runner persistence). This use of eXist has since been removed in 3.9 and newer. This probably explains why Orbeon Forms stills tries to connect to your local eXist database.
With 3.8, the following properties configure access to eXist for XForms state handling:
<property as="xs:string" name="oxf.xforms.store.application.username" value="guest"/>
<property as="xs:string" name="oxf.xforms.store.application.password" value="guest"/>
<property as="xs:anyURI" name="oxf.xforms.store.application.uri" value="xmldb:exist:///"/>
<property as="xs:string" name="oxf.xforms.store.application.collection" value="/db/orbeon/xforms/cache/"/
By updating those, you should be able to point to your external eXist and completely remove the use of the internal eXist.

Thanks for all your replies.
The problem was that I configured the same directory storage for the external exist, as for the embeded one. So when orbeon was starting the embeded DB had no opportunity to connect to already occupied files.
So after I reconfigured exist-conf.xml in orbeon/WEB-INF, orbeon managed to start and connect to external DB.

File Uploading Spring Webflow 2.3 and Security

Has anyone had an issue with doing file uploads using Spring Webflow 2.3 and Spring Security? Anytime I have a JSP page with the enctype="multipart/form-data" it all goes up in flames. I have added this:
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- one of the properties available; the maximum file size in bytes -->
<property name="maxUploadSize" value="100000"/>
</bean>
into the Spring config as well as having the commons-fileupload JAR available to the application

Increase the maxUploadSize as value="1048576", strangely it doesn't throw any exception.