Skip to content

Casa accounts linking plugin design notes

Jump to bottom
Jose Gonzalez edited this page Mar 7, 2024 · 1 revision

The accounts linking solution for Casa consists of:

a) The Agama inbound identity project

b) The Casa accounts linking Agama project

c) A Jans Casa plugin

d) A jython script and a custom page

In conjunction the four components above emulate the solution available in Gluu CE. Currently a, b, and d are complete; only a is available in Github

a contains severals flows that back most of functionality

b has a single flow which is a customization of a's main flow. The custom flow is aligned with how foreign identities are stored in Jans (jansExtUid attribute), it links the foreign account to the currently logged in user (in Casa)

c mimics the existing Gluu Casa plugin: a list of identity providers is shown with buttons to link/remove. For the linking functionality, the flow in b is launched (properly parameterized), which in turn reuses a 's flows. The list of displayed providers depends on how b's flow was configured - this is retrieved via config-api. Upon completion the browser is redirected to a Casa plugin page that shows the result of the operation

d is a customization of the standard Casa authn script and login page to be able to show the list of available providers. b's flow is launched from the custom page

Deployment of the solution is approx. as follows:

  • Deploy projects a and b
  • Configure the identity providers for b
  • If necessary, code and supply attribute mappings (jar file)
  • Deploy plugin c
  • Add a new redirect uri to Casa client (the page that shows the summary of the linking operation)
  • Upload d

Notes:

  • a provides a "generic" flow capable of interfacing with common OpenId/OAuth providers. A flow compatible with Apple is provided too
  • At configuration time (project b), every provider to support is mapped to one of such "interfacing" flows. If none of those flows can cope with the given provider, administrators will have to write their own flow
  • b provides a quick-start configuration template for Google, Github, and Facebook, as well as sample attribute mappings for those providers

b's flow configuration looks more or less like:

{

"github": {
  "flowQname": "io.jans.inbound.GenericProvider",
  "displayName": "Github",
  "logoImg": "github.jpg"
  "mappingClassField": "io.jans.inbound.Mappings.GITHUB",
  "oauthParams": { ... }
},

"google": {
  "flowQname": "io.jans.inbound.GenericProvider",
  "displayName": "Google",
  "mappingClassField": "io.jans.inbound.Mappings.GOOGLE"
  "enabled": false,
  "skipProfileUpdate": true,
  "oauthParams": { ... },
  "openIdParams": { ... }
},

...

}
Clone this wiki locally