Highest Voted 'pac4j' Questions

7

votes

1 answer

OpenId Connect Identity Provider initiated backchannel logout not working

I'm working on a java Spring Boot project that manages users and sessions internally. It relies on OIDC, AWS Cognito being the Identity Provider, for sign-in and, I would hope, sign-out of the users. What I understand from the OIDC Spec for…

asked Mar 12 '19 at 10:52

Tobias Roland

1,182
1
13
35

4

votes

0 answers

Pac4j + Play framework hot class reloading issue

We are using Play framework (v2.8.16) with Pac4j (v10.0.2) as the security framework running on OpenJDK 12. Our application is a Java app and we are using Play's multi-module setup. In Play's development mode there is a hot code reloading feature…

java playframework sbt pac4j playframework-2.8

asked Jul 20 '23 at 17:12

jdo

71
5

2

votes

1 answer

Could not find net.shibboleth.tool:xmlsectool:2.0.0

Story: My Java is Gradle based project. Using pac4j dependency Here is my gradle configuration: compile ('org.pac4j:pac4j-saml:3.0.0-RC1'){ exclude group: 'com.google.guava', module: 'guava' exclude group: 'org.apache.santuario', module:…

java security gradle pac4j

asked Mar 11 '20 at 11:31

Dupinder Singh

7,175
6
37
61

2

votes

0 answers

play framework 2, make a custom sql based authenticator with pac4j

=== Update 20190327 === Thanks for the comments but the demo didn't help much. After digging into the source code I got a better understanding of the framework. What I need is A custom Client that extends the BasicClient so that a custom…

java playframework pac4j

asked Mar 13 '19 at 12:06

h--n

5,903
4
31
32

1

vote

1 answer

Disabling the session store with pac4j-saml?

I'm trying to disable the session store as I do not require it for my use case where we are the SP and the IdP sends the SAMLResponse identifying the subject which allows me to create a jwt for my user. I am using dropwizard-pac4j (if that matters)…

pac4j

asked Aug 04 '23 at 20:41

Mustafa Shabib

798
12
35

1

vote

1 answer

Use of @RolesAllowed and Pac4J

My application is currently protected by BASIC authentication configured by the web.xml descriptor. It contains a REST API with resources protected by the annotation @RolesAllowed. The users are stored in a simple SQL database which is used in a…

pac4j

asked May 16 '23 at 08:38

tlegrand

776
1
8
14

1

vote

1 answer

Malformed "Accept" header sent in requests to OIDC Provider

We use Pac4j v5.7.0 in Magnolia CMS for our SSO module. When requesting the configuration metadata of an OIDC Provider (a Content-type: application/json document), Magnolia sends the following Accept header: text/html, image/gif, image/jpeg, *;…

magnolia pac4j

asked Apr 06 '23 at 14:46

Rich

71
6

1

vote

1 answer

Getting ID Token for Logout

My project overrides the built-in OidcLogoutActionBuilder with a custom implementation. Specifically, we override the getLogoutAction method for getting a RedirectionAction. In the base method, the idToken JWT is retrieved in this line. It checks…

pac4j

asked Mar 09 '23 at 18:32

oblivion54

11
1

1

vote

2 answers

Keycloak Bad token response, error=not_allowed when user doesn't have the offline_access role

We have a JSF Application running on a tomcat 9 and we are using keycloak (v10.0.2) for login. Because keycloak deprecated their tomcat-adapter we would like to switch from the keycloak tomcat-adapter to pac4j. So I've created the following…

java tomcat keycloak openid-connect pac4j

asked Dec 14 '22 at 09:38

JavaMan

1,142
12
22

1

vote

0 answers

Pac4j OIDC logout does not allow Ajax call?

Hi I am using Pac4j to do login logout. It has this class called OidcLogoutActionBuilder, where inside it checks specifically if the request is an Ajax request (e.g. from SPA), it will reply with 403. I wonder why is it? Would it be just some…

javascript java ajax openid-connect pac4j

asked Aug 02 '22 at 04:41

user1589188

5,316
17
67
130

1

vote

0 answers

what is the usage of the SessionStore in the isAuthorized method in pac4j 5.3.1

I'm getting 403 forbidden error for the external requests. And found the authorization is failing from the isAuthorized method inside the CsrfAuthorizer.class which is derived from pac4j. And I compared the pack4j version 4.3.1, the isAuthorized…

java authorization java-17 pac4j wildfly-26

asked Jul 11 '22 at 12:02

Linidu Praneeth Gunathilaka

147
10

1

vote

2 answers

Play/Scala: use orElse to compose with ActionBuilder?

We use play-pac4j for our authentication in our play application. We would like to have the same route/controller endpoint but with a different behaviour dependending on the user Role. Conceptually, this would do something like: val ACTION_ONE:…

scala playframework pac4j

asked Oct 13 '21 at 16:49

JR Utily

1,792
1
23
38

1

vote

0 answers

What does renewSession do in pac4j?

I was wondering what the impact of setRenewSession(false). I can see it used in DefaultCallbackLogic and it is mentioned in the doc, but I cannot really understand what's the effect it has and in which use case I should set it.

pac4j

asked Aug 16 '21 at 10:40

stackoverflowed

686
8
22

1

vote

1 answer

Is there a way to use pac4j AnonymousClient as fallback with other direct clients?

I have an app using pac4j with a JWT client (i.e. a direct) and I would like to use AnonymousClient as fallback. How can I make sure AnonymousClient will be called AFTER JwtClient? Is DefaultSecurityLogic respecting the order the clients are…

pac4j

asked Jul 18 '21 at 14:31

stackoverflowed

686
8
22

1

vote

1 answer

How to use DbProfileService from PAC4J framework

I'm trying to implement security layer with PAC4J framework, using users from DB. PAC4J documentation recomends DbProfileService, but I don't know how to use it. Where to define it? In the ConfigFactory? final DirectBasicAuthClient…

pac4j

asked Feb 20 '20 at 06:22

carduque

188
1
14

Questions tagged [pac4j]