Automatic creation of accounts

Owned by Henryk Rybinski
Jan 02, 2024
2 min read

Attributes passed by CAS can be used to automatically recognize the person who logs in and create an account for him/her. The parameters casLoginAttributes and casLoginField set in the standalone.xml file serve this purpose.

casLoginAttributes indicates those attributes passed by CAS to be used to find a person in OMEGA. It can be omitted if only one main value is used.

casLoginField indicates the author record fields through which the system attempts to match an authenticated user with a person in omeda.

For values like the following:

<simple name="java:/omega-psir/casLoginAttributes" value="uid;mail"/>

<simple name="java:/omega-psir/casLoginField" value="authorprofile/pesel;email"/>

upon logging in, OMEGA will check

  1. if there is an author with a UserID as the uid value passed from CAS, and if no such person is found,

  2. if there is an author with an email the same as the email value passed from CAS.

If an author is found, an associated account with selfedition and selfimport permissions will be created. The list of granted permissions can be changed by setting the casLoginRoles parameter.

casLoginRoles  - indicates semicolon-separated roles to be given to the user set up with the above mechanism. If this parameter is not specified, the user will get selfedition and selfimport roles.

In addition, it is possible to specify additional parameters that control the matching process:

casLoginTransform specifies the function to transform the value passed by CAS before matching. E.g., if CAS passes a username such as email (to @), and we want to match implicitly by email, then casLoginTransform should be filled in as follows.

<simple name="java:/omega-psir/casLoginTransform" value="#{login}.concat('@pw.edu.pl')"/>

casLoginToUser specifies the username that will be created in omeda when you log in. If it is empty, the username will be the one in CAS.

 

In the list of toggles (feature toggles) there are more toggles related to the automatic creation of users based on CAS:

cas.alwaysCreateUserAccount - enabling the switch will create an account in omega for any user who successfully passes authentication in CAS, even if omega does not recognize that person based on the attributes passed. The established user will not be associated with any author appearing in Omega and will have the default roles (selfedition and selfimport) or those set in the casLoginRoles parameter  

cas.loginTransformation - enabling the switch causes the login passed by CAS to undergo simple transformations defined in the parameters of this switch before being passed to omega. The available parameters are:

lowercase - login is converted to lowercase characters

onlyAlphanumeric - login is stripped of non-letter characters

trimTo - the login is truncated to the specified number of characters

The cas.loginTransformation switch is the easier-to-use (but less powerful) equivalent of the casLoginTransform  parameter;