Dec 7th, 2011, 11:55 PM
Auto login with CAS
I've successfully gotten Spring Security and CAS integrated into my platform. However, when a new user signs up for an account, they have to go to the login page and re-enter their username and password for CAS authentication. Is there a way to auto authenticate with the CAS server after someone has signed up?
Dec 8th, 2011, 11:16 AM
Is the signup form located on the CAS Server or is it located on the Service? Do you want them to be authenticated to the Service or the Server?
Dec 8th, 2011, 11:21 AM
The sign up form is located on the service. I have a main app that users go to for sign up and once they have signed up I would like it to bring them right to their home page without having to go through the CAS login page. I would need them authenticated to the CAS server so they can immediately access any of the services that use CAS for authentication. When the user signs up under my service, their information is saved in the database that CAS uses for authentication. I just need to silently authenticate them with CAS.
Dec 8th, 2011, 01:16 PM
To be honest if you need to authenticate to the CAS Server from another application I am at a bit of a loss as to a simple/secure way of going about this. If you just wanted to authenticate to the specific application that would be a bit easier. Or if the signup form was on the CAS Server it would be easier.
The problem is that a cookie (the TGT cookie) needs to be written to a scope which is not accessible by the signup application. If you modifed the CAS server to allow auto submission of username/password you would be opening CSRF issues.
Off the top of my head the only way I see to do this is to allow the CAS Server to SSO to the signup application which would be a bit tricky. The easiest and IMHO the proper way to do this is to put the signup logic into the CAS server. The CAS documentation shows how to customize the war using maven overlays which would be a good place to start.
Dec 8th, 2011, 02:46 PM
Thanks Rob! That's was really helpful. It sounds like the best thing to do is move my sign up form onto the CAS server by adding some custom stuff to the spring webflow they use there. I guess this is a good excuse to learn Spring WebFlow.
Tags for this Thread