cas+spring security issue

**userio** · Oct 8th, 2012, 10:34 AM

can u provide a sample of link with usage of "service" ?

**jleleu** · Oct 9th, 2012, 02:27 AM

Sure :

Code:

https://mycasserver/cas/logout?service=http://myfinalwebsite/

**userio** · Oct 9th, 2012, 04:48 AM

Jérôme, I've added such string in my spring security config, but CAS behaves as usual(goes to CAS logout).
and in my CAS server I didn't find any followServiceRedirects property. where it is?
ps. I'm using CAS 3.4.10 (IDE is Eclipse, Servlet container is Tomcat)

**userio** · Oct 9th, 2012, 07:47 AM

already fixed. in my cas-servlet I've added to logoutController bean

p:followServiceRedirects="${cas.logout.followServi ceRedirects:true}"

and now it works fine.
thanks for your help, attention and time.

**userio** · Oct 9th, 2012, 08:18 AM

Jérôme,
and how can I implement such thing:
I want to login at my app(I mean the login page will be from my app), somehow (via magic

) credentials are sent to CAS Server, thus I don't need to see the CAS login page, but the authentications goes through the CAS. Are there any ways ?

**jleleu** · Oct 9th, 2012, 09:44 AM

Hi,

It looks like a strange need to me : if you want to use CAS, it's because you want to benefit from SSO. Why do you want in this case to authenticate in your web application ?
Nonetheless, you can authenticate under certain conditions without displaying a login page on the CAS server.
Can you tell me more about your need ? Maybe it would be better to open a new thread for this new topic...
Best regards,
Jérôme

**userio** · Oct 9th, 2012, 10:06 AM

yeah, it's rather a specific need.
The steps are next:
1. user clicks login link.
2. he goes to my login page(not to CAS as it is now)
3. after logging in, the credentials are somehow sent from my app to CAS server
4. logout works perfect for now
regards.

**jleleu** · Oct 9th, 2012, 01:20 PM

Hi,

The navigation is pretty clear. Though, I don't understand why you don't check these login / password in the CAS server instead of in the application.
But you can do that by using some token mechanism : in your application, you could associate a login to a token (one use, short lifetime), send this token to the CAS server (/cas/login?token=xxx) which would have an authentication handler which call the original application to check to token (IP filtering, login / password for CAS server), obtain the login and authenticate the user with the login.
Best regards,
Jérôme

**userio** · Oct 10th, 2012, 04:57 AM

Hi, Jérôme!
I found one solution here. But I think, it's incorrect to change many CAS server settings.
I'd like to know more about your idea. As I understand, user can be authenticated in a such way:
1. he goes to myApp login page
2. he enters the crentials
3. in case of correct authentication, myApp sends to CAS request(is it java server side or I can send it via javascript or via ajax or somehow in config?) to such URL: "https://localhost:9543/cas/login?token=xxx" and authenticates in CAS.
I'd like to ask few questions about the 3rd step:
1. if CAS accepts ajax, what should be headers/data format/etc.?
2. can u provide an example of token?(for example, https://localhost:9543/cas/login?tok...min&pass:admin)

**jleleu** · Oct 10th, 2012, 08:55 AM

Hi,

I didn't know about the solution you mentioned.
It would be better to ask this CAS specific question on the CAS user mailing list : https://lists.wisc.edu/read/?forum=cas-user.
About my solution, it has nothing to do with AJAX : the check request is a call between CAS server and application, token can be generated of any form : with specific library, hash of (timestamp + login + password)...
Best regards,
Jérôme

Thread: cas+spring security issue

Thread Tools

Display

Tags for this Thread

Posting Permissions