Ravi, Shouldn't you change Id="realSubmit" action :<transition on="error" to="generateLoginTicket" /> to <transition on="error" to="terminateSession" /> as Marvin suggested? Best regards, Augustyn
On 25 November 2014 at 06:27, Ravikumar S <[email protected]> wrote: > Yes, I have modified the login flow. But I just redirect to the respected > pages and jsp's have just a href link bring the user back to the login page. > > Below is the configuration done in 3.5.X. > > <on-start> > <evaluate expression="initialFlowSetupAction" /> > </on-start> > > <action-state id="ticketGrantingTicketCheck"> > <evaluate > expression="ticketGrantingTicketCheckAction.checkValidity(flowRequestContext)"/> > <transition on="notExists" to="gatewayRequestCheck"/> > <transition on="invalid" to="terminateSession"/> > <transition on="valid" to="hasServiceCheck"/> > </action-state> > > <action-state id="terminateSession"> > <evaluate > expression="terminateSessionAction.terminate(flowRequestContext)"/> > <transition to="generateLoginTicket"/> > </action-state> > > > <action-state id="realSubmit"> > <evaluate > expression="authenticationViaFormAction.submit(flowRequestContext, > flowScope.credentials, messageContext)" /> > <transition on="success" to="sendTicketGrantingTicket" /> > <transition on="error" to="generateLoginTicket" /> > <transition on="accountLocked" to="casAccountLockedView" /> > </action-state> > > <end-state id="casAccountLockedView" view="casAccountLockedView" /> > > > Kindly provide your feedback. Attached is the login-webflow.xml for your > reference. > > On Mon, Nov 24, 2014 at 8:38 PM, Marvin Addison <[email protected]> > wrote: >>> >>> I have added the web flow actions which was mentioned earlier for the >>> 3.5.x(TerminateSessionAction.java --> public Event terminate(final >>> RequestContext context) . >> >> >> That alone is not sufficient. You need a decision state prior that >> transitions to the action on invalid ticket. >> >>> >>> We have a account locked screen, which would be displayed when user >>> enters wrong password for certain number of attempts. >> >> >> That suggests you have modified the login flow from what we ship. I >> suggest that you examine your custom flow to ensure that you do two things >> near the start of the flow: >> >> 1. Check for expired TGT (e.g. TicketGrantingTicketCheckAction) >> 2. Remove the CASTGC cookie on expired ticket (e.g. >> TerminateSessionAction) >> >> M >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
