If it fits your use case it's perfect. In our case we want Spnego for all internal accesses so CAS needs to stop and does not offer login/password if Spnego fails.
Regards. Le 14/02/2017 à 15:22, Felix Schumacher a écrit : > Am 13.02.2017 18:45, schrieb 'Philippe MARASSE' via CAS Community: >> Fine, my last attempt was with 5.1-SNAP but it worked with 5.0 also. >> >> I had to overload : >> - SpengoWebflowConfigurer (add new end state views) >> - SpengoWebflowConfig >> - SpnegoNegociateCredentialsAction to modify default behavior >> >> create/ overload html templates for views : >> - casSpnegoNegotiateView.html (first 401 view) >> - casSpnegoAuthenticationFailureView.html (auth failure view) >> - casSpnegoErrorView.html (all other errors view) > > Thanks for your info, but I found an easier way. > > Put > > cas.authn.spnego.mixedModeAuthentication=true > > into your cas.properties. > > That way the first page will have the login page as the body, even > when the browser is spnego capable > (or what cas thinks are spnego capable browsers) and the browser did > not send an authenticate header. > > No special overloading of classes or webflows :) > > Regards, > Felix > >> >> Regards. >> >> >> Le 13/02/2017 à 18:07, Felix Schumacher a écrit : >>> >>> Am 13. Februar 2017 17:28:44 MEZ schrieb 'Philippe MARASSE' via CAS >>> Community <[email protected]>: >>>> Hello, >>>> >>>> We have the same problem here, which version of CAS do you use ? >>> I believe it is 5.0.2. >>> >>> I would have to check tomorrow at work. >>> >>> Felix >>> >>>> Regards. >>>> >>>> Le 13/02/2017 à 16:13, Felix Schumacher a écrit : >>>>> Hi all, >>>>> >>>>> I have configured a simple webapp overlay with ldap and spnego >>>> enabled. >>>>> When I try to login with a SPNEGO enabled browser (that has no valid >>>>> ticket for the configured domain), I get two 401 pages. >>>>> The first 401 page is empty except for the header, that is telling >>>> the >>>>> browser to try SPNEGO for authentication. >>>>> The second 401 page has the login page as content together with the >>>>> header, that tells the browser to try SPNEGO. >>>>> >>>>> The user can login via ldap and everything is fine. >>>>> >>>>> Now consider the case where we have a browser, that is not SPNEGO >>>>> enabled. The browser gets the first (empty) 401 page and finds, that >>>>> it has no valid authentication scheme to try. The user is therefore >>>>> greeted with an empty page. >>>>> >>>>> Is this a bug, or do I have to specify anything to get the first 401 >>>>> page have the login page included? >>>>> >>>>> Regards, >>>>> Felix >>>>> >> >> -- >> Philippe MARASSE >> >> Responsable pôle Infrastructures - DSIO >> Centre Hospitalier Henri Laborit >> CS 10587 - 370 avenue Jacques Cœur >> 86021 Poitiers Cedex >> Tel : 05.49.44.57.19 > -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/25df45be-180d-b42a-9266-79498a05e8ad%40ch-poitiers.fr.
smime.p7s
Description: Signature cryptographique S/MIME
