Re: [cas-user] Mandatory entry point before authentication

Wed, 17 Apr 2019 12:39:37 -0700 

Hi,
I'm not sure it helps in your case, but we had a similar issue with some applications: 
- the application creates a session and store information before going to CAS
- the application redirects to CAS which asks password
- CAS redirects to the application
- the user clicks on "back" button
- CAS session is valid, so it goes back to the application again. In some cases, the application is not happy to receive an expected ticket [*]. And even if it works, the user wonders why "back" did not work 

The solution we used:


- on CAS form asking for login&password, we added  
onsubmit="ignore_on_history_back()"


   function ignore_on_history_back() {
      // on back, do not autolog nor prompt, go back to the app

      try { window.history.replaceState({}, null,  
location.href.replace('/cas/login',  
'/cas/authentification-en-cours.html')) } catch (e) {}

   }

- we added a static page authentification-en-cours.html

  <script>
   var isForward = (history.state || {}).isForward;
   try {
     history.replaceState({ isForward: !isForward }, null, null);
   } catch (e) {}
   history.go(isForward ? 1 : -1);
  </script>

  Page temporaire d'authentification. Nous vous redirigeons vers la  
page précédente...


  (cf https://cas.univ-paris1.fr/cas/authentification-en-cours.html)


[*] we have this issue with shibboleth-idp that is configured to  
delegate to CAS


Julien Gribonvald <[email protected]> a écrit :


Hi,


Is there a simple way to force user to come from a service before to  
authenticate ?



I mean before accessing to some services (not all) a user should  
come from an entry point (a service on which he will be  
authenticated after, like a portal), if not he should be redirected  
to this entry point.



If not is it the a thing to define a service policy from the service  
management to do that ? Or are you seing a better way ?


Thanks,

--
Julien Gribonvald



--
Pascal Rigaux

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG

--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190417213915.Horde.oRKdexLMMXnxHD47I0NICSS%40courrier.univ-paris1.fr.






















					Reply via email to