Folks,
Me again...sorry...still trying yet another way to do what I need
done...le sigh...
Anyhow all these variations now lead me to this new question, hopefully
as I learn more about CAS my questions become more clear.
So I have my Web Application that is using Spring Security and CAS. I
need this application to support multiple dynamic contexts where each
context represents a Service definition in CAS which in turn has varying
authentication parameters for it.
So for example if someone enters on:
https://myapp.com?profile=xxxx versus https://myapp.com?profile=yyyy
Then the application will redirect to CAS which will match a service
pattern for ?profile=xxxx or ?profile=yyyyy which in turn allows me to
specify a specific authentication configuration for profile xxxx to be,
for example, LDAP, or yyyy to be RADIUS etc. Note, these are different
authentication providers not decisions for multi-factor, so as far as I
can tell I cannot use any of the mfa-auth triggering.
However when I write my Java Spring CAS Web client I must specify the
serviceURL in the ServiceProperties Bean. As such anything I GET to the
web application is supplanted by the serviceURL as it's redirected to
CAS and hence I loose pattern match to different profiles at the CAS
authentication.
@Bean
public ServiceProperties serviceProperties() {
ServiceProperties serviceProperties = new ServiceProperties();
serviceProperties.setService("https://myapp.com");
serviceProperties.setSendRenew(false);
return serviceProperties;
}
Documentation around the service parameter in other places like
mod_auth_cas etc, implies that so long as things are properly escaped in
the URL's that they will survive the CAS redirect.
But in the Java client examples the serviceURL is in a Bean and is hard
coded and hence all the parameter are dropped as the user is taken over
to the CAS login screens.
Is there a way via the Java API to take the request.queryString()
contents and get that appended to the serviceURL so that when redirected
to CAS that the parameters are preserved...i.e.
https://cas/cas/login?service=https://myapp.com?profile=xxx.
Thanks
Colin Ryan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/65664b69-5629-c7b5-f271-58ea62a1fedd%40caveo.ca.