Colin,
This looks to be an application config issue and not related to cas [server or
client].
Is the "Login" link to A/desktop, or is it something else like
domain/cas/login?service=A/desktop?
Ray
On Fri, 2020-12-18 at 16:03 -0500, Colin Ryan wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Folks,
So in the initial iteration of my project I had my spring security application
working as it should w.r.t. to the common design/functional patterns for Spring
Security and CAS.
Let's call this Application A)
My http security definition was as follows.
http
.addFilter(casAuthenticationFilter(serviceProperties))
.authorizeRequests()
.regexMatchers("/desktop.*")
.authenticated()
.and()
.authorizeRequests()
.regexMatchers("/")
.permitAll()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.logout().logoutSuccessUrl("/logout")
.and()
.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
.addFilterBefore(logoutFilter, LogoutFilter.class);
With this I would be able to go to my application, it would direct me to the /
context and a "Login" link to href=/desktop on this unauthenticated root page
would trigger a redirect over to CAS for authentication then return to the
/desktop page, full access
to session and user attribute data etc etc. All happy.
Now I'm working on SSO'ing into this application from another URL on a
different server (same domain).
With this I go to Application B, end up authenticating to CAS all find and
dandy.
Then when I go to Application A directly to the /desktop URL it turns around
and takes me to the / of the application (as I'd kind of expect but don't
want). Now if I hit the Login link it in fact does NOT take me back to CAS but
SSO's me in and I can see the users attributes as I'd expect from the user I
authenticated to in Application B. So it's essentially working.
But I'd like to do is be able to "skip" the entry point so to speak so I can
drop directly from authentication on Application B over to the /desktop URL of
Application A without having to get directed to the root context and hit the
Link to /desktop.
Or put another way, I have no need to have Application A actually redirect over
to CAS, I just need it to not be anonymous and accept the SSO from CAS.
Not sure If this makes any sense.
Thanks.
Colin
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d3cc1cb401c22cfabe887e332c4623dc398b9ff5.camel%40uvic.ca.
