Ray et al.
Just some closure. Indeed was application error. Mismatch between the
URL of the CASAuthenticationFilter and serviceProperties
Thanks
Have a Safe Holiday everyone.
Colin
On 12/18/20 5:30 PM, Colin Ryan wrote:
The login link is A/desktop which matches and the serviceProperties
definition is A/desktop/auth
On 12/18/20 4:27 PM, Ray Bon wrote:
Colin,
This looks to be an application config issue and not related to cas
[server or client].
Is the "Login" link to A/desktop, or is it something else like
domain/cas/login?service=A/desktop?
Ray
On Fri, 2020-12-18 at 16:03 -0500, Colin Ryan wrote:
Notice: This message was sent from outside the University of
Victoria email system. Please be cautious with links and sensitive
information.
Folks,
So in the initial iteration of my project I had my spring security
application working as it should w.r.t. to the common
design/functional patterns for Spring Security and CAS.
Let's call this Application A)
My http security definition was as follows.
http
.addFilter(casAuthenticationFilter(serviceProperties))
.authorizeRequests()
.regexMatchers("/desktop.*")
.authenticated()
.and()
.authorizeRequests()
.regexMatchers("/")
.permitAll()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.logout().logoutSuccessUrl("/logout")
.and()
.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
.addFilterBefore(logoutFilter, LogoutFilter.class);
With this I would be able to go to my application, it would direct
me to the / context and a "Login" link to href=/desktop on this
unauthenticated root page would trigger a redirect over to CAS for
authentication then return to the /desktop page, full access
to session and user attribute data etc etc. All happy.
Now I'm working on SSO'ing into this application from another URL on
a different server (same domain).
With this I go to Application B, end up authenticating to CAS all
find and dandy.
Then when I go to Application A directly to the /desktop URL it
turns around and takes me to the / of the application (as I'd kind
of expect but don't want). Now if I hit the Login link it in fact
does NOT take me back to CAS but SSO's me in and I can see the users
attributes as I'd expect from the user I authenticated to in
Application B. So it's essentially working.
But I'd like to do is be able to "skip" the entry point so to speak
so I can drop directly from authentication on Application B over to
the /desktop URL of Application A without having to get directed to
the root context and hit the Link to /desktop.
Or put another way, I have no need to have Application A actually
redirect over to CAS, I just need it to not be anonymous and accept
the SSO from CAS.
Not sure If this makes any sense.
Thanks.
Colin
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca <mailto:r...@uvic.ca>
I respectfully acknowledge that my place of work is located within
the ancestral, traditional and unceded territory of the Songhees,
Esquimalt and WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d3cc1cb401c22cfabe887e332c4623dc398b9ff5.camel%40uvic.ca
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/d3cc1cb401c22cfabe887e332c4623dc398b9ff5.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9e27895c-d8a8-a382-5150-f6cf99598d89%40caveo.ca
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/9e27895c-d8a8-a382-5150-f6cf99598d89%40caveo.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/019aaeaa-eb81-3100-12b7-fa7e13c184eb%40caveo.ca.
