Ray et al.
Just some closure. Indeed was application error. Mismatch between the
URL of the CASAuthenticationFilter and serviceProperties
Thanks
Have a Safe Holiday everyone.
Colin
On 12/18/20 5:30 PM, Colin Ryan wrote:
The login link is A/desktop which matches and the serviceProperties
definition is A/desktop/auth
On 12/18/20 4:27 PM, Ray Bon wrote:
Colin,
This looks to be an application config issue and not related to cas
[server or client].
Is the "Login" link to A/desktop, or is it something else like
domain/cas/login?service=A/desktop?
Ray
On Fri, 2020-12-18 at 16:03 -0500, Colin Ryan wrote:
Notice: This message was sent from outside the University of
Victoria email system. Please be cautious with links and sensitive
information.
Folks,
So in the initial iteration of my project I had my spring security
application working as it should w.r.t. to the common
design/functional patterns for Spring Security and CAS.
Let's call this Application A)
My http security definition was as follows.
http
.addFilter(casAuthenticationFilter(serviceProperties))
.authorizeRequests()
.regexMatchers("/desktop.*")
.authenticated()
.and()
.authorizeRequests()
.regexMatchers("/")
.permitAll()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.logout().logoutSuccessUrl("/logout")
.and()
.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
.addFilterBefore(logoutFilter, LogoutFilter.class);
With this I would be able to go to my application, it would direct
me to the / context and a "Login" link to href=/desktop on this
unauthenticated root page would trigger a redirect over to CAS for
authentication then return to the /desktop page, full access
to session and user attribute data etc etc. All happy.
Now I'm working on SSO'ing into this application from another URL on
a different server (same domain).
With this I go to Application B, end up authenticating to CAS all
find and dandy.
Then when I go to Application A directly to the /desktop URL it
turns around and takes me to the / of the application (as I'd kind
of expect but don't want). Now if I hit the Login link it in fact
does NOT take me back to CAS but SSO's me in and I can see the users
attributes as I'd expect from the user I authenticated to in
Application B. So it's essentially working.
But I'd like to do is be able to "skip" the entry point so to speak
so I can drop directly from authentication on Application B over to
the /desktop URL of Application A without having to get directed to
the root context and hit the Link to /desktop.
Or put another way, I have no need to have Application A actually
redirect over to CAS, I just need it to not be anonymous and accept
the SSO from CAS.
Not sure If this makes any sense.
Thanks.
Colin
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected] <mailto:[email protected]>
I respectfully acknowledge that my place of work is located within
the ancestral, traditional and unceded territory of the Songhees,
Esquimalt and WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d3cc1cb401c22cfabe887e332c4623dc398b9ff5.camel%40uvic.ca
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/d3cc1cb401c22cfabe887e332c4623dc398b9ff5.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9e27895c-d8a8-a382-5150-f6cf99598d89%40caveo.ca
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/9e27895c-d8a8-a382-5150-f6cf99598d89%40caveo.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/019aaeaa-eb81-3100-12b7-fa7e13c184eb%40caveo.ca.
