Hi Ray, Thanks for getting back to me! The redirect comment was exactly what I needed.
I ended up adding the following to the cas properties which handles that automatic redirect: cas.authn.pac4j.saml[0].autoRedirect=true P.S.: It's still not done - but I'm trying to document my whole journey in getting CAS 6 (with Duo, Delegated Auth, and using Ansible to deploy/maintain CAS and Tomcat). It's inspired by what David Curry did for his CAS 5 guide plus the Ansible stuff I've done in CAS the past couple years. https://paulchauvet.github.io/deploying-cas/ When it's complete (still need to do a couple more things - mostly on theming) I'll announce it to the list formally. Hopefully someone else can benefit from where I've stumbled 🙂 Paul Chauvet, CISSP Information Security Officer State University of New York at New Paltz [email protected] [cid:96aa6b79-aa8f-4c1f-8d0b-9875c0970b48] ________________________________ From: [email protected] <[email protected]> on behalf of Ray Bon <[email protected]> Sent: Wednesday, April 28, 2021 5:27 PM To: [email protected] <[email protected]> Subject: Re: [cas-user] Hide CAS login box (and only use external identity providers) CAUTION: Message from a non-New Paltz email server. Treat message, links, and attachments with extra caution. Paul, If a service is defined as using delegated auth, the redirect will happen automatically. The login page may be visible during the redirect. See, https://apereo.github.io/cas/6.3.x/integration/Delegate-Authentication.html#user-interface I have not tested with only delegated auth, so I do not know if you have to set delegated auth for each service. Ray On Wed, 2021-04-28 at 20:17 +0000, Paul Chauvet wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi all, Is there a way (without making UI/theme changes) to completely hide the login box in CAS 6.3? We're going to be delegating authentication to Azure via SAML - but I'd prefer to hide the regular login box completely and just want to leave the button under "External Identity Providers" there. Apologies if I missed something obvious - and thanks all for any advice you can share. Paul Chauvet, CISSP Information Security Officer State University of New York at New Paltz [email protected] [cid:[email protected]] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d30df82f42cedf2e0e7b0e23179fe84be6204252.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/d30df82f42cedf2e0e7b0e23179fe84be6204252.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/MN2PR20MB30051BC684711ADAB83D095AA75F9%40MN2PR20MB3005.namprd20.prod.outlook.com.
