Hi,
Right now I have successfully configure CAS with SPNEGO and X509. The
authentication order is first SPNEGO and then x509 but I would like to have
SPNEGO resolved before X509 is tried.
Has somebody changed login web flow in order to resolve SPNEGO, that
needs 2 request to the CAS Server, before X509 authentication occurs?
If not I'm planning to change login web flow introducing a decision state
in order to finish flow once negotiation is send to the client browser thus
not happening X509 auth till SPNEGO fails
I'm not very familiar with SWF my principal doubt is if i can check
response header
<action-state id="startAuthenticate">
<action bean="negociateSpnego" />
<transition on="success" to="spnego" />
</action-state>
<action-state id="spnego">
<action bean="spnego" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="startAuthenticatex509Check" />
</action-state>
*<-- If SPNEGO Negotiate found then finish flow so x509 do not occur else
proceed to x509 (SPNEGO failed)-->
<decision-state id="startAuthenticatex509Check">
<if
test="${externalContext.nativeResponse.containsHeader('WWW-Authenticate')}"
then="viewLoginForm" else="startAuthenticatex509"/>
</decision-state>*
<action-state id="startAuthenticatex509">
<action bean="x509Check" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="viewLoginForm" />
</action-state>
Can somebody tell me if it is the best way?
Thanks in advance.
--
Best Regards.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
