Re: [cas-user] Is it possible to integrate CAS with third party authentication?

Tue, 26 Jul 2011 07:45:58 -0700 

Hello,
I'm stuck with a problem - I can not access my custom form. When I request my form CAS returns login form. I added this to securityContext.xml: 


<sec:http entry-point-ref="casProcessingFilterEntryPoint" 
auto-config="true">

  <sec:intercept-url pattern="/mobileLogin" filters="none" />


Where /mobileLogin is a URL mapped to my custom controller. But this 
doesn't help. Is there any other place to tell CAS that this URL can be 
accessed without authentication?


regards,
Marius


On 2011.07.25 13:24, Jerome LELEU wrote:

Hello,

You're right : it's more difficult than I thought.
It's a kind of asynchronous authentication and the CAS is not designed for 
that, as far as I know.

I think you can create some controllers to do that without modifying / touching 
the web flow :
   - /cas/mobileForm : controller which displays the form (mobileForm.jsp) : an 
input for the mobile phone and a submit button to the /cas/mobileStartAuthent
   - /cas/mobileStartAuthent : controller which calls the external system to send the SMS 
to the user and displays the "authentication in progress" page 
(mobileAuthent.jsp); stores the mobile phone in session
   - mobileAuthent.jsp : this page displays a "waiting" gif and a message 
"Authentication in progress..." : every 5 seconds, it makes asynchronous calls (with 
jQuery for example) to /cas/mobileCheckAuthent to check if the authent has succeed; if the authent 
has been successfull, call /cas/mobileEndAuthent; else javascript timeout (after 2 minutes for 
example) to error page
   - /cas/mobileCheckAuthent : controller which asks your system if the user 
has respond to the SMS (get the mobile phone from session) and in this case, 
the user details : responds OK / KO in HTTP body; stores user details in session
   - /cas/mobileEndAuthent : controller which grants user identity from user 
details in session using CentralAuthenticationService bean and redirects to the 
service.

Outside the web flow, you could use the HTTP session to store the mobile phone 
and the user details. You should also put the service in session to be able to 
call it at the end of the authentication.

Hope it helps.
Jerome




--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user






















					Reply via email to