I am trying to change our login CAS page but I am sure of confused. Any help is appreciated.
https://cas.newarka.edu:8443/cas/login?service=https%3A%2F%2Fnewarka.instruc ture.com%2Flogin%2Fcas Marquis Director of Information Technology _______________________________________ Newark Academy 91 South Orange Ave - Livingston, NJ 07039 Office 973.992.7000 x350 -- Cell 518.209.6512 [email protected] www.newarka.edu From: Jérôme LELEU <[email protected]> Reply-To: <[email protected]> Date: Tuesday, August 27, 2013 2:56 AM To: <[email protected]> Subject: Re: [cas-user] Re-authentication for higher security pages Hi, The CAS server behaves according to what is defined in its webflow : https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/ja sig/cas/web/flow/InitialFlowSetupAction.java. In this case, we'd like to have a login page not displaying the "username" filed is the user is already authenticated (just the password field). You need two changes : - in the webflow, before displaying the login page, add a new expression (around line 128) to evaluate if the user is already authenticated and his username (be aware that the TGT id is in the webflow : https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/ja sig/cas/web/flow/InitialFlowSetupAction.java, so you would need to query the tickets registry with that) - in the login page, add the appropriate logic : https://github.com/Jasig/cas/blob/3.5.x/cas-server-webapp/src/main/webapp/WE B-INF/view/jsp/default/ui/casLoginView.jsp. Best regards, Jérôme 2013/8/22 <[email protected]> > Renew does sound like it should renew an existing identity. > Im afraid im a bit of a newbie when it comes to customising cas. Do you have > any pointers for where to start ? Any wiki articles ? Or do I need to start > trawling source code ? Regardless, thank you very much for your help. > > > On Thursday, August 22, 2013 9:32:03 AM UTC+1, Jérôme LELEU wrote: >> Hi, >> >> There were several discussions about the renew parameter, especially when we >> wrote the LOA specifications. >> I'm in favor of blocking new identity when using the renew parameter : it >> should only be possible to check the password. >> But we didn't reach any clear agreement on this, so I guess it will stay a >> customization for now. >> Best regards, >> Jérôme >> >> >> >> >> 2013/8/22 <[email protected]> >>> That sounds like exactly what I want, I was hoping there was a native >>> mechanism to support that and initially wondered if renew was it but I guess >>> not. >>> >>> On Thursday, August 22, 2013 7:26:15 AM UTC+1, Jérôme LELEU wrote: >>>> Hi, >>>> >>>> What would be the expected behaviour when the user is already authenticated >>>> and requested to login again ? >>>> Do you want the login page to have the username already fixed by the >>>> previous authentication and only the password can be edited ? Because I'm >>>> pretty sure that this can be easily achieved with a customization. >>>> Best regards, >>>> Jérôme >>>> >>>> >>>> >>>> >>>> 2013/8/21 <[email protected]> >>>>> Thank you very much for the responses. I suspect I didn't explain myself >>>>> very well. The idea is that the user logs onto the web application with a >>>>> username and password through cas. They are then free to use the system. >>>>> If they attempt to click the "edit my profile" link they are then asked to >>>>> provide their password again before they can see that screen - to mitigate >>>>> against a user leaving their browser logged in, walking away and someone >>>>> sitting down and changing their details. Similar to the way Amazon deals >>>>> with editing a profile. >>>>> >>>>> I have tried to redirect to login with renew=true when the profile page is >>>>> requested and indeed authentication is requested but at that point any >>>>> valid account seems to work as it is requesting fresh credentials. I am >>>>> really only after them entering the password for the logged in account at >>>>> that point. >>>>> >>>>> Any ideas ? >>>>> >>>>> Thanks for any help. >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>> -- >>> You are currently subscribed to [email protected] as: [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> <http://www.ja-sig.org/wiki/display/JSG/cas-user> > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
