Hi, The TGTID is in the webflow so you can access it using WebUtils. But the username is stored in the Authentication object of the TGT itself so you will access it by querying the TGT in the tickets registry : something like ticketRegistry.get(TGTID).getAuthentication().getPrincipal().getId(). Best regards, Jérôme
2013/9/5 <[email protected]> > Hi Jérôme, > > Thank you for your assistance (and apologies for the delay in my reply). > I have managed to add an action into the webflow after renewRequestCheck > and before viewLoginForm (note I'm using cas 3.3.1 if it matters). > I currently have injected into my new action, CentralAuthenticationService > and TicketRegistry and have access to the tgtid > using WebUtils.getTicketGrantingTicketId, but I cant see where to get the > username from. > Any pointers ? > > Thank you. > > On Tuesday, August 27, 2013 7:56:12 AM UTC+1, Jérôme LELEU wrote: >> >> Hi, >> >> The CAS server behaves according to what is defined in its webflow : >> https://github.com/Jasig/**cas/blob/3.5.x/cas-server-** >> core/src/main/java/org/jasig/**cas/web/flow/**InitialFlowSetupAction.java<https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/InitialFlowSetupAction.java> >> . >> >> In this case, we'd like to have a login page not displaying the >> "username" filed is the user is already authenticated (just the password >> field). >> >> You need two changes : >> - in the webflow, before displaying the login page, add a new expression >> (around line 128) to evaluate if the user is already authenticated and his >> username (be aware that the TGT id is in the webflow : >> https://github.com/Jasig/**cas/blob/3.5.x/cas-server-** >> core/src/main/java/org/jasig/**cas/web/flow/**InitialFlowSetupAction.java<https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/InitialFlowSetupAction.java>, >> so you would need to query the tickets registry with that) >> - in the login page, add the appropriate logic : >> https://github.com/Jasig/**cas/blob/3.5.x/cas-server-** >> webapp/src/main/webapp/WEB-**INF/view/jsp/default/ui/**casLoginView.jsp<https://github.com/Jasig/cas/blob/3.5.x/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casLoginView.jsp> >> . >> >> Best regards, >> Jérôme >> >> >> >> >> >> 2013/8/22 <[email protected]> >> >>> Renew does sound like it should renew an existing identity. >>> Im afraid im a bit of a newbie when it comes to customising cas. Do you >>> have any pointers for where to start ? Any wiki articles ? Or do I need to >>> start trawling source code ? Regardless, thank you very much for your help. >>> >>> >>> On Thursday, August 22, 2013 9:32:03 AM UTC+1, Jérôme LELEU wrote: >>>> >>>> Hi, >>>> >>>> There were several discussions about the renew parameter, especially >>>> when we wrote the LOA specifications. >>>> I'm in favor of blocking new identity when using the renew parameter : >>>> it should only be possible to check the password. >>>> But we didn't reach any clear agreement on this, so I guess it will >>>> stay a customization for now. >>>> Best regards, >>>> Jérôme >>>> >>>> >>>> >>>> >>>> 2013/8/22 <[email protected]> >>>> >>>>> That sounds like exactly what I want, I was hoping there was a native >>>>> mechanism to support that and initially wondered if renew was it but I >>>>> guess not. >>>>> >>>>> On Thursday, August 22, 2013 7:26:15 AM UTC+1, Jérôme LELEU wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> What would be the expected behaviour when the user is already >>>>>> authenticated and requested to login again ? >>>>>> Do you want the login page to have the username already fixed by the >>>>>> previous authentication and only the password can be edited ? Because I'm >>>>>> pretty sure that this can be easily achieved with a customization. >>>>>> Best regards, >>>>>> Jérôme >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> 2013/8/21 <[email protected]> >>>>>> >>>>>>> Thank you very much for the responses. I suspect I didn't explain >>>>>>> myself very well. The idea is that the user logs onto the web >>>>>>> application >>>>>>> with a username and password through cas. They are then free to use the >>>>>>> system. If they attempt to click the "edit my profile" link they are >>>>>>> then >>>>>>> asked to provide their password again before they can see that screen - >>>>>>> to >>>>>>> mitigate against a user leaving their browser logged in, walking away >>>>>>> and >>>>>>> someone sitting down and changing their details. Similar to the way >>>>>>> Amazon >>>>>>> deals with editing a profile. >>>>>>> >>>>>>> I have tried to redirect to login with renew=true when the profile >>>>>>> page is requested and indeed authentication is requested but at that >>>>>>> point >>>>>>> any valid account seems to work as it is requesting fresh credentials. >>>>>>> I am >>>>>>> really only after them entering the password for the logged in account >>>>>>> at >>>>>>> that point. >>>>>>> >>>>>>> Any ideas ? >>>>>>> >>>>>>> Thanks for any help. >>>>>>> -- >>>>>>> You are currently subscribed to [email protected] as: >>>>>>> [email protected] >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/**dis****play/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> >>>>>> >>>>>> >>>>>> -- >>>>>> You are currently subscribed to [email protected] as: >>>>>> jasig-cas-user...@**googlegroups****.com >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/**dis****play/JSG/cas-user >>>>>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>>>>> >>>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/**dis**play/JSG/cas-user >>>>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>>>> >>>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> jasig-cas-user...@**googlegroups**.com >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/**dis**play/JSG/cas-user >>>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>>> >>>> -- >>> You are currently subscribed to [email protected] as: [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/**display/JSG/cas-user >>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> jasig-cas-user...@**googlegroups.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/**display/JSG/cas-user >> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >> >> -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
