Hi, I think that the easiest way here is to have an *<input type="hidden"*field in your form for the username with the retrieved valued. So that your username is submitted as well as the password. Best regards, Jérôme
2013/9/5 <[email protected]> > I have had some luck creating a custom web flow action and getting hold of > the principal using: > > TicketGrantingTicket t = (TicketGrantingTicket) > ticketRegistry.getTicket(WebUtils.getTicketGrantingTicketId(context)); > Authentication authentication = t.getAuthentication(); > Principal principal = authentication.getPrincipal(); > > Hopefully this is a reasonable thing to do. > I was thinking, if I create a custom login page for re-authentication > containing input for just the password, then added my custom action after > the bindandvalidate state, how could I get my newly retrieved username into > the credentials ready for the submit action state ? > > > On Thursday, September 5, 2013 9:52:15 AM UTC+1, [email protected]: >> >> Hi Jérôme, >> >> Thank you for your assistance (and apologies for the delay in my reply). >> I have managed to add an action into the webflow after renewRequestCheck >> and before viewLoginForm (note I'm using cas 3.3.1 if it matters). >> I currently have injected into my new action, >> CentralAuthenticationService and TicketRegistry and have access to the >> tgtid using WebUtils.**getTicketGrantingTicketId, but I cant see where >> to get the username from. >> Any pointers ? >> >> Thank you. >> >> On Tuesday, August 27, 2013 7:56:12 AM UTC+1, Jérôme LELEU wrote: >>> >>> Hi, >>> >>> The CAS server behaves according to what is defined in its webflow : >>> https://github.com/Jasig/**cas/blob/3.5.x/cas-server-** >>> core/src/main/java/org/jasig/**cas/web/flow/** >>> InitialFlowSetupAction.java<https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/InitialFlowSetupAction.java> >>> . >>> >>> In this case, we'd like to have a login page not displaying the >>> "username" filed is the user is already authenticated (just the password >>> field). >>> >>> You need two changes : >>> - in the webflow, before displaying the login page, add a new expression >>> (around line 128) to evaluate if the user is already authenticated and his >>> username (be aware that the TGT id is in the webflow : >>> https://github.com/Jasig/**cas/blob/3.5.x/cas-server-** >>> core/src/main/java/org/jasig/**cas/web/flow/** >>> InitialFlowSetupAction.java<https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/InitialFlowSetupAction.java>, >>> so you would need to query the tickets registry with that) >>> - in the login page, add the appropriate logic : >>> https://github.com/Jasig/**cas/blob/3.5.x/cas-server-** >>> webapp/src/main/webapp/WEB-**INF/view/jsp/default/ui/**casLoginView.jsp<https://github.com/Jasig/cas/blob/3.5.x/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casLoginView.jsp> >>> . >>> >>> Best regards, >>> Jérôme >>> >>> >>> >>> >>> >>> 2013/8/22 <[email protected]> >>> >>>> Renew does sound like it should renew an existing identity. >>>> Im afraid im a bit of a newbie when it comes to customising cas. Do you >>>> have any pointers for where to start ? Any wiki articles ? Or do I need to >>>> start trawling source code ? Regardless, thank you very much for your help. >>>> >>>> >>>> On Thursday, August 22, 2013 9:32:03 AM UTC+1, Jérôme LELEU wrote: >>>>> >>>>> Hi, >>>>> >>>>> There were several discussions about the renew parameter, especially >>>>> when we wrote the LOA specifications. >>>>> I'm in favor of blocking new identity when using the renew parameter : >>>>> it should only be possible to check the password. >>>>> But we didn't reach any clear agreement on this, so I guess it will >>>>> stay a customization for now. >>>>> Best regards, >>>>> Jérôme >>>>> >>>>> >>>>> >>>>> >>>>> 2013/8/22 <[email protected]> >>>>> >>>>>> That sounds like exactly what I want, I was hoping there was a native >>>>>> mechanism to support that and initially wondered if renew was it but I >>>>>> guess not. >>>>>> >>>>>> On Thursday, August 22, 2013 7:26:15 AM UTC+1, Jérôme LELEU wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> What would be the expected behaviour when the user is already >>>>>>> authenticated and requested to login again ? >>>>>>> Do you want the login page to have the username already fixed by the >>>>>>> previous authentication and only the password can be edited ? Because >>>>>>> I'm >>>>>>> pretty sure that this can be easily achieved with a customization. >>>>>>> Best regards, >>>>>>> Jérôme >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2013/8/21 <[email protected]> >>>>>>> >>>>>>>> Thank you very much for the responses. I suspect I didn't explain >>>>>>>> myself very well. The idea is that the user logs onto the web >>>>>>>> application >>>>>>>> with a username and password through cas. They are then free to use the >>>>>>>> system. If they attempt to click the "edit my profile" link they are >>>>>>>> then >>>>>>>> asked to provide their password again before they can see that screen >>>>>>>> - to >>>>>>>> mitigate against a user leaving their browser logged in, walking away >>>>>>>> and >>>>>>>> someone sitting down and changing their details. Similar to the way >>>>>>>> Amazon >>>>>>>> deals with editing a profile. >>>>>>>> >>>>>>>> I have tried to redirect to login with renew=true when the profile >>>>>>>> page is requested and indeed authentication is requested but at that >>>>>>>> point >>>>>>>> any valid account seems to work as it is requesting fresh credentials. >>>>>>>> I am >>>>>>>> really only after them entering the password for the logged in account >>>>>>>> at >>>>>>>> that point. >>>>>>>> >>>>>>>> Any ideas ? >>>>>>>> >>>>>>>> Thanks for any help. >>>>>>>> -- >>>>>>>> You are currently subscribed to [email protected] as: >>>>>>>> [email protected] >>>>>>>> To unsubscribe, change settings or access archives, see >>>>>>>> http://www.ja-sig.org/wiki/**dis****play/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You are currently subscribed to [email protected] as: >>>>>>> jasig-cas-user...@**googlegroups****.com >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/**dis****play/JSG/cas-user >>>>>>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>>>>>> >>>>>>> -- >>>>>> You are currently subscribed to [email protected] as: >>>>>> [email protected] >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/**dis**play/JSG/cas-user >>>>>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>>>>> >>>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> jasig-cas-user...@**googlegroups**.com >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/**dis**play/JSG/cas-user >>>>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>>>> >>>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/**display/JSG/cas-user >>>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>>> >>>> >>> -- >>> You are currently subscribed to [email protected] as: >>> jasig-cas-user...@**googlegroups.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/**display/JSG/cas-user >>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >>> >>> -- >> You are currently subscribed to [email protected] as: >> cas-user-garchive-84298@**googlegroups.com >> <[email protected]> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/**display/JSG/cas-user >> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >> >> -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
