Or, one could simply use the "AuthenticationSupport" API of cas-addons like this: authenticationSupport.getAuthenticatedPrincipalFrom(tgtId).getId() (Note that there is no need to directly inject TicketRegistry as it is already encapsulated in the DefaultAuthenticationSupport implementation).
https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/AuthenticationSupport.java#L37 To create this bean, simply declare it using cas-addons custom XML namespace: <cas:default-authentication-support/> and it would be available for injection under 'authenticationSupport' bean id. Please note that using cas-addons for what you need to do IS NOT REQUIRED. This is just a friendly "awareness note" about the convenient facilities available out there, should one decide it is worth using them :-) Cheers, Dmitriy. On Sep 5, 2013, at 11:29 AM, Jérôme LELEU <[email protected]> wrote: > Hi, > > The TGTID is in the webflow so you can access it using WebUtils. But the > username is stored in the Authentication object of the TGT itself so you will > access it by querying the TGT in the tickets registry : something like > ticketRegistry.get(TGTID).getAuthentication().getPrincipal().getId(). > Best regards, > Jérôme > > > > 2013/9/5 <[email protected]> > Hi Jérôme, > > Thank you for your assistance (and apologies for the delay in my reply). > I have managed to add an action into the webflow after renewRequestCheck and > before viewLoginForm (note I'm using cas 3.3.1 if it matters). > I currently have injected into my new action, CentralAuthenticationService > and TicketRegistry and have access to the tgtid using > WebUtils.getTicketGrantingTicketId, but I cant see where to get the username > from. > Any pointers ? > > Thank you. > > On Tuesday, August 27, 2013 7:56:12 AM UTC+1, Jérôme LELEU wrote: > Hi, > > The CAS server behaves according to what is defined in its webflow : > https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/InitialFlowSetupAction.java. > > In this case, we'd like to have a login page not displaying the "username" > filed is the user is already authenticated (just the password field). > > You need two changes : > - in the webflow, before displaying the login page, add a new expression > (around line 128) to evaluate if the user is already authenticated and his > username (be aware that the TGT id is in the webflow : > https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/InitialFlowSetupAction.java, > so you would need to query the tickets registry with that) > - in the login page, add the appropriate logic : > https://github.com/Jasig/cas/blob/3.5.x/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/casLoginView.jsp. > > Best regards, > Jérôme > > > > > > 2013/8/22 <[email protected]> > Renew does sound like it should renew an existing identity. > Im afraid im a bit of a newbie when it comes to customising cas. Do you have > any pointers for where to start ? Any wiki articles ? Or do I need to start > trawling source code ? Regardless, thank you very much for your help. > > > On Thursday, August 22, 2013 9:32:03 AM UTC+1, Jérôme LELEU wrote: > Hi, > > There were several discussions about the renew parameter, especially when we > wrote the LOA specifications. > I'm in favor of blocking new identity when using the renew parameter : it > should only be possible to check the password. > But we didn't reach any clear agreement on this, so I guess it will stay a > customization for now. > Best regards, > Jérôme > > > > > 2013/8/22 <[email protected]> > That sounds like exactly what I want, I was hoping there was a native > mechanism to support that and initially wondered if renew was it but I guess > not. > > On Thursday, August 22, 2013 7:26:15 AM UTC+1, Jérôme LELEU wrote: > Hi, > > What would be the expected behaviour when the user is already authenticated > and requested to login again ? > Do you want the login page to have the username already fixed by the previous > authentication and only the password can be edited ? Because I'm pretty sure > that this can be easily achieved with a customization. > Best regards, > Jérôme > > > > > 2013/8/21 <[email protected]> > Thank you very much for the responses. I suspect I didn't explain myself very > well. The idea is that the user logs onto the web application with a username > and password through cas. They are then free to use the system. If they > attempt to click the "edit my profile" link they are then asked to provide > their password again before they can see that screen - to mitigate against a > user leaving their browser logged in, walking away and someone sitting down > and changing their details. Similar to the way Amazon deals with editing a > profile. > > I have tried to redirect to login with renew=true when the profile page is > requested and indeed authentication is requested but at that point any valid > account seems to work as it is requesting fresh credentials. I am really only > after them entering the password for the logged in account at that point. > > Any ideas ? > > Thanks for any help. > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
