You'd need to invent custom Spring Web Flow state(s) to do the job and declare them in login-flow.xml. Also a new class implementing Credentials interface that wraps the IP information of the target service well as custom AuthenticationHandler supporting this Credentials type.
This is a basic outline, as this would be a some what advanced case of extending CAS server which requires custom development and thorough understanding of CAS internals. I hope this gives you a right idea to do the further research. Best, Dmitriy. Sent from my iPhone > On Dec 29, 2013, at 3:13, Idan Fridman <[email protected]> wrote: > > Hi Dmitriy, > > How would you build that flow? How can I modify that 'Credentials' object > before the auth handler's being invoked. > > Thanks, > Idan. > > From: Dmitriy Kopylenko [mailto:[email protected]] > Sent: Saturday, December 28, 2013 4:02 PM > To: [email protected] > Subject: Re: [cas-user] CAS Automatic Login... best practices > > Hi Ray. You'd need to invent a kind of 'Credentials' implementation that > encapsulates this host/ip info and get that info into it somewhere in the > login flow before those credentials are passed onto your custom authn > handler's "authenticate" method. > > Happy New Year! > > Dmitriy. > > Sent from my iPhone > > On Dec 28, 2013, at 3:56, Idan Fridman <[email protected]> wrote: > > Hi, > You were talking about authentication handlers. Is it possible to retrieve > the service host/ip via that authentication handler? Because if you implement > AuthenticationHandler you could get only the Credentials. > > Thanks, > Ray > > ----- Reply message ----- > From: "Jérôme LELEU" <[email protected]> > To: "[email protected]" <[email protected]> > Subject: [cas-user] CAS Automatic Login... best practices > Date: Sat, Dec 28, 2013 09:53 > > Hi, > > OK. You don't need an auto login process here (as you don't have the user's > password, which is a good thing), but as I also suggested, you need an > authentication handler taking a username and a OTP (one-time password) = an > authentication code, to authenticate a user. I would got that way. > > So you would have two authentication handlers, one processing user's login > and password and one processing a username and an authentication code (which > can be used only once). > > Best regards, > Jérôme > > > > 2013/12/27 Joe <[email protected]> > Sorry, rereading what I want to do, I can see now, how it's a bit misleading. > > So (on the application server side) I have authenticated the user via an > authentication code, and have created the account. CAS has not yet > authenticated the user. I want to tell CAS that the current user and session > is authenticated without passing the password back over the public wire .(The > application server might pass the user/password to CAS). > > I can think of a few ways to do this, but is there a recommended way? > > -Joe > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > This e-mail and the information it contains may be privileged and/or > confidential. It is intended solely for the use of the named recipient(s). If > you are not the intended recipient you may not disclose, copy, distribute or > retain any part of this message or attachments. If you have received this > e-mail in error please notify the sender immediately [by clicking 'Reply'] > and delete this e-mail. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > This e-mail and the information it contains may be privileged and/or > confidential. It is intended solely for the use of the named recipient(s). If > you are not the intended recipient you may not disclose, copy, distribute or > retain any part of this message or attachments. If you have received this > e-mail in error please notify the sender immediately [by clicking 'Reply'] > and delete this e-mail. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
