Sorry about that! So the web flow is as follows.
User navigates to a secure resource and is automatically redirected to the CAS login page. Upon successful login, the user is redirected to the original page he was trying to access. During authentication, my app is talking to an external app that provides me with a token that expires after some time. Usually this third party token will expire sooner than the CAS session. When this happens, I want to force the user to the CAS login page, so they can provide their credentials again and retrieve another new token from the external service. This needs to be done programmatically since I check in the code whether that third party token has expired or not. Does this make sense? On Monday, May 19, 2014 11:12:29 AM UTC+1, Jérôme LELEU wrote: > > Hi, > > Oh! I see you are using pac4j as a client. You could have used the > appropriate mailing-list: > https://groups.google.com/forum/?fromgroups#!forum/pac4j-users. > > Would you mind elaborating a little more your web flow? > > Thanks. > Best regards, > Jérôme > > > > 2014-05-19 11:34 GMT+02:00 chris nikitas <[email protected]<javascript:> > >: > >> Nope... still getting the following error: >> >> SEVERE: Servlet.service() for servlet [accounts] in context with path [] >> threw exception >> org.pac4j.core.exception.TechnicalException: >> org.jasig.cas.client.validation.TicketValidationException: >> ticket 'ST-907-DNtEbdyNP0br94K6dpfQsdfasdfasdf' does not match supplied >> service. The original service was ' >> http://127.0.0.1:8080/details/callback?client_name=CasClient' and the >> supplied service was ' >> http://127.0.0.1:8080/callback?client_name=CasClient'. >> >> How can I get rid of the ticket? >> >> On Monday, May 19, 2014 10:06:54 AM UTC+1, chris nikitas wrote: >>> >>> I will try that Jerome, thanks! >>> >>> So far I tried to call the same page, in hope that Spring Security will >>> detect the invalidated session, and will automatically redirect me. >>> >>> However I get 500 internal error since the ticket is still present! >>> >>> >>> >>> On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: >>>> >>>> Hi, >>>> >>>> I'm not exactly sure of what flow you have in mind, but you can force a >>>> re-authentication (even if the user is already authenticated) by using the >>>> renew parameter on the login url: /cas/login?service=http:// >>>> myservice?renew=true. >>>> Best regards, >>>> Jérôme >>>> >>>> >>>> 2014-05-19 10:58 GMT+02:00 chris nikitas <[email protected]>: >>>> >>>>> Hi all, >>>>> >>>>> My application, talks to a third-party app which keeps it's own >>>>> authentication token. >>>>> >>>>> What I want to do is the following: >>>>> >>>>> If that third-party token expires, I want to force a CAS relogin (give >>>>> the user the CAS login form to enter their credentials) and upon >>>>> successful >>>>> relogin, return to the page the were on. >>>>> >>>>> My app is using Spring Security and AngularJS at the front (if that >>>>> makes a difference). >>>>> >>>>> What would be the best way to go about this? >>>>> >>>>> Thanks, >>>>> Chris. >>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> -- >>> You are currently subscribed to [email protected] <javascript:> as: >>> [email protected] <javascript:> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> -- >> You are currently subscribed to [email protected] <javascript:> as: >> [email protected] <javascript:> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] <javascript:> as: > [email protected] <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
