You???ll need to programmatically rewrite the url. Certain, if not all official CAS clients do that for you, but it seems like you???re not using one.
From: chris nikitas [mailto:[email protected]] Sent: Monday, May 19, 2014 8:14 AM To: [email protected] Cc: [email protected]; [email protected] Subject: Re: [cas-user] Force re-authentication programmatically Hi Jerome, I am happy with the re-authentication. I was just talking about the ticket on the actual url. On Monday, May 19, 2014 4:07:11 PM UTC+1, J??r??me LELEU wrote: Hi, If you re-authenticate in your app, you will receive a new ST to access to your app, it's the normal flow of the CAS protocol. What would you expect as a behaviour? Thanks. Best regards, J??r??me 2014-05-19 13:00 GMT+02:00 chris nikitas <[email protected] <javascript:> >: Dooh!!! Of course... thanks for that! I am getting the redirection now... however when I end up to my final URL, I have the ticket on the url. Is there a way to remove that? On Monday, May 19, 2014 11:54:36 AM UTC+1, J??r??me LELEU wrote: OK. I see, typo problem: not "?renew=true", but "&renew=true"... 2014-05-19 12:47 GMT+02:00 chris nikitas <[email protected]>: Yes, so my original url is http://127.0.0.1:8080/details <http://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClient&sa=D&sntz=1&usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA> And then I try to call https://10.222.345.123:8080/cas/login?service=http://127.0.0.1:8080/details?renew=true However it reloads the page with a new ticket like so: http://127.0.0.1:8080/details?renew=true <http://127.0.0.1:8080/details?renew=true&ticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal> &ticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal But it does not prompt me to input my user credentials again. On the server side I do the following prior to calling the CAS login: HttpSession session = request.getSession(false); session.invalidate(); SecurityContext context = SecurityContextHolder.getContext(); Authentication auth = context.getAuthentication(); if (auth != null) { new SecurityContextLogoutHandler().logout(request, response, auth); } context.setAuthentication(null); On Monday, May 19, 2014 11:40:14 AM UTC+1, J??r??me LELEU wrote: I'm not sure I was clear enough here, but you must go to the CAS login url with the renew=true parameter, this parameter is applied on the CAS server side... 2014-05-19 12:11 GMT+02:00 chris nikitas <[email protected]>: Using the ?renew=true <http://myservice/?renew=true> .query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, J??r??me LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service=http://myservice?renew=true. Best regards, J??r??me 2014-05-19 10:58 GMT+02:00 chris nikitas <[email protected]>: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <javascript:> as: [email protected] <javascript:> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <javascript:> as: [email protected] <javascript:> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
