Announcement Announcement Module
Collapse
No announcement yet.
cas+spring security issue Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    What's your web application context ?

    Comment


    • #17
      in web context(not in web.xml) I import spring security context and in web.xml I set filters, listeners and etc. I have looked up in this article. Now I have noticed and all my ssugestion lie on the bean serviceProperties.
      <bean id="serviceProperties" class="org.springframework.security.cas.ServicePro perties">
      <property name="service" value="http://localhost:8080/spring-security-cas/j_spring_cas_security_check"></property>
      <property name="sendRenew" value="false"></property>
      </bean>
      when I edit this value, I have different results. From the article, it's not obvious, what values should be.
      For my case my app runs on the tomcat with 8080 port and CAS-server runs on the other one with 9080 port.
      so what value is correct?

      Comment


      • #18
        I reformulate my question : what is the path (<Context path="...") for your application deployed in Tomcat ? because for the previous definition bean, it should be spring-security-cas.

        Comment


        • #19
          hi, Jérôme!
          I'm very grateful for all your help
          I've already implemented CAS login, the problem was indeed in the link.
          Also I've impleemented single sign out, BUT I've faced the next problem:
          when I logout (CAS really logs me out), I go to CAS logout page, which says that logout was successfull. But I want to setup it in a such way, that it should somehow redirect me to myApp index page (for instance, http://localhost:8080/myApp/). Is it possible?

          Comment


          • #20
            Hi,

            Yes, you can do that by using the "service" request parameter in your logout url. Depending on CAS version, you can have to do additionnal configuration : set the followServiceRedirects property to true and add a CAS service matching your service url.
            Best regards,
            Jérôme

            Comment


            • #21
              can u provide a sample of link with usage of "service" ?

              Comment


              • #22
                Sure :
                Code:
                https://mycasserver/cas/logout?service=http://myfinalwebsite/

                Comment


                • #23
                  Jérôme, I've added such string in my spring security config, but CAS behaves as usual(goes to CAS logout).
                  and in my CAS server I didn't find any followServiceRedirects property. where it is?
                  ps. I'm using CAS 3.4.10 (IDE is Eclipse, Servlet container is Tomcat)

                  Comment


                  • #24
                    already fixed. in my cas-servlet I've added to logoutController bean
                    p:followServiceRedirects="${cas.logout.followServi ceRedirects:true}"
                    and now it works fine.
                    thanks for your help, attention and time.

                    Comment


                    • #25
                      Jérôme,
                      and how can I implement such thing:
                      I want to login at my app(I mean the login page will be from my app), somehow (via magic ) credentials are sent to CAS Server, thus I don't need to see the CAS login page, but the authentications goes through the CAS. Are there any ways ?

                      Comment


                      • #26
                        Hi,

                        It looks like a strange need to me : if you want to use CAS, it's because you want to benefit from SSO. Why do you want in this case to authenticate in your web application ?
                        Nonetheless, you can authenticate under certain conditions without displaying a login page on the CAS server.
                        Can you tell me more about your need ? Maybe it would be better to open a new thread for this new topic...
                        Best regards,
                        Jérôme

                        Comment


                        • #27
                          yeah, it's rather a specific need.
                          The steps are next:
                          1. user clicks login link.
                          2. he goes to my login page(not to CAS as it is now)
                          3. after logging in, the credentials are somehow sent from my app to CAS server
                          4. logout works perfect for now
                          regards.

                          Comment


                          • #28
                            Hi,

                            The navigation is pretty clear. Though, I don't understand why you don't check these login / password in the CAS server instead of in the application.
                            But you can do that by using some token mechanism : in your application, you could associate a login to a token (one use, short lifetime), send this token to the CAS server (/cas/login?token=xxx) which would have an authentication handler which call the original application to check to token (IP filtering, login / password for CAS server), obtain the login and authenticate the user with the login.
                            Best regards,
                            Jérôme

                            Comment


                            • #29
                              Hi, Jérôme!
                              I found one solution here. But I think, it's incorrect to change many CAS server settings.
                              I'd like to know more about your idea. As I understand, user can be authenticated in a such way:
                              1. he goes to myApp login page
                              2. he enters the crentials
                              3. in case of correct authentication, myApp sends to CAS request(is it java server side or I can send it via javascript or via ajax or somehow in config?) to such URL: "https://localhost:9543/cas/login?token=xxx" and authenticates in CAS.
                              I'd like to ask few questions about the 3rd step:
                              1. if CAS accepts ajax, what should be headers/data format/etc.?
                              2. can u provide an example of token?(for example, https://localhost:9543/cas/login?tok...min&pass:admin)

                              Comment


                              • #30
                                Hi,

                                I didn't know about the solution you mentioned.
                                It would be better to ask this CAS specific question on the CAS user mailing list : https://lists.wisc.edu/read/?forum=cas-user.
                                About my solution, it has nothing to do with AJAX : the check request is a call between CAS server and application, token can be generated of any form : with specific library, hash of (timestamp + login + password)...
                                Best regards,
                                Jérôme

                                Comment

                                Working...
                                X