Welcome to the new Spring.io forums!
If this is your first visit, be sure to check out the
by clicking the link above, and for security reasons, use the
forgot password link to reset your password..
You may have to register before you can post: click the register
link above to proceed. To start viewing messages, select the forum that you want to visit
from the selection below.
in web context(not in web.xml) I import spring security context and in web.xml I set filters, listeners and etc. I have looked up in this article. Now I have noticed and all my ssugestion lie on the bean serviceProperties.
when I edit this value, I have different results. From the article, it's not obvious, what values should be.
For my case my app runs on the tomcat with 8080 port and CAS-server runs on the other one with 9080 port.
so what value is correct?
I'm very grateful for all your help
I've already implemented CAS login, the problem was indeed in the link.
Also I've impleemented single sign out, BUT I've faced the next problem:
when I logout (CAS really logs me out), I go to CAS logout page, which says that logout was successfull. But I want to setup it in a such way, that it should somehow redirect me to myApp index page (for instance, http://localhost:8080/myApp/). Is it possible?
Yes, you can do that by using the "service" request parameter in your logout url. Depending on CAS version, you can have to do additionnal configuration : set the followServiceRedirects property to true and add a CAS service matching your service url.
Jérôme, I've added such string in my spring security config, but CAS behaves as usual(goes to CAS logout).
and in my CAS server I didn't find any followServiceRedirects property. where it is?
ps. I'm using CAS 3.4.10 (IDE is Eclipse, Servlet container is Tomcat)
and how can I implement such thing:
I want to login at my app(I mean the login page will be from my app), somehow (via magic ) credentials are sent to CAS Server, thus I don't need to see the CAS login page, but the authentications goes through the CAS. Are there any ways ?
It looks like a strange need to me : if you want to use CAS, it's because you want to benefit from SSO. Why do you want in this case to authenticate in your web application ?
Nonetheless, you can authenticate under certain conditions without displaying a login page on the CAS server.
Can you tell me more about your need ? Maybe it would be better to open a new thread for this new topic...
yeah, it's rather a specific need.
The steps are next:
1. user clicks login link.
2. he goes to my login page(not to CAS as it is now)
3. after logging in, the credentials are somehow sent from my app to CAS server
4. logout works perfect for now
The navigation is pretty clear. Though, I don't understand why you don't check these login / password in the CAS server instead of in the application.
But you can do that by using some token mechanism : in your application, you could associate a login to a token (one use, short lifetime), send this token to the CAS server (/cas/login?token=xxx) which would have an authentication handler which call the original application to check to token (IP filtering, login / password for CAS server), obtain the login and authenticate the user with the login.
I found one solution here. But I think, it's incorrect to change many CAS server settings.
I'd like to know more about your idea. As I understand, user can be authenticated in a such way:
1. he goes to myApp login page
2. he enters the crentials
I'd like to ask few questions about the 3rd step:
1. if CAS accepts ajax, what should be headers/data format/etc.?
2. can u provide an example of token?(for example, https://localhost:9543/cas/login?tok...min&pass:admin)
I didn't know about the solution you mentioned.
It would be better to ask this CAS specific question on the CAS user mailing list : https://lists.wisc.edu/read/?forum=cas-user.
About my solution, it has nothing to do with AJAX : the check request is a call between CAS server and application, token can be generated of any form : with specific library, hash of (timestamp + login + password)...