Intercepting authentication per service and issuing an external redirect

Unicon / cas-addons

Open source CAS customizations, extensions, and configuration aids.

http://unicon.github.io/cas-addons/

Apache License 2.0

54 stars 26 forks source link

Intercepting authentication per service and issuing an external redirect #50

Closed mmoayyed closed 11 years ago

mmoayyed commented 11 years ago

Would like to know if there is a way of identifying what service an authentication attempt is coming from in order to interrupt the login process and redirect the user temporarily to a survey page before allowing them through to the requested url/application.

As we have a number of different interrupt pages that we need to divert to depending on what service the user is coming from we are looking for a way to implement this uniquely for multiple services.

mmoayyed commented 11 years ago

When the application returns the user back to CAS, it needs to somehow indicate that the previous state was completed. For instance:

1- User X attempts to access CAS login page, with service parameter as Y 2- Y in the flow matches one of the redirection rules, so X is redirected to the survey app. 3- X finishes the survey app, and then app issues a redirect back to CAS with service parameter set to Y 4- Go to 1

This is an endless loop. When app issues that redirect, and the user arrives at CAS, there will need to be implemented some sort of a rule or condition that tells the flow "this user is returning from the app and has already completed that step. Dont redirect but just resume normally".

mmoayyed commented 11 years ago

This is sort of similar to this feature: https://github.com/Unicon/cas-addons/wiki/Configuring-custom-redirect-urls-for-unauthorized-services

mmoayyed commented 11 years ago

@dima767 I am going to try and take a stab at this for 1.9 but depending on time and capacity, we might just have to punt and move this to 2.0.

mmoayyed commented 11 years ago

I am thinking that the task of checking the status would have to, in all practicality, delegated and retrieved from an external service. We could provide a default impl that simply saves that state into memory.

dima767 commented 11 years ago

That's fine. I'm actually thinking continuing the 1.x series e.g. 1.10, 1.11, etc. with 2.0 being a major release with cleaning/deprecating unused features, building on the CAS 4, etc.

— Sent from Mailbox for iPhone

On Wed, Oct 16, 2013 at 12:54 PM, Misagh Moayyed notifications@github.com wrote:

@dima767 I am going to try and take a stab at this for 1.9 but depending on time and capacity, we might just have to punt and move this to 2.0.

Reply to this email directly or view it on GitHub: https://github.com/Unicon/cas-addons/issues/50#issuecomment-26436627

mmoayyed commented 11 years ago

Great!

So I have got the basic design working. Need to test a bit more, javadocs, wiki and then we should be good on this one.

dima767 commented 11 years ago

And don't forget the changelog :-)

mmoayyed commented 11 years ago

https://github.com/Unicon/cas-addons/wiki/Redirecting-Service-to-External-Url