Unicon / shib-cas-authn3

Integrates an external CAS Server and Shibboleth IdPv3.
Apache License 2.0
22 stars 16 forks source link

Handle Revoking Consent on CAS side #9

Closed rkorn86 closed 9 years ago

rkorn86 commented 9 years ago

As there is no login.vm displayed, but we use the CAS login theme. There should be some way to let the user revoke their release attribute grants. So first there should be some UI on the CAS Login Page, like the checkbox defined in shibboleth' login.vm

              <div class="form-element-wrapper">
                <input id="_shib_idp_revokeConsent" type="checkbox" name="_shib_idp_revokeConsent" value="true">
                #springMessageText("idp.attribute-release.revoke", "Clear prior granting of permission for release of your information to this service.")
              </div>

And second there should be some worker, setting a request param for shibboleth, so that this decision flow from system/flows/intercept/attribute-release-flow.xml is executed.

    <decision-state id="TestForRevokeConsent">
        <if test="requestParameters._shib_idp_revokeConsent" then="RevokeConsent" else="ReadConsentFromStorage" />
    </decision-state>