Tiancheng,
My filter knowledge may be rusty but you could break out of the filter chain
when !isSsoOn.
if (isSsoOn){
chain.doFilter(request, response); // continue with CAS filters
}else{
String path = ...; // non SSO login
response.sendRedirect(path);
}
Ray
On Wed, 2017-09-20 at 01:12 -0700, Tiancheng Hu wrote:
For certain necessities, I've to implement a switchable SSO scheme in WebApp
side.
Current plan is to add a top-level filter which retrieves SSO ON/OFF config,
forwards to 4 SSO filters + 1 SLO filter when SSO's on, or keep on to non-SSO
authentication when SSO' off.
if (!isSsoOn){
chain.doFilter(request, response);
}else{
String path =
request.getRequestURI().substring(request.getContextPath().length());
request.getRequestDispatcher("/sso" + path).forward(request, response);
}
For this, I need to filter-mapping SSO filters to pattern like ”/sso/*“ and
remove this prefix after SSO handling (authentication, ticket-validation,
request-wrapper, assertion-thread-localization). Is it secure, or appropriate
to do so, considering all those afterwards redirecting between cas-server and
cas-client?
--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1505926635.13366.37.camel%40uvic.ca.
