Hi all I have question on configuring a complex scenario where I am protecting a series of services with a CAS instance (5.2). I have two sets of users that I want authenticated by CAS: a set I can authenticate via a database (using a query database authenticator) and another set I can authenticate delegating to an external SAML IdP (with a pac4J delegated authenticator). Basically some users we manage ourselves, some other users are managed by a different organisation with their own IdP. The application needs to provide equal access to all users to protected services.
Once I define the two authenticators, the default CAS login page presents the username/password boxes with the SAML IdP as an optional button to click on. I would like that the login screen behaves the following way: connections from a designated IP address range are not presented the login but redirected to an authentication request to the SAML IdP. And that connections arriving from other addresses are presented the login screen for username and password and not offered the option attempting the SAML IdP. Is there a parameter I can pass to the login screen to request an automatic redirect to the delegated service under certain conditions? And similay, is there an option to present a login where authentication is performed against the database only? In my webapp I can detect the IP address before presenting the CAS login screen to the users, but I am at loss how to configure or drive CAS to adapt the login behaviour for these two cases. I suspect I can hack the login page to do this, but this would be rather crude. Is there a better option? Thanks for any suggestion you might have. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/415c786c-1872-45ef-8011-2c37d78406ee%40apereo.org.
