Re: [cas-user] Mandatory entry point before authentication

Wed, 17 Apr 2019 12:39:37 -0700 

Hi,
I'm not sure it helps in your case, but we had a similar issue with some applications: 
- the application creates a session and store information before going to CAS
- the application redirects to CAS which asks password
- CAS redirects to the application
- the user clicks on "back" button
- CAS session is valid, so it goes back to the application again. In some cases, the application is not happy to receive an expected ticket [*]. And even if it works, the user wonders why "back" did not work 

The solution we used:


- on CAS form asking for login&password, we added  
onsubmit="ignore_on_history_back()"


   function ignore_on_history_back() {
      // on back, do not autolog nor prompt, go back to the app

      try { window.history.replaceState({}, null,  
location.href.replace('/cas/login',  
'/cas/authentification-en-cours.html')) } catch (e) {}

   }

- we added a static page authentification-en-cours.html

  <script>
   var isForward = (history.state || {}).isForward;
   try {
     history.replaceState({ isForward: !isForward }, null, null);
   } catch (e) {}
   history.go(isForward ? 1 : -1);
  </script>

  Page temporaire d'authentification. Nous vous redirigeons vers la  
page précédente...


  (cf https://cas.univ-paris1.fr/cas/authentification-en-cours.html)


[*] we have this issue with shibboleth-idp that is configured to  
delegate to CAS


Julien Gribonvald <julien.gribonv...@recia.fr> a écrit :


Hi,


Is there a simple way to force user to come from a service before to  
authenticate ?



I mean before accessing to some services (not all) a user should  
come from an entry point (a service on which he will be  
authenticated after, like a portal), if not he should be redirected  
to this entry point.



If not is it the a thing to define a service policy from the service  
management to do that ? Or are you seing a better way ?


Thanks,

--
Julien Gribonvald



--
Pascal Rigaux

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG

--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190417213915.Horde.oRKdexLMMXnxHD47I0NICSS%40courrier.univ-paris1.fr.






















					Reply via email to