Hi,
I'm not sure it helps in your case, but we had a similar issue with
some applications:
- the application creates a session and store information before going to CAS
- the application redirects to CAS which asks password
- CAS redirects to the application
- the user clicks on "back" button
- CAS session is valid, so it goes back to the application again. In
some cases, the application is not happy to receive an expected ticket
[*]. And even if it works, the user wonders why "back" did not work
The solution we used:
- on CAS form asking for login&password, we added
onsubmit="ignore_on_history_back()"
function ignore_on_history_back() {
// on back, do not autolog nor prompt, go back to the app
try { window.history.replaceState({}, null,
location.href.replace('/cas/login',
'/cas/authentification-en-cours.html')) } catch (e) {}
}
- we added a static page authentification-en-cours.html
<script>
var isForward = (history.state || {}).isForward;
try {
history.replaceState({ isForward: !isForward }, null, null);
} catch (e) {}
history.go(isForward ? 1 : -1);
</script>
Page temporaire d'authentification. Nous vous redirigeons vers la
page précédente...
(cf https://cas.univ-paris1.fr/cas/authentification-en-cours.html)
[*] we have this issue with shibboleth-idp that is configured to
delegate to CAS
Julien Gribonvald <julien.gribonv...@recia.fr> a écrit :
Hi,
Is there a simple way to force user to come from a service before to
authenticate ?
I mean before accessing to some services (not all) a user should
come from an entry point (a service on which he will be
authenticated after, like a portal), if not he should be redirected
to this entry point.
If not is it the a thing to define a service policy from the service
management to do that ? Or are you seing a better way ?
Thanks,
--
Julien Gribonvald
--
Pascal Rigaux
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20190417213915.Horde.oRKdexLMMXnxHD47I0NICSS%40courrier.univ-paris1.fr.