Hi, I’ll see what I can do about a stack trace. For my testing, I’m simply causing a “BadUsernameOrPasswordAuthenticationException” to be thrown in my OAuthAuthenticationHandler. I do see that the service parameter is saved to the session and flow scope, but doesn’t cas use either the SamlArgumentExtractor or the CasArgumentExtractor to extract the application service from the requesting URL? How/where is the service parameter injected back into the request context? Does this have anything to do with how I should configure my web flow so that in case of an exception (error) I’m transitioning to the appropriate action.
<action-state id="oauthAction"> <evaluate expression="oauthAction" /> <transition on="success" to="sendTicketGrantingTicket" /> <transition on="error" to=“??????" /> </action-state> Thanks, -- Jonathan From: Jérôme LELEU <lel...@gmail.com<mailto:lel...@gmail.com>> Reply-To: "cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>" <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> Date: Friday, June 13, 2014 at 9:38 AM To: "cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>" <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service parameter. Hi, In fact, the service parameter should be handled properly. It it saved before the redirection to the external identity provider and restored after the successful delegated authentication. So you shouldn't have any problem with keeping your service. It should be properly handled in case of an error as well and if it doesn't, it's somehow a bug. Can you copy/paste a stacktrace to see what kind of error breaks the flow? Thanks. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com<http://www.casinthecloud.com> | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas<http://www.jasig.org/cas> | Creator of pac4j: www.pac4j.org<http://www.pac4j.org> 2014-06-13 15:03 GMT+02:00 Jonathan <jhs...@mit.edu<mailto:jhs...@mit.edu>>: With the CAS OAuth Support 3.5.2 workflow, when we encounter an authentication error the exception handling code and web flow brings the user back to a login page. But in our case the specific login page depends on what the service parameter specified in the HTTP request URL. e.g. https://....?service=http://.../j_spring_cas_security_check" With the OAuth workflow, the service parameter is missing from the callback url used by the oauth server to call back to the oauth client application. In this case, when we have an authentication error, CAS uses a default theme for the login page instead of an application specific theme that we want. Has anyone else encountered this issue? Is this a common use case? What is the recommended way to handle this scenario? Thank you. -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: lel...@gmail.com<mailto:lel...@gmail.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: jhs...@mit.edu<mailto:jhs...@mit.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user