Not by default. Return a NullPrincipal. This will return an “error” signal to the flow with an “error” attribute that points to a NullPrincipalException. Catch the error and reroute the flow to an error page that displays your message.
From: Chris Curtin [mailto:curtin.ch...@gmail.com] Sent: Wednesday, May 13, 2015 1:04 PM To: cas-user@lists.jasig.org Subject: [cas-user] Principal Resolver - how to handle Authorization? Hi, We're running CAS 4.0 with the pac4j SAML 1.6.0 libraries. When we do a redirect to the SAML idP we get an authentication, but within our Principal Resolver we find that a user is not provisioned for our application. In our custom Principal Resolver we detect this, but don't know what to do next. Ideally we want to show them a 'sorry you are not provisioned for this application' web page, but returning null from the Resolver caused the login page (and thus redirect to the idP) to be displayed again. Is there a way to fail a Principal Resolver such that it displays an error page? Thanks, Chris -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net <mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user