Hi Prasad, You may be able to do an alternate CAS login page that you could set up basic auth on, and then pass the credentials (along with the service name) to the CAS login page for authentication? You could start with something like the following, and then modify it to meet your needs. In this case, you could just post a service, username, and password parameters to the page, which would then to the authentication to CAS and redirect to the service.
You would store this file on your CAS server, probably in Tomcat's ROOT webapp folder. (This has been tested working for us with CAS 3.4.x, 3.5.x, and 4.0.1, but the usual "use at your own risk, your mileage may vary" disclaimer applies.) <%@page contentType="text/html; charset=windows-1252" isELIgnored="false" import="java.net.URL" import="java.net.HttpURLConnection" import="java.io.InputStream" import="java.io.BufferedReader" import="java.io.InputStreamReader" %> <% response.setHeader("Cache-Control","no-cache"); //HTTP 1.1 response.setHeader("Pragma","no-cache"); //HTTP 1.0 response.setDateHeader ("Expires", -1); //prevents caching at the proxy server String testURL = "https://" + String.valueOf(request.getServerName()) + "/cas/login"; String myService = request.getParameter("service"); String username = request.getParameter("username"); String password = request.getParameter("password"); if ((myService != null) && (myService != "")) { testURL = testURL + "?service=" + myService; } String myLT = ""; String myExecution = ""; URL myUrl = new URL(testURL); HttpURLConnection myUrlConnection = (HttpURLConnection)myUrl.openConnection(); myUrlConnection.setDoInput(true); myUrlConnection.setDoOutput(false); String myCookie = myUrlConnection.getHeaderField("Set-Cookie"); myUrlConnection = (HttpURLConnection)myUrl.openConnection(); if (myCookie != null) { myUrlConnection.setRequestProperty("Cookie", myCookie); } myUrlConnection.setDoInput(true); myUrlConnection.setDoOutput(false); response.addHeader("Set-Cookie", myCookie); response.setContentType("text/html"); if (null != (myCookie = myUrlConnection.getHeaderField("Set-Cookie"))) { response.addHeader("Set-Cookie", myCookie); } InputStream webContent = (InputStream)myUrlConnection.getInputStream(); BufferedReader pageStream = new BufferedReader (new InputStreamReader (webContent)); String currentLine = ""; String debugOutput = ""; if(myUrlConnection.getResponseCode() == 200){ //Makes sure that the page pulled correctly and didn't give an error while ((currentLine = pageStream.readLine()) != null) { if (currentLine.toLowerCase().indexOf("name=\"lt\"") > -1) { myLT = currentLine.substring(currentLine.indexOf("value=") + 7,currentLine.length() - 4); } else if (currentLine.toLowerCase().indexOf("name=\"execution\"") > -1) { myExecution = currentLine.substring(currentLine.indexOf("value=") + 7,currentLine.length() - 4); } } } pageStream.close(); %> <html> <head> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1"> </head> <body onload="document.forms.loginForm.submit()"> Loading... <form name="loginForm" action="<%=testURL%>" method="POST"> <input type="hidden" name="username" value="<%=username%>"> <input type="hidden" name="password" value="<%=password%>"> <input type="hidden" name="lt" value="<%=myLT%>" /> <input type="hidden" name="execution" value="<%=myExecution%>"> <input type="hidden" name="_eventId" value="submit" /> </form> </body> </html> >>> Mahantesh Prasad Katti <mahantesh.ka...@indecomm.net> 11/12/15 12:37 AM >>> Hi All, I am working on an application that runs on glassfish. There are some web services exposed on this application. These are accessed using basic HTTP authentication by external applications. Recently this app [that runs on glassfish] was casified. This meant that the external applications cannot access the application by providing the http basic auth as they used to do earlier. [They do not want to get CAS tokens and supply them while invoking the services]. The requirement is to retain previous auth model for external applications while having the CASification in place. We are using JSR-196 for the CASification. I wanted to know if this is really possible. JEE only allows us to have one active realm at any point in time. Is it possible to have a filter layer before JASPIC which based on the user agent header will determine if the request needs to be authenticated with http basic method? If so it will fire a request to CAS and get the token and redirect to the service being inviked. I can provide more details in case I was not able to explain the scenario properly. Regards Prasad -- You are currently subscribed to cas-user@lists.jasig.org as: cmy...@mail.millikin.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user