I'm trying to write an AuthenticationHandler for CAS, I've looked at the OpenID handler to get an idea of how this should work. It looks like authenticate() gets called for every request and if it can't authenticate the user then requestAuthentication() gets called to prompt a login. I can't figure out though how to trigger the call to requestAuthentication(), if authenticate() returns null I just get dropped on the page I was trying to navigate to and returning uthenticationInfo.DOING_AUTH gives me a 401 error. Am I misunderstanding the way AuthenticationHandlers work?
If it's any help in understanding what I'm doing wrong the basic logic of my handler is as follows. authenticate() checks the session to see if the user is already logged in, if not it tries to do a CAS gatewayed auth. If neither of those is successful it returns null. requestAuthentication() redirects the user to the CAS login page and returns true. -- D. Stuart Freeman Georgia Institute of Technology
signature.asc
Description: Digital signature