[英]JASIG CAS Login without CAS login screen
We are trying to use CAS server for SSO for our existing web based applications.我们正在尝试将 CAS 服务器用于我们现有的基于 Web 的应用程序的 SSO。 Our goals are
我们的目标是
We are done with the first and second goal.我们完成了第一个和第二个目标。 But having problems with third one.
但是第三个有问题。
For this functionality we are trying to replicate the same actions as in second goal , only difference being submitting/posting the data (credentials , login tickets etc) from non CAS login page.对于这个功能,我们试图复制与第二个目标相同的操作,唯一的区别是从非 CAS 登录页面提交/发布数据(凭证、登录票等)。
Any thoughts on how can we handle this problem ??关于我们如何处理这个问题的任何想法?
Thanks, Pratik谢谢,普拉蒂克
There is a wiki page on CAS which debates about that : https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen (but which is older than the google groups discussion proposed by Misagh M ).有一个关于 CAS 的 wiki 页面对此进行了辩论: https ://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen (但它比Misagh提出的谷歌小组讨论更早米)。
My solution is " Using CAS from external link or custom external form ".我的解决方案是“ 从外部链接或自定义外部表单使用 CAS ”。
I know its late but if someone is looking for an answer this is how I solve this.我知道为时已晚,但如果有人正在寻找答案,这就是我解决这个问题的方法。 This is the code I put in casLoginView.jsp
这是我放在 casLoginView.jsp 中的代码
<head>
<script language="javascript">
function doAutoLogin() {
document.forms[0].submit();
}
</script>
</head>
<body onload="doAutoLogin();">
<form id="credentials" method="POST" action="<%= request.getContextPath() %>/login?service=<%= request.getParameter("service") %>">
<input type="hidden" name="lt" value="${loginTicket}" />
<input type="hidden" name="execution" value="${flowExecutionKey}" />
<input type="hidden" name="_eventId" value="submit" />
<input type="hidden" name="serviceLogin" value="<%= request.getParameter("serviceLogin") %>"/>
<input type="hidden" name="username" value="<%= request.getParameter("username") %>" />
<input type="hidden" name="password" value="<%= request.getParameter("password") %>" />
<%
if ("true".equals(request.getParameter("rememberMe"))) {%>
<input type="hidden" name="rememberMe" id="rememberMe" value="true"/>
<% } %>
<input type="submit" value="Submit" style="visibility: hidden;" />
</form>
<% } else {
response.sendRedirect(request.getParameter("redirectURL"));
}
%>
</body>
And in your webapp just make a POST petition to your CAS server.在您的 webapp 中,只需向您的 CAS 服务器发出 POST 请求。
Hope it helps希望能帮助到你
You must get a copy of CAS official client source code( cas-client-core, https://github.com/apereo/java-cas-client ), and make sure you could compile it.您必须获得一份 CAS 官方客户端源代码(cas-client-core, https://github.com/apereo/java-cas-client ),并确保您可以编译它。
You need change the doFilter() function code at org.jasig.cas.client.authentication.AuthenticationFilter in client source code like the below.您需要更改客户端源代码中 org.jasig.cas.client.authentication.AuthenticationFilter 中的 doFilter() 函数代码,如下所示。
final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; final HttpSession session = request.getSession(false); final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null; if(request.getServletPath().toLowerCase().equals("/caslogout.jsp")) { // Set the custom client login page when you logout from CAS server. request.setAttribute("casServerLogoutUrl",casServerLoginUrl.replace("login","logout")); request.setAttribute("customServerLoginUrl",customServerLoginUrl); //We must remove the attribute of CONST_CAS_ASSERTION manually if(session!=null) session.removeAttribute(CONST_CAS_ASSERTION); filterChain.doFilter(request, response); return; } if (assertion != null) { filterChain.doFilter(request, response); return; } // Although the custom login page must called caslogin, here you can change it. if(request.getServletPath().toLowerCase().equals("/caslogin.jsp")) { //Set the a default parameter to the caslogin request.setAttribute("defaultServerIndexUrl",defaultServerIndexUrl); request.setAttribute("casServerLoginUrl",casServerLoginUrl); filterChain.doFilter(request, response); return; } final String serviceUrl = constructServiceUrl(request, response); final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName()); final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl); if (CommonUtils.isNotBlank(ticket) || wasGatewayed) { filterChain.doFilter(request, response); return; } final String modifiedServiceUrl; log.debug("no ticket and no assertion found"); if (this.gateway) { log.debug("setting gateway attribute in session"); modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl); } else { modifiedServiceUrl = serviceUrl; } if (log.isDebugEnabled()) { log.debug("Constructed service url: " + modifiedServiceUrl); } final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway); if (log.isDebugEnabled()) { log.debug("redirecting to \"" + urlToRedirectTo + "\""); } // Add a custom server login url parameter to the CAS login url. response.sendRedirect(urlToRedirectTo+"&customLogin=custom&customLoginPage="+customServerLoginUrl);
Add your own compiled cas-client-core to the dependence of your client webapp.将自己编译的 cas-client-core 添加到客户端 webapp 的依赖中。
Add the caslogin.jsp to your client webapp.将 caslogin.jsp 添加到您的客户端 webapp。
<form method="GET" action="<%=request.getAttribute("casServerLoginUrl")%>"> <p>Username : <input type="text" name="username" /></p> <p>Password : <input type="password" name="password" /></p> <p><input type="submit" value="Login" /></p> <input type="hidden" name="auto" value="true" /> <input type="hidden" name="service" value="<%=request.getParameter("service")==null?request.getAttribute("defaultServerIndexUrl"):request.getParameter("service")%>" />
<init-param> <param-name>defaultServerIndexUrl</param-name> <param-value>http://clientip:port/webappname/index.jsp</param-value> </init-param> <init-param> <param-name>customServerLoginUrl</param-name> <param-value>http://clientip:port/webappname/caslogin.jsp</param-value> </init-param>
<% String auto=request.getParameter("auto"); String customLogin=request.getParameter("customLogin"); if(auto!=null&&auto.equals("true")) { %> <html> <head> <script language="javascript"> function doAutoLogin() { document.forms[0].submit(); } </script> </head> <body onload="doAutoLogin()"> <form id="credentials" method="POST" action="<%=request.getContextPath()%>/login?service=<%=request.getParameter("service")%>"> <input type="hidden" name="lt" value="${loginTicket}" /> <input type="hidden" name="execution" value="${flowExecutionKey}" /> <input type="hidden" name="_eventId" value="submit" /> <input type="hidden" name="username" value="<%=request.getParameter("username")%>" /> <input type="hidden" name="password" value="<%=request.getParameter("password")%>" /> <input type="hidden" name="login_form" value="<%=request.getParameter("login_form")%>" /> <input type="hidden" name="rememberMe" value="true" /> <input type="submit" value="Submit" style="visibility: hidden" /> </form> </body> </html> <% } else if(customLogin!=null&&customLogin.equals("custom")) { response.sendRedirect(request.getParameter("customLoginPage")+"?service="+request.getParameter("service")); %> <% } else {%> <!-- The Orgin Source Code of casLoginView.jsp!!!!!!!!!!!!!!!!!!!!!!!!! --> <%}%>
I also make a sample about how to login cas with client custom login screen rather than server login srceen.我还制作了一个关于如何使用客户端自定义登录屏幕而不是服务器登录屏幕登录 cas 的示例。 You could download it on
你可以下载到
https://github.com/yangminxing/cas-custom-login-page https://github.com/yangminxing/cas-custom-login-page
to login cas without login screen page, I custom flow login (write another action-state)在没有登录屏幕页面的情况下登录 cas,我自定义流程登录(编写另一个动作状态)
1.In login-webflow.xml you write other action-state of transition in action-state id="generateLoginTicket". 1.在 login-webflow.xml 中,您可以在 action-state id="generateLoginTicket" 中编写转换的其他动作状态。 In this action-state (I call it is submitNotUseForm), I do the same "realSubmit" action-state.
在这个动作状态(我称之为 submitNotUseForm)中,我执行相同的“realSubmit”动作状态。
2.In evaluate of "submitNotUseForm" --> class AuthenticationViaFormAction, I write method submitNotForm() and check : 2.在评估“submitNotUseForm”-> 类 AuthenticationViaFormAction 时,我编写方法 submitNotForm() 并检查:
2.1: if have no service call, it return value for call to "viewLoginForm" else I get parameter from request set for credentials 2.1:如果没有服务调用,则返回调用“viewLoginForm”的值,否则我从凭据的请求集中获取参数
2.2: Everything else do the same method submit 2.2:其他都做同样的方法提交
It work for me !它对我有用!
we tried to hit CAS and add &gateway=true in the URL param.我们尝试点击 CAS 并在 URL 参数中添加 &gateway=true。 CAS will redirect to our app's base_url/j_spring_cas_security_check without showing login prompt (our app used Spring with CAS)
CAS 将重定向到我们应用程序的 base_url/j_spring_cas_security_check 而不显示登录提示(我们的应用程序使用带有 CAS 的 Spring)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.