Choosing Delegation (or local auth) by email domain

[Moshe Katz]

Hello all,

I am a long-time CAS user, but this is the first time I am setting up a new CAS deployment myself. I plan to start my setup with the current development 6.1.0 release candidates.

I would have thought this question had been asked before, but searching here I can't seem to find it, so here goes...

The primary purpose of this CAS deployment will be to authenticate users to a SaaS product. We expect about half the users to be using our internal authentication (JDBC to PostgreSQL) and the other half to be using their own authentication (most of them will probably be ADFS) through Delegated Authentication.

The issue I have is that we can't have users who use Delegated Authentication have to look for their server on the list of Delegated Authentication providers, and we can't allow users who visit the login page to see a list of half of our clients right there to choose from.

What I would like to do is what Google and Microsoft have implemented for their login systems, namely that when you come to the login page you only see a box for "Email Address". After you enter your email address, we parse out the domain from it and check which authentication method to use for that domain. If it will be internal database authentication, we redirect to a form with a password field, and if it will be external authentication we redirect to the appropriate service.

I assume that I should be able to do this, most likely using Webflow Customization, but I really have no idea where to start.

I was wondering if anyone has done this before who can share some code and/or tips, or if anyone has any other recommendations.

Thanks,

Moshe

[Ray Bon]

Moshe,

As I understand CAS authentication sources, CAS tries each one listed in the config in the order they are listed.

Try that first. Maybe you do not need a custom solution.

Ray

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.