Take user back to Login page after MFA login error

[Yan Zhou]

Hi,

CAS 6.6.x with MFA.   After I correctly enter user credentials, I will be asked for a code, if that fails, CAS shows casMfaDeniedView.  

The following CAS code (if user enters incorrect code) simply takes user back to MFA login page, so that user can retry. I would not want users to have unlimited retry, so I want to extend the flow, adding a button that takes user back to login page, clearing credentials already established during the initial login flow.

But, MFA flow and Login flow are two different flows, i have trouble to implement this correctly.  How do you do this?

Thanks,

Yan

            val realSubmitState = createActionState(flow, CasWebflowConstants.STATE_ID_REAL_SUBMIT,
                createEvaluateAction(CasWebflowConstants.ACTION_ID_OTP_AUTHENTICATION_ACTION));
            createTransitionForState(realSubmitState, CasWebflowConstants.TRANSITION_ID_SUCCESS, CasWebflowConstants.STATE_ID_SUCCESS);
            createTransitionForState(realSubmitState, CasWebflowConstants.TRANSITION_ID_ERROR, CasWebflowConstants.STATE_ID_VIEW_LOGIN_FORM);            

[Ray Bon]

Yan,

The doExecute method gets the RequestContext https://docs.spring.io/spring-webflow/docs/current/api/org/springframework/webflow/execution/RequestContext.html, which has a number of maps. At least one of them should have an object(s) that represents the successful login (hopefully it will be mutable).

You could then redirect to the login page (the initial URL will also be in one of the maps). 

Ray

P.S. Note: if you are logging the contents of the request context maps, some of them will have the user's credentials

P.P.S here is a method to format the flow (AbstractCasWebflowConfigurer has a getLoginFlow method):

/**

* Formats a spring webflow flow to help determine how to modify a flow.

* Adds new lines and indents to make it easier to read.

* @param input flow.toString()

* @return nicely formatted flow

*/

public String formatFlow(final String input) {

//LOGGER.debug("input: ." + input + ".");

// used to add an extra indent for an object's field members

java.util.Stack<java.util.AbstractMap.SimpleEntry> stack = new java.util.Stack<>();

int currPosition = 0;

String indent = "";

String indentor = "\t";

String newLine = "\n";

// object identifier

java.util.regex.Pattern objPattern = Pattern.compile("^(\\w+@\\w+)\\b.*");

String in = input.trim();

StringBuilder out = new StringBuilder();

while (in.length() > currPosition) {

java.util.regex.Matcher m = objPattern.matcher(in.substring(currPosition));

String firstTwo = "";

// capture first two characters to match against ']' or '],'

if (1 < in.length() - currPosition) {

firstTwo = in.substring(currPosition, currPosition + 2);

} else {

// at end of input

firstTwo = in.substring(currPosition, currPosition + 1);

}

if (in.startsWith("[", currPosition)) {

out.append(indent).append(in.charAt(currPosition)).append(newLine);

indent += indentor;

currPosition++;

if (!stack.empty()) {

java.util.AbstractMap.SimpleEntry<String, Integer> se = stack.pop();

se.setValue(se.getValue() + 1);

stack.push(se);

}

} else if (firstTwo.startsWith("]")) {

if (!stack.empty()) {

java.util.AbstractMap.SimpleEntry<String, Integer> se = stack.pop();

if (1 > se.getValue()) {

// outdent after printing member variables

indent = indent.replaceFirst(indentor, "");

if (!stack.empty()) {

// this ] closes from outer object

java.util.AbstractMap.SimpleEntry<String, Integer> seOuter = stack.pop();

seOuter.setValue(seOuter.getValue() - 1);

stack.push(seOuter);

}

} else {

se.setValue(se.getValue() - 1);

stack.push(se);

}

}

indent = indent.replaceFirst(indentor, "");

out.append(indent).append("]");

if ("],".equals(firstTwo)) {

out.append(",");

currPosition++;

}

out.append(newLine);

currPosition++;

} else if (m.matches()) {

String obj = m.group(1);

out.append(indent).append(obj).append(newLine);

indent = indent + indentor;

// prepare for members

stack.push(new java.util.AbstractMap.SimpleEntry<String, Integer>(obj, 0));

currPosition += obj.length();

} else {

int nextOpenBracket = in.indexOf("[", currPosition);

int nextCloseBracket = in.indexOf("]", currPosition);

int nextComma = in.indexOf(",", currPosition);

int nextMark = 0;

boolean increaseIndent = false;

// if [ or , not found, push beyond last position which would be ]

if (0 > nextOpenBracket) {

nextOpenBracket = in.length();

}

if (0 > nextComma) {

nextComma = in.length();

}

// add 1 when [ and , since they should remain on same line and ] should be on next line

if (nextCloseBracket > nextOpenBracket) {

if (nextOpenBracket > nextComma) {

nextMark = nextComma + 1;

} else {

nextMark = nextOpenBracket + 1;

// bypass empty and null

if ((in.substring(nextMark).startsWith("[empty]]"))

|| (in.substring(nextMark).startsWith("null]"))) {

if (in.substring(nextMark).startsWith("[empty]],")) {

nextMark += 9;

} else if (in.substring(nextMark).startsWith("[empty]]")) {

nextMark += 8;

} else if (in.substring(nextMark).startsWith("null],")) {

nextMark += 6;

} else if (in.substring(nextMark).startsWith("null]")) {

nextMark += 5;

}

} else {

// indent members

increaseIndent = true;

if (!stack.empty()) {

java.util.AbstractMap.SimpleEntry<String, Integer> se = stack.pop();

se.setValue(se.getValue() + 1);

stack.push(se);

}

}

}

} else if (nextCloseBracket > nextComma) {

nextMark = nextComma + 1;

} else {

nextMark = nextCloseBracket;

}

String s = in.substring(currPosition, nextMark).trim();

if (0 < s.length()) {

out.append(indent).append(s).append(newLine);

currPosition = nextMark;

}

if (increaseIndent) {

// for next line

indent = indent + indentor;

}

}

}

String formatted = out.toString().trim();

//LOGGER.debug("formatted: ." + formatted + ".");

return formatted;

}

On Wed, 2024-02-21 at 13:04 -0800, Yan Zhou wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.