CAS ADFS Integration

[Антон Шихмат]

Hello everyone,

On my current project we use CAS with configured custom database authentication provider.

Few weeks ago we received request from our client to integrate CAS with their ADFS.
I did it using provided tutorial on CAS website. After that only ADFS authentication can be used. What I mean – when user tries to open secured page, ADFS logic page is displayed, so user can use only his ADFS credentials and cannot navigate to regular logic page (where database authentication is configured).

So my question is – is it possible to have a database authentication provider configured as primary one (with default login page) and to have button on that page that will redirect to ADFS authentication provider?

Thanks,
Anton

[Uxío Prego]

Let us hope am wrong, but reminds me vaguely of

https://groups.google.com/a/apereo.org/d/msg/cas-user/BwnFLyc8TnY/6NjFsnIEAQAJ

Best of luck,

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5254c733-f507-46e0-ab43-a0a67022c2a5%40apereo.org.

[Misagh Moayyed]

Yes; there is a setting that controls auto-redirect to ADFS. Set that to false, and put the link on the login page.

--Misagh

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/B6930B01-0EDC-4199-B933-E1053778E231%40madiva.com.

[Антон Шихмат]

Thank you!
This property is "cas.authn.wsfed.autoRedirect"

[Антон Шихмат]

Right now have another issue. 
I've added link to the login page to redirect to the ADFS login page using Webflow functionality. But after successful login, default login page is displayed again for some reason.

If login using credentials from the database - everything works as expected. Do I need to add some additional configuration? I mean maybe some webflow update needed?

On Tuesday, July 18, 2017 at 2:26:23 AM UTC+3, Misagh Moayyed wrote:

[Антон Шихмат]

Okay, so I did it.
I've updated loginform.html with a link to the adfs:

<form method="post" id="adfsLoginForm">

        <input type="hidden" name="execution" th:value="${flowExecutionKey}"/>

        <input type="hidden" name="_eventId" value="wsFederationAction"/>

        <span class="fa fa-unlock"></span>

        <a href="javascript:void(0)" onclick="$('#adfsLoginForm').submit();" >Login via ADFS</a>

        <p/>

</form>

And I've updated a workflow, so by default regular login form is displayed, but in case adfsLoginForm link is selected, CAS will redirect to ADFS and use it for authentication.
For this purpose I've created a class ADFSWebflowConfigurer that adds additional check if user was authenticated using ADFS.
For this purpose "ticketGrantingTicketCheck" state is updated, so in case of "notExist" ADFS check will be executed additionally.

[Mr Rao]

Hi Anton, Can you share your demo app? I've exact same requirement.  Also which version of cas you are using?

Thanks

Rao