<var name="credentials" class="org.jasig.cas.authentication.principal.UsernamePasswordCredentials" />
<on-start>
<evaluate expression="initialFlowSetupAction" />
<set name="flowScope.displaySPNegoButton" value="false" />
</on-start>
<decision-state id="ticketGrantingTicketExistsCheck">
<if test="flowScope.ticketGrantingTicketId neq null" then="hasServiceCheck" else="gatewayRequestCheck" />
</decision-state>
<decision-state id="gatewayRequestCheck">
<if test="externalContext.requestParameterMap['gateway'] neq '' && externalContext.requestParameterMap['gateway'] neq null && flowScope.service neq null" then="gatewayServicesManagementCheck" else="startAuthenticateCheck" />
</decision-state>
<decision-state id="hasServiceCheck">
<if test="flowScope.service != null" then="renewRequestCheck" else="viewGenericLoginSuccess" />
</decision-state>
<decision-state id="renewRequestCheck">
<if test="externalContext.requestParameterMap['renew'] neq '' && externalContext.requestParameterMap['renew'] neq null" then="startAuthenticateCheck" else="generateServiceTicket" />
</decision-state>
<!--
The "warn" action makes the determination of whether to redirect directly to the requested
service or display the "confirmation" page to go back to the server.
-->
<decision-state id="warn">
<if test="flowScope.warnCookieValue" then="showWarningView" else="redirect" />
</decision-state>
<!--
<action-state id="startAuthenticate">
<action bean="x509Check" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="warn" to="warn" />
<transition on="error" to="generateLoginTicket" />
</action-state>
-->
<decision-state id="startAuthenticateCheck">
<if test="externalContext.requestParameterMap['spnego'] neq '' && externalContext.requestParameterMap['spnego'] neq null && externalContext.requestParameterMap['spnego'] eq 'off'" then="generateLoginTicket" else="spnegoForceCheckAction" />
</decision-state>
<decision-state id="spnegoForceCheckAction">
<if test="externalContext.requestParameterMap['forcespnego'] neq '' && externalContext.requestParameterMap['forcespnego'] neq null && externalContext.requestParameterMap['forcespnego'] eq 'true'" then="spnegoIPCheckAction2" else="spnegoAppCheckAction" />
</decision-state>
<action-state id="spnegoAppCheckAction">
<evaluate expression="spNegoAppCheck" />
<transition on="yes" to="spnegoIPCheckAction2" />
<transition on="no" to="spnegoIPCheckAction" />
</action-state>
<action-state id="spnegoIPCheckAction">
<evaluate expression="spNegoIPCheck" />
<transition on="yes" to="generateLoginTicket" >
<set name="flowScope.displaySPNegoButton" value="true" />
</transition>
<transition on="no" to="generateLoginTicket" />
</action-state>
<action-state id="spnegoIPCheckAction2">
<evaluate expression="spNegoIPCheck" />
<transition on="yes" to="startAuthenticate" />
<transition on="no" to="generateLoginTicket" />
</action-state>
<action-state id="startAuthenticate">
<evaluate expression="negociateSpnego" />
<transition on="success" to="spnego" />
</action-state>
<action-state id="spnego">
<evaluate expression="spnego" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="generateLoginTicket" />
</action-state>
<action-state id="generateLoginTicket">
<evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />
<transition on="success" to="viewLoginForm" />
</action-state>
# cas.authn.spnego.spnegoMode=direct: indicates to go directly to the SPNEGO by changing the succes transition of initialLoginForm action-state to startSpnegoAuthenticate
# cas.authn.spnego.spnegoMode=evaluateClient: indicates to evaluate the client based on the client action strategy defined in evaluateClientActionStrategy.
# It changes the success transition of initialLoginForm action-state to evaluateClientRequestcas.authn.spnego.spnegoMode=evaluateClient|direct
# The following property is deprecated#cas.authn.spnego.hostNameClientActionStrategy=serviceNameSpnegoClientAction# cas.authn.spnego.evaluateClientActionStrategy=hostnameSpnegoClientAction where CAS checks to see if the request?s remote hostname matches a predefine pattern# cas.authn.spnego.evaluateClientActionStrategy=ldapSpnegoClientAction where CAS checks an LDAP instance for the remote hostname,
# to locate a pre-defined attribute whose mere existence would allow the webflow to resume to SPNEGO# cas.authn.spnego.evaluateClientActionStrategy=serviceNameSpnegoClientAction where CAS checks if the service corresponds to a regularExpression# defined in serviceNamePatternString and the ip corresponds to ipsToCheckPattern implemented# in baseSpnegoClientActioncas.authn.spnego.evaluateClientActionStrategy=serviceNameSpnegoClientAction
cas.authn.spnego.ipsToCheckPattern=((127\.0)|(122.110))(\.[0-9]{1,3}){2}cas.authn.spnego.serviceNamePatternString=(app1\.domain\.ca)|(app2\.domain\.ca)
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/_jUtK7VnhFs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/deeb374f-38e0-4bb0-8b18-35cc3ee46a7c%40apereo.org.
To unsubscribe from this group and all its topics, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/deeb374f-38e0-4bb0-8b18-35cc3ee46a7c%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANjq9ChHNPOLZSeU%3DmHs1MP3cyB1F69imxA7LzrDrc56oSWzTQ%40mail.gmail.com.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/deeb374f-38e0-4bb0-8b18-35cc3ee46a7c%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/deeb374f-38e0-4bb0-8b18-35cc3ee46a7c%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANjq9ChHNPOLZSeU%3DmHs1MP3cyB1F69imxA7LzrDrc56oSWzTQ%40mail.gmail.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/_jUtK7VnhFs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bg7XA%3DdcrpWp1uqxttB9kA4sqb2w%2BHqysEcTsBeTg2Upmr6pg%40mail.gmail.com.
To unsubscribe from this group and all its topics, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/deeb374f-38e0-4bb0-8b18-35cc3ee46a7c%40apereo.org.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANjq9ChHNPOLZSeU%3DmHs1MP3cyB1F69imxA7LzrDrc56oSWzTQ%40mail.gmail.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/_jUtK7VnhFs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bg7XA%3DdcrpWp1uqxttB9kA4sqb2w%2BHqysEcTsBeTg2Upmr6pg%40mail.gmail.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANjq9CgQNUpKKbtOY7rdQHtW-rGLxajwPRUj-W5XrjrWkAAiYw%40mail.gmail.com.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/deeb374f-38e0-4bb0-8b18-35cc3ee46a7c%40apereo.org.
...
[Message tronqué]
I was about to post about this and found this topic about it being broken since 5.0.x. Looking through the code, the issue is the evaluateClientRequest is never called within the SpnegoWebConfigurer class. The issue is easily resolved by registering it first as it called the startSpnegoAuthenticate if set, however the false action registers the start state which creates an infinite loop. I changed it to register the viewLoginForm as it does with Spnego and it works fine. I was going to create a pull request with my suggestion but I wasn't sure if this was intended behavior and I was doing something wrong or not. I'll go ahead and create one and link it once I have.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/_jUtK7VnhFs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9046fc76-097e-415b-af98-41e54264fb54%40apereo.org.