How to specify landing page (url) in json file for a service when accessStrategy requiredAttributes results in "Service Access Denied"
209 views
Skip to first unread message
crdaudt
Dec 1, 2017, 10:02:48 AM12/1/17
to CAS Community
By default, if a user attempts to obtain a service ticket for a service that requires attributes that he/she does not have, CAS redirects them back to the login page with a message "Service access denied due to missing privileges". I wish to direct them elsewhere, because there is no point in the user logging in again. I attempted to use the "unauthorizedRedirectUrl" property, but that did not appear to have any affecti; unauthorized users are still directed back to the login page.
I am attaching a copy of my json file. How do I send a user to a different URL?
I am attaching a copy of my json file. How do I send a user to a different URL?
Andy Ng
Dec 3, 2017, 8:49:34 AM12/3/17
to CAS Community
Well... If this is a necessary feature and you still haven't come up with a solution, here an idea that might helps you. (I think unauthorizedRedirectUrl is for other use case, hence not working, as you have tested)
Any time user have this error "Service access denied due to missing privileges", they will show an error on page. So it might be possible to use Thymeleaf tricks to redirect user.
Note: The below method is not good code, but this is the only simple solution I have think of off the top of my head.
==================================Below code are not tested============================================
classpath:/templates/casLoginView.hrml (inside <head> should be fine):
<!-- th:block does not leave trace for users-->
<th:block th:if="${#fields.hasErrors('*')}">
<th:block th:each="err : ${#fields.errors('*')}" ><!--Loop through errors-->
<script th:inline="javascript" th:if="${#fields.hasErrors('*') == @environment.getProperty('authenticationFailure.UnauthorizedServiceForPrincipalException')}">
window.location.href = 'http://www.example.com/the_page_you_want_your_user_to_be_redirected_to';
</script>
</th:block>
</th:block>
Then user will be redirected to this http://www.example.com/the_page_you_want_your_user_to_be_redirected_to page. when UnauthorizedServiceForPrincipalException error triggered.
If you want a more elegant solution, then you might look into modifying the java code.... However, it might be more tedious.
- Andy
Jeremy Rosenberg
Dec 3, 2017, 10:41:32 PM12/3/17
to CAS Community
This was broken, I think it’s fixed in 5.2.
crdaudt
Dec 4, 2017, 4:57:40 PM12/4/17
to CAS Community
Thanks Andy and Jeremy. I will upgrade to v5.2 and test the "unauthorizedRedirectUrl" property to see if it is working.
crdaudt
Dec 13, 2017, 9:02:59 AM12/13/17
to CAS Community
Just a quick update. I have not yet been able to verify Jeremy's idea about v5.2 fixing the "unauthorizedRedirectUrl" property. I have had difficulties with the maven update relating to unresolved dependencies, and subsequently created a separate post at https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/CLUB4nv_Rjw to resolve the update issue. Once I am able to update CAS to v5.2 and test the "unauthorizedRedirectUrl" property, I will update this post.
crdaudt
Dec 18, 2017, 1:29:30 PM12/18/17
to CAS Community
Just to confirm: upgrading to CAS v5.2 fixed the unauthorizedRedirectUrl property. Thanks!
Reply all
Reply to author
Forward
0 new messages