ADFS delegation redirects on success
34 views
Skip to first unread message
Alexander Gruenke
Nov 22, 2017, 1:30:28 PM11/22/17
to CAS Community
Hi,
we have connected our CAS server to an ADFS server using the proposed cas-server-support-wsfederation-webflow. For single requests everything works fine, but in our scenario we embed multiple iframes into a page which all redirect to the CAS which then delegates to the ADFS - let us assume that we already are logged into the ADFS and are just missing the CAS ticket.
The redirects for the iframes may look like this:
https://our.cas.server/login?service=https%3A%2F%2Four.application.server%2Fpath%3Fsomeid%3D1
https://our.cas.server/login?service=https%3A%2F%2Four.application.server%2Fpath%3Fsomeid%3D2
https://our.cas.server/login?service=https%3A%2F%2Four.application.server%2Fpath%3Fsomeid%3D3
The CAS maps both requests to the same service which then redirects to the ADFS using a single configured relyingPartyIdentifier, for example urn:cas:ourapplication.
It seems the CAS maps all those ADFS results to the same service parameter and redirects to it. For example, all requests are redirected to https://our.application.server/path?someid=2 instead of ...someid=1, someid=2 and someid=3.
How do we have to configure the CAS and / or ADFS to support concurrent requests to CAS using any long value for someid?
Thanks for your help!
we have connected our CAS server to an ADFS server using the proposed cas-server-support-wsfederation-webflow. For single requests everything works fine, but in our scenario we embed multiple iframes into a page which all redirect to the CAS which then delegates to the ADFS - let us assume that we already are logged into the ADFS and are just missing the CAS ticket.
The redirects for the iframes may look like this:
https://our.cas.server/login?service=https%3A%2F%2Four.application.server%2Fpath%3Fsomeid%3D1
https://our.cas.server/login?service=https%3A%2F%2Four.application.server%2Fpath%3Fsomeid%3D2
https://our.cas.server/login?service=https%3A%2F%2Four.application.server%2Fpath%3Fsomeid%3D3
The CAS maps both requests to the same service which then redirects to the ADFS using a single configured relyingPartyIdentifier, for example urn:cas:ourapplication.
It seems the CAS maps all those ADFS results to the same service parameter and redirects to it. For example, all requests are redirected to https://our.application.server/path?someid=2 instead of ...someid=1, someid=2 and someid=3.
How do we have to configure the CAS and / or ADFS to support concurrent requests to CAS using any long value for someid?
Thanks for your help!
Alexander Gruenke
Nov 30, 2017, 6:20:04 AM11/30/17
to CAS Community
Reply all
Reply to author
Forward
0 new messages