cas delegate skip WAYF screen

19 wyświetleń
Przejdź do pierwszej nieodczytanej wiadomości

Alin Tomoiaga

nieprzeczytany,
21 lip 2021, 09:00:4321.07.2021
do CAS Community
How can we skip the WAYF (choose IDP screen) when delegating to multiple IDPs?

Consider the scenario:
- our cas delegates to two other cas servers
- when the use logs in, they are presented with a screen allowing them to choose the IDP
- every time the user logs in, they need to choose the idp.
- is there a way to cache/save the choice as a default and /or provide the user with a url that will take them directly to the desired IDP?

Thanks

Alin Tomoiaga

nieprzeczytany,
21 lip 2021, 10:35:4021.07.2021
do CAS Community, Alin Tomoiaga
This is the behavior that I am seeing in 5.2.7:
- if I have a single delegated idp, this works https://myapppretectedwithcas?client_name=remoteidp1. It works great; get redirected to remoteidp1 comes back to app, great. 

cas.authn.pac4j.cas[0].loginUrl=https://remoteidp1/cas/login
cas.authn.pac4j.cas[0].protocol=CAS20
cas.authn.pac4j.cas[0].clientName=remoteidp1
cas.authn.pac4j.cas[0].autoRedirect=true # not sure if this does anything

cas.authn.pac4j.autoRedirect=true # i guess this works

- but if I have two idps, then https://myapppretectedwithcas?client_name=remoteidp1 does not work anymore

cas.authn.pac4j.cas[0].loginUrl=https://remoteidp1/cas/login
cas.authn.pac4j.cas[0].protocol=CAS20
cas.authn.pac4j.cas[0].clientName=remoteidp1
cas.authn.pac4j.cas[0].autoRedirect=true # not sure if this does anything

cas.authn.pac4j.autoRedirect=true # i guess this works

cas.authn.pac4j.cas[1].loginUrl=https://remoteidp2/cas/login
cas.authn.pac4j.cas[1].protocol=CAS20
cas.authn.pac4j.cas[1].clientName=remoteidp2

Now, nothing works,
this does not work meaning the user is just presented with the WAYF page, but they are not sent to the IDPs directly
this does not work

Thank you for your help!
Best.

Alin Tomoiaga

nieprzeczytany,
21 lip 2021, 10:54:0621.07.2021
do CAS Community, Alin Tomoiaga
I do see this "CAS does allow options for auto-redirection of the authentication flow to a provider, if only there is a single provider available and configured." (https://apereo.github.io/cas/5.2.x/integration/Delegate-Authentication.html#user-interface).
But this is such a useful feature particularly when there are multiple providers.. is there a way to turn it on for multiple providers?

Odpowiedz wszystkim
Odpowiedz autorowi
Przekaż
Nowe wiadomości: 0