Skip to content
This repository has been archived by the owner on Nov 3, 2017. It is now read-only.

Redirecting Service to External Url

Jump to bottom
Dmitriy Kopylenko edited this page Oct 21, 2013 · 7 revisions

In certain use cases, it is desirable to intercept an authentication request from a given application/service and redirect the flow to an external url. This may be survey application, agreeing to the terms of a privacy policy, etc such that once the task is done, the client would be redirected back to CAS and is able to resume authentication.

As of 1.9, there now exists a ServiceRedirectionAction that is able to make decisions about whether or not a service redirect/interrupt is needed. The component is also able to remember the decision made for future requests such that once returned, the client would be able to resume and not be redirected again to the external url.

Note: This feature requires that you adopt and deploy the JSON Service Registry

Configuration

  • Add the bean to your cas-servlet.xml file using custom XML configuration element:
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"              
       xmlns:cas="http://unicon.net/schema/cas"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd       
       http://unicon.net/schema/cas http://unicon.net/schema/cas/cas-addons.xsd">

   <cas:service-redirection-action/>

</beans>

This will create a service redirection action bean with a bean id of serviceRedirectionCheck and a InMemoryServiceRedirectionByClientIpAddressAdvisor as its ServiceRedirectionAdvisor. InMemoryServiceRedirectionByClientIpAddressAdvisor is the component that decides whether a redirect is required. It makes decisions based off of the client remote address, port, service and the redirect url and keeps a record of previously made decisions in memory only. If you wish augment this behavior and keep track of user state, implement the ServiceRedirectionAdvisor in a new Java class and define your custom behavior there. To inject your custom implementation of ServiceRedirectionAdvisor, use this form:

<cas:service-redirection-action redirection-advisor="myAdvisor"/>

where myAdvisor is the bean id of the custom advisor bean.

  • Modify your JSON service registry configuration file to add the new redirectToUrl attribute in the extraAttributes map:
{
  "services" : [ {
    "id" : 1,
    "description" : "Test Http/Https Services",
    "serviceId" : "^(https?)://.*",
    "name" : "Http/Https Services",
    "extraAttributes" : {
      "redirectToUrl": "http://www.yahoo.com"
    }
  }]
}
  • Modify the login-webflow.xml as such:
<action-state id="generateLoginTicket">
    <evaluate expression="serviceRedirectionCheck"/>
    <transition on="success" to="generateLoginTicketInternal"/>
    <transition on="yes" to="redirectToExternalUrl"/>
</action-state>
<end-state id="redirectToExternalUrl" view="externalRedirect:${requestScope.redirectToUrl}" />

<action-state id="generateLoginTicketInternal">
    <evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />
	<transition on="generated" to="viewLoginForm" />
</action-state>
Clone this wiki locally