-
Notifications
You must be signed in to change notification settings - Fork 250
Interrupting a CAS Login Session (5.x or Less)
You can force any login that is made through CAS to be interrupted by PWM by using a "checkAll" method within PWM. If any "force" options are selected within PWM then these items will be checked and the user, before going on to their destination, will have to update their information.
PWM setup using CAS SSO for Login with clearPass
Check PWM for a redirect whitelist under Settings > Security > Web Security > Redirect Whitelist
checkExpire - Checks password expiration only
checkResponses - Checks if security questions have been configured
checkProfile - Checks the user's profile with the defined settings in the Update Profile module
checkAll - Checks everything
Under cas/WEB-INF/view/jsp/default/ui create a new page, for example, myserviceInterruptView.jsp . Within that page simply add the below. "application.domain.com" is your application that is registered in CAS as an authorized service. After 'processAction' is where you want to put the command.
<%
String redirectURL=
"https://pwm.domain.com/pwm/private/CommandServlet?processAction=checkAll&forwardURL=https%3A%2F%2Fapplication.domain.com%2Flogin%2Fdefault.php?"+request.getParameter("ticket") ;
response.sendRedirect(redirectURL);
%>
Under cas/WEB-INF/classes/default_views.properties add your new page that you created, for example
myserviceInterruptView.(class)=org.springframework.web.servlet.view.JstlView
myserviceInterruptView.url=/WEB-INF/view/jsp/default/ui/myserviceInterruptView.jsp
Under cas/WEB-INF/ edit login-webflow.xml
From
transition on="success" to ="warn"
To
transition on="success" to ="checkPWMPolicy"
Note: The URL is not encoded like in the jsp page.
<action-state id="checkPWMPolicy">
<evaluate expression="flowScope.service.id" />
<transition on="https://application.domain.com/login/default.php" to="myappPWMCheck" />
<transition on="" to="warn" />
</action-state>
<end-state id="myappPWMCheck" view="myserviceInterruptView" />