Tiancheng,
My filter knowledge may be rusty but you could break out of the filter chain
when !isSsoOn.
if (isSsoOn){
chain.doFilter(request, response); // continue with CAS filters
}else{
String path = ...; // non SSO login
response.sendRedirect(path);
}
Ray
On Wed, 2017-09-20 at 01:12 -0700, Tiancheng Hu wrote:
For certain necessities, I've to implement a switchable SSO scheme in WebApp
side.
Current plan is to add a top-level filter which retrieves SSO ON/OFF config,
forwards to 4 SSO filters + 1 SLO filter when SSO's on, or keep on to non-SSO
authentication when SSO' off.
if (!isSsoOn){
chain.doFilter(request, response);
}else{
String path =
request.getRequestURI().substring(request.getContextPath().length());
request.getRequestDispatcher("/sso" + path).forward(request, response);
}
For this, I need to filter-mapping SSO filters to pattern like ”/sso/*“ and
remove this prefix after SSO handling (authentication, ticket-validation,
request-wrapper, assertion-thread-localization). Is it secure, or appropriate
to do so, considering all those afterwards redirecting between cas-server and
cas-client?
--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1505926635.13366.37.camel%40uvic.ca.
