Hi, Controlling the behavior by IP is not out-of-the-box. I think your best option here is to override the DelegatedClientAuthenticationAction. Thanks. Best regards, Jérôme
On Tue, Oct 2, 2018 at 3:21 PM Dicta Artisan <[email protected]> wrote: > Hi all > > I have question on configuring a complex scenario where I am protecting a > series of services with a CAS instance (5.2). I have two sets of users that > I want authenticated by CAS: a set I can authenticate via a database (using > a query database authenticator) and another set I can authenticate > delegating to an external SAML IdP (with a pac4J delegated authenticator). > Basically some users we manage ourselves, some other users are managed by a > different organisation with their own IdP. The application needs to provide > equal access to all users to protected services. > > Once I define the two authenticators, the default CAS login page presents > the username/password boxes with the SAML IdP as an optional button to > click on. > > I would like that the login screen behaves the following way: connections > from a designated IP address range are not presented the login but > redirected to an authentication request to the SAML IdP. And that > connections arriving from other addresses are presented the login screen > for username and password and not offered the option attempting the SAML > IdP. > > Is there a parameter I can pass to the login screen to request an > automatic redirect to the delegated service under certain conditions? And > similay, is there an option to present a login where authentication is > performed against the database only? In my webapp I can detect the IP > address before presenting the CAS login screen to the users, but I am at > loss how to configure or drive CAS to adapt the login behaviour for these > two cases. > > I suspect I can hack the login page to do this, but this would be rather > crude. Is there a better option? Thanks for any suggestion you might have. > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/415c786c-1872-45ef-8011-2c37d78406ee%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/415c786c-1872-45ef-8011-2c37d78406ee%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LygOwwqT__mfvcu5LAAwNzuS_Ei9qbh6W9S9%2B1yNQ3_Uw%40mail.gmail.com.
