Colin, I see what you are saying. I checked a spring service app and it does indeed change the URL. Could you switch to web.xml defined cas client configuration? It preserves the attributes (I checked another of our apps).
Ray On Wed, 2019-12-18 at 16:30 -0500, Colin Ryan wrote: Folks, Me again...sorry...still trying yet another way to do what I need done...le sigh... Anyhow all these variations now lead me to this new question, hopefully as I learn more about CAS my questions become more clear. So I have my Web Application that is using Spring Security and CAS. I need this application to support multiple dynamic contexts where each context represents a Service definition in CAS which in turn has varying authentication parameters for it. So for example if someone enters on: <https://myapp.com?profile=xxxx> https://myapp.com?profile=xxxx versus <https://myapp.com?profile=yyyy> https://myapp.com?profile=yyyy Then the application will redirect to CAS which will match a service pattern for ?profile=xxxx or ?profile=yyyyy which in turn allows me to specify a specific authentication configuration for profile xxxx to be, for example, LDAP, or yyyy to be RADIUS etc. Note, these are different authentication providers not decisions for multi-factor, so as far as I can tell I cannot use any of the mfa-auth triggering. However when I write my Java Spring CAS Web client I must specify the serviceURL in the ServiceProperties Bean. As such anything I GET to the web application is supplanted by the serviceURL as it's redirected to CAS and hence I loose pattern match to different profiles at the CAS authentication. @Bean public ServiceProperties serviceProperties() { ServiceProperties serviceProperties = new ServiceProperties(); serviceProperties.setService(" <https://myapp.com> https://myapp.com "); serviceProperties.setSendRenew(false); return serviceProperties; } Documentation around the service parameter in other places like mod_auth_cas etc, implies that so long as things are properly escaped in the URL's that they will survive the CAS redirect. But in the Java client examples the serviceURL is in a Bean and is hard coded and hence all the parameter are dropped as the user is taken over to the CAS login screens. Is there a way via the Java API to take the request.queryString() contents and get that appended to the serviceURL so that when redirected to CAS that the parameters are preserved...i.e. <https://cas/cas/login?service=https://myapp.com?profile=xxx> https://cas/cas/login?service=https://myapp.com?profile=xxx . Thanks Colin Ryan -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a0d57907f5654357b359757d3554ac194c720770.camel%40uvic.ca.
