Skip to content

CAS – usage of serviceURL

December 2, 2008

In case of invalid user for an [ ZZ  ]  application the following is the detailed behavior of CAS.

In case of Service URL:
1.       CAS  client – after Login –  doFilter -> CAS Receipt  (Containing the ticket  ) added to the Session
2.       CAS server redirect to the requesting service URL i.e :  [ ZZ  ] welcome page
3.       DefaultCASLoginHandler handleRequest called
4.       Forwarded to ProfileRepository data loading
5.       Error in profile loading
6.       LoginException dumped to trace
7.       Session invalidated – CAS Receipt stored in session lost.
8.       Redirected to invalidAccessPage .html
9.       CAS doFilter called
10.   Receipt not found
11.   Generate a new CASReceipt (i.e Ticket)  for the service – welcome page
12.   Redirect to the service url – i.e welcome page
13.   —-Same process repeated again and again —–

In case of Server name:port

1.       CAS Client after login doFilter -> CAS Receipt  (Containing the ticket  ) added to the Session
2.       CAS server redirect to the requesting service URL i.e :  [ ZZ  ] welcome page
3.       DefaultCASLoginHandler handleRequest called
4.       Forwarded to ProfileRepository data loading
5.       Error in profile loading
6.       LoginException dumped to trace
7.       Session invalidated – CAS Receipt stored in session lost.
8.       Redirected to invalidAccessPage
9.       CAS doFilter called
10.   Receipt not found
11.   Generate a new CASReceipt (i.e Ticket)  for the service – invalidAccessPage  .html
12.   Redirect to the service url – i.e invalidAccessPage  .html

Thus what happens is CAS Server redirects to the requesting service – which is welcome page in case of Service URL and invalidAccessPage  in case of server name.
I think  – if [ ZZ  ] takes the approach of redirecting to errorPage first – and on render method  of error page –
1.       Giving a timer on error page – to the user that he doesn’t have rights and would be redirected to the logout page
2.       Invalidating the session and Redirect to CAS Logout page – after a few seconds.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: