You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by srini_keshav <sr...@gmail.com> on 2014/12/31 07:49:32 UTC
Shiro-CAS integration : Customizing the CAS login page
Hi,
Not sure if I am asking the right question but then need help to sort out an
issue that I am currently facing with Shiro-CAS integration. I am using
Shiro with Spring based configuration.
We have recently moved over to CAS for authentication purposes. As some of
our customers (a.k.a Tenants) have the login page customized, would it be
possible to customize the CAS login page depending on which tenant is trying
to access the application.
When Shiro detects that it is an unauthenticated request, it redirects the
user to CAS. Can I pass additional info to CAS (for example the tenant name)
so that I can then work towards providing a customized login page.
Any help or suggestion regarding this would be of great help.
Thanks in advance,
Srini
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro-CAS integration : Customizing the CAS login page
Posted by srini_keshav <sr...@gmail.com>.
Hi,
Apologies for not being able to paste the complete snippet from the
shiro-context.
Here's the shiroFilter bean definition
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl"
value="${cas.external.url}?service=${service.url}/shiro-cas" />
<property name="successUrl" value="/landing.htm" />
<property name="filterChainDefinitions">
<value>
/shiro-cas = casFilter
/myclientapp/** = myShiroFilter
/** = authc,myShiroFilter
</value>
</property>
</bean>
Thanks,
Srini
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580383.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro-CAS integration : Customizing the CAS login page
Posted by jleleu <le...@gmail.com>.
Hi,
Can you try to override the redirectToLogin method as I did here:
https://github.com/bujiio/buji-pac4j/blob/master/servlet/src/main/java/io/buji/pac4j/filter/ClientRolesAuthorizationFilter.java#L51
?
Thanks.
Best regards,
Jérôme LELEU
Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
2015-01-08 13:09 GMT+01:00 srini_keshav [via Shiro User] <
ml-node+s582556n7580394h82@n2.nabble.com>:
> Hi Jérôme,
>
> I tried doing what you suggested but it didn't work. I am sure I am doing
> something wrong here. So, this is what I have in my shiro-context.xml:
>
> <bean id="shiroFilter"
> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> <property name="securityManager" ref="securityManager" />
> <property name="loginUrl"
> value="${cas.external.url}?service=${service.url}/shiro-cas?tenant=*" />
> <property name="successUrl" value="/landing.htm" />
>
> <property name="filterChainDefinitions">
> <value>
> /shiro-cas = casFilter
> /seratelui/** = filter1
> /** = myRolesfilter, authc
> </value>
> </property>
> </bean>
>
> And in the "myRolesFilter" class which is extending the
> RolesAuthorizationFilter, I modify the loginUrl by replacing the tenant=*
> with tenant=tenant_name and then tried calling setLoginUrl(newLoginUrl).
> But when i see the request in CAS, it is still coming in as:
>
> "${cas.external.url}?service=${service.url}/shiro-cas?tenant=*"
>
> So, i don't quite understand what is happening here. Can you please help?
>
> Thanks,
> Srini
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580394.html
> To start a new topic under Shiro User, email
> ml-node+s582556n582556h4@n2.nabble.com
> To unsubscribe from Shiro User, click here
> <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=bGVsZXVqQGdtYWlsLmNvbXw1ODI1NTZ8LTExNzY2MzcxMTY=>
> .
> NAML
> <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580396.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro-CAS integration : Customizing the CAS login page
Posted by srini_keshav <sr...@gmail.com>.
Hi Jérôme,
I tried doing what you suggested but it didn't work. I am sure I am doing
something wrong here. So, this is what I have in my shiro-context.xml:
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl"
value="${cas.external.url}?service=${service.url}/shiro-cas?tenant=*" />
<property name="successUrl" value="/landing.htm" />
<property name="filterChainDefinitions">
<value>
/shiro-cas = casFilter
/seratelui/** = filter1
/** = myRolesfilter, authc
</value>
</property>
</bean>
And in the "myRolesFilter" class which is extending the
RolesAuthorizationFilter, I modify the loginUrl by replacing the tenant=*
with tenant=tenant_name and then tried calling setLoginUrl(newLoginUrl). But
when i see the request in CAS, it is still coming in as:
"${cas.external.url}?service=${service.url}/shiro-cas?tenant=*"
So, i don't quite understand what is happening here. Can you please help?
Thanks,
Srini
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580394.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro-CAS integration : Customizing the CAS login page
Posted by srini_keshav <sr...@gmail.com>.
Hi Jérôme,
Thanks for your suggestion. Will try that out and see if it works.
Regards
Srinivasan
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580392.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro-CAS integration : Customizing the CAS login page
Posted by jleleu <le...@gmail.com>.
Hi,
If you want to send this additional parameter (*tenant*) to your CAS
server, I think the best way is to do that using a specific parameter in
the service url you can define with wildcard (http://serviceUrl?tenant=*
for an Ant pattern).
On Shiro side, you certainly need to customize the roles filter to be able
to change the service on the fly and use this *tenant* parameter.
Best regards,
Jérôme LELEU
Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
2014-12-31 11:20 GMT+01:00 srini_keshav [via Shiro User] <
ml-node+s582556n7580385h3@n2.nabble.com>:
> Hi Jérôme,
>
> Customers are generally provided a public URL to access our application:
>
> http://login.mycompany.net/CustomerName1/dashboard.html
>
> This then internally gets resolved to:
>
> https://dashboard4.mycompany.net/myapp/login.htm?tenant=CustomerName1
>
> For another customer, it could be
>
> https://dashboard2.mycompany.net/myapp/login.htm?tenant=CustomerName2
>
> This is our application which then displays the customized login page with
> the customer's logo, background etc.
>
> So, basically the service URL is going to change with respect to the
> customer and server that is going to serve the customer
>
> Now, is it possible for me to pass the service URL as is to the CAS server
> so that I can then customize the CAS login page accordingly.
>
> Thanks,
> Srini
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580385.html
> To start a new topic under Shiro User, email
> ml-node+s582556n582556h4@n2.nabble.com
> To unsubscribe from Shiro User, click here
> <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=bGVsZXVqQGdtYWlsLmNvbXw1ODI1NTZ8LTExNzY2MzcxMTY=>
> .
> NAML
> <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580389.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro-CAS integration : Customizing the CAS login page
Posted by srini_keshav <sr...@gmail.com>.
Hi Jérôme,
Customers are generally provided a public URL to access our application:
http://login.mycompany.net/CustomerName1/dashboard.html
This then internally gets resolved to:
https://dashboard4.mycompany.net/myapp/login.htm?tenant=CustomerName1
For another customer, it could be
https://dashboard2.mycompany.net/myapp/login.htm?tenant=CustomerName2
This is our application which then displays the customized login page with
the customer's logo, background etc.
So, basically the service URL is going to change with respect to the
customer and server that is going to serve the customer
Now, is it possible for me to pass the service URL as is to the CAS server
so that I can then customize the CAS login page accordingly.
Thanks,
Srini
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580385.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro-CAS integration : Customizing the CAS login page
Posted by jleleu <le...@gmail.com>.
Hi,
You can define a CAS service with wildcard (http://myhost/shiro-cas*) to
match multiple parameters: http://myhost/shiro-cas?app1,
http://myhost/shiro-cas?app2...
How do you want to pass this additional parameter to the service? Based on
which criteria?
Thanks.
Best regards,
Jérôme LELEU
Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
2014-12-31 10:28 GMT+01:00 srini_keshav [via Shiro User] <
ml-node+s582556n7580382h10@n2.nabble.com>:
> Hi Jérôme, thanks for your prompt response. I have started looking into
> the link that you have provided. I know it is related to CAS but then my
> CAS client has the shiroFilter in place and here's how it has been defined
> in the shiro-context.xml /shiro-cas = casFilter /myclientapp/** =
> myShiroFilter /** = authc,myShiroFilter And on the CAS server side,
> the only request parameter that I am able to retrieve is the "service"
> param which is there as a part of the "loginUrl". What I want to know is
> can i pass additional parameters to CAS via the Shiro filter. Thanks, Srini
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580382.html
> To start a new topic under Shiro User, email
> ml-node+s582556n582556h4@n2.nabble.com
> To unsubscribe from Shiro User, click here
> <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=bGVsZXVqQGdtYWlsLmNvbXw1ODI1NTZ8LTExNzY2MzcxMTY=>
> .
> NAML
> <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580384.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro-CAS integration : Customizing the CAS login page
Posted by srini_keshav <sr...@gmail.com>.
Hi Jérôme, thanks for your prompt response. I have started looking into the
link that you have provided.I know it is related to CAS but then my CAS
client has the shiroFilter in place and here's how it has been defined in
the shiro-context.xml /shiro-cas = casFilter /myclientapp/**
= myShiroFilter /** = authc,myShiroFilter And on the CAS server side,
the only request parameter that I am able to retrieve is the "service" param
which is there as a part of the "loginUrl". What I want to know is can i
pass additional parameters to CAS via the Shiro filter.Thanks,Srini
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580382.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Shiro-CAS integration : Customizing the CAS login page
Posted by jleleu <le...@gmail.com>.
Hi,
This is more a CAS question than a Shiro one.
When calling the CAS login page, a service parameter is sent to specify the
application requesting the authentication. You could certainly customize
the login page based on this service.
Here is the right place to start:
http://jasig.github.io/cas/4.0.x/installation/User-Interface-Customization.html
.
Best regards,
Jérôme LELEU
Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
2014-12-31 7:49 GMT+01:00 srini_keshav [via Shiro User] <
ml-node+s582556n7580380h48@n2.nabble.com>:
> Hi,
>
> Not sure if I am asking the right question but then need help to sort out
> an issue that I am currently facing with Shiro-CAS integration. I am using
> Shiro with Spring based configuration.
>
> We have recently moved over to CAS for authentication purposes. As some of
> our customers (a.k.a Tenants) have the login page customized, would it be
> possible to customize the CAS login page depending on which tenant is
> trying to access the application.
>
> When Shiro detects that it is an unauthenticated request, it redirects the
> user to CAS. Can I pass additional info to CAS (for example the tenant
> name) so that I can then work towards providing a customized login page.
>
> Any help or suggestion regarding this would be of great help.
>
> Thanks in advance,
> Srini
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380.html
> To start a new topic under Shiro User, email
> ml-node+s582556n582556h4@n2.nabble.com
> To unsubscribe from Shiro User, click here
> <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=bGVsZXVqQGdtYWlsLmNvbXw1ODI1NTZ8LTExNzY2MzcxMTY=>
> .
> NAML
> <http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-CAS-integration-Customizing-the-CAS-login-page-tp7580380p7580381.html
Sent from the Shiro User mailing list archive at Nabble.com.