Forums de discussion

  1. Accueil
  2. Development
  3. CAS authentication in IFrame

CAS authentication in IFrame

thumbnail
Dimitri Duszynski, modifié il y a 15 années.

CAS authentication in IFrame

New Member Publications: 19 Date d'inscription: 18/03/08 Publications récentes
Hello everybody,

I have successfully integrating CAS with Liferay 5.0 but I would like that the login on CAS be performed in an IFrame rather than be redirect to the CAS login page and then redirect back to liferay.
So I have put an IFrame which point to the CAS login URL but when I submit the information, only the IFrame portlet tells me that I am successfully authenticated and I 'm always on the liferay login page.

How I can redirect the user successfully authenticated in Liferay ??

P.S : I found a solution here but I can't understand how to make it work : IFrame redirect Solution

Thanks,

Greetings
thumbnail
Dimitri Duszynski, modifié il y a 15 années.

RE: CAS authentication in IFrame

New Member Publications: 19 Date d'inscription: 18/03/08 Publications récentes
Any ideas ???
Alvaro Manso, modifié il y a 15 années.

RE: CAS authentication in IFrame

Junior Member Publications: 27 Date d'inscription: 29/02/08 Publications récentes
You have to modify the Cas-Server, in the last step of the login flow you have to resize the iframe with javascript for use the parent window.
thumbnail
Dimitri Duszynski, modifié il y a 15 années.

RE: CAS authentication in IFrame

New Member Publications: 19 Date d'inscription: 18/03/08 Publications récentes
Hello,

Thanks for your reply.

After a few searches in the CAS-WEB folder, I've found the file login-webflow.xml but I don't know what I have to modify.
In the last state I have : 

<!-- The "redirect" end state allows CAS to properly end the workflow while still redirecting the 
user back to the service required -->
<end-state id="redirect" view="bean:dynamicRedirectViewSelector" />


It's in this bean that I have to make changes ??

Thanks,

Greetings,
Alvaro Manso, modifié il y a 15 années.

RE: CAS authentication in IFrame

Junior Member Publications: 27 Date d'inscription: 29/02/08 Publications récentes
I think you should ask in the CAS-DEV mailing list about this topic, anyway this is my what I did for the same problem.

If you search in cas-servlet.xml, you'll see that class for the bean dynamicRedirectViewSelector is org.jasig.cas.web.flow.DynamicRedirectViewSelector.

This is the original method that you have to modify in the class DynamicRedirectViewSelector :

public ViewSelection makeEntrySelection(final RequestContext request) {
        final WebApplicationService service = WebUtils.getService(request);
        final String ticket = WebUtils.getServiceTicketFromRequestScope(request);
        final Response serviceResponse = service.getResponse(ticket);
            
        switch (serviceResponse.getResponseType()) {
            case POST:
                final Map<string, object> model = new HashMap<string, object>();
                model.put("parameters", serviceResponse.getAttributes());
                model.put("originalUrl", service.getId());
                return new ApplicationView("postResponseView", model);
                
            default:
                return new ExternalRedirect(service.getResponse(ticket).getUrl());
        }
    }
</string,></string,>

I my case, I debbuged the execution and my response type is never POST, so my execution go always for default
I change the default case of the switch:

default:
               // original code
            	//return new ExternalRedirect(service.getResponse(ticket).getUrl());
            	
            	/*
            	 *Customized code for redirect the url to the top window. 
            	 */
          
       		final Map<string, object> modelAux = new HashMap<string, object>();
                modelAux.put("service", service.getResponse(ticket).getUrl());
                return new ApplicationView("redirectView", modelAux);      	
</string,></string,>

I created a new view in WEB_INF/classes/protocol_view.properties
I added to the end of the file

### Redirect View
redirectView.(class)=org.springframework.web.servlet.view.JstlView
redirectView.url=/WEB-INF/view/jsp/protocol/redirect.jsp


And this is my redirect.jsp



<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

<script type="text/javascript">
function redirect(){
	window.top.location.href = document.redirect.service.value;
}

</script>


	<form name="redirect" action="">
		<input type="hidden" name="service" id="service" value="${service}">
	</form>


Recapping,
You have to:
Customize the org.jasig.cas.web.flow.DynamicRedirectViewSelector.
Create a new cas-server-corexxxx.jar and overwrite the old one (you'll find it in WEB-INF/lib)
Modify WEB-INF/classes/protocol_view.properties for adding your new view
Create the new view
Create the new cas-web.war
Deploy it

Hope it Helps!
thumbnail
Dimitri Duszynski, modifié il y a 15 années.

RE: CAS authentication in IFrame

New Member Publications: 19 Date d'inscription: 18/03/08 Publications récentes
Hello,

Help me a lot to understand.

But that it works for you because for me the problem is still there.
I have put a println() in the modded DynamicRedirectViewSelector to see what happened but
I don't find this log in my tomcat console and only the iframe is still redirected. Its look like that I never go
to the method or the bean is never called ??
I have also read your post in the CAS-DEV mailing list.

Thanks,
Alvaro Manso, modifié il y a 15 années.

RE: CAS authentication in IFrame

Junior Member Publications: 27 Date d'inscription: 29/02/08 Publications récentes
Maybe you are using a different authentication mode or something like that.... I don't know, sorry.
I'd try to debug the execution, If you are using Eclipse it is easy to use the debug option, you just need to start tomcat with the jpda option and debug the application as Java Remote Application, It will help you much more than the log.
dori wal wal, modifié il y a 15 années.

RE: CAS authentication in IFrame

New Member Publications: 3 Date d'inscription: 23/09/08 Publications récentes
Hi

the problem that i have now is that only the cas portlet is refresh and user can see that his user/pwd are correct but the liferay home page is not render and user is still not log in to liferay

i looked at
http://www.liferay.com/web/guest/community/forums/-/message_boards/message/85547?_19_redirect=%2Fweb%2Fguest%2Fcommunity%2Fforums%3Fp_p_id%3D19%26p_p_lifecycle%3D0%26p_p_state%3Dmaximized%26p_p_mode%3Dview%26_19_struts_action%3D%252Fmessage_boards%252Fsearch%26_19_redirect%3D%252Fweb%252Fguest%252Fcommunity%252Fforums%26_19_breadcrumbsCategoryId%3D0%26_19_breadcrumbsMessageId%3D0%26_19_searchCategoryId%3D0%26_19_searchCategoryIds%3D0%26_19_threadId%3D0%26_19_tabs1TabsScroll%3D%26_19_keywords%3Diframe%2Bcas


And i didn't understand the step

"you must to set the service in CAS to a page which redirects to /c/portal/login."

i tried to put in the Enterprise admin counsel a value to the Service URL like

"http://localhost:8080/web/guest/home/dd.jsp"

but it looks like nothing happened i expected for an error because this page is not even exist !!!


can u please say how to set a value to that parameter and where in liferay i need to create that file

also i wanted to know if its needed to do all the server side steps
like changing DynamicRedirectViewSelector.java


thanks
Praj C, modifié il y a 15 années.

RE: CAS authentication in IFrame

New Member Publications: 2 Date d'inscription: 25/02/09 Publications récentes
I came across the same problem, and here is how I fixed it.

Have the Liferay IFrame portlet point to CAS.
configure IFrame portlet as
Source URL : https://xyz:8444/cas-server-webapp-3.3.1/login?service=http://xyz:8080/c/portal/login

Since you specify the service URL for CAS, it will redirect you to the liferay home page on successful login.

Hope this helps !
Chandra Rajput, modifié il y a 13 années.

RE: CAS authentication in IFrame

New Member Publications: 3 Date d'inscription: 03/06/10 Publications récentes
when i am doing this it goes into infinite loop. Please help
thumbnail
Balazs Zsoldos, modifié il y a 13 années.

RE: CAS authentication in IFrame

Junior Member Publications: 41 Date d'inscription: 12/04/06 Publications récentes
Hi,

for me when I used IFrame only the following javascript worked (within the IFrame):

top.window.location = 'http://...';

This redirects the browser so if you change the code of CAS to redirect in this way that might helps.

Regards,
Balazs
thumbnail
Ed Holderman, modifié il y a 13 années.

RE: CAS authentication in IFrame

Junior Member Publications: 25 Date d'inscription: 15/07/10 Publications récentes
(I also posted this response in a similar thread) Unless I am mistaken, this has a pretty big problem. Since the service URL is effectively hard coded in the portlet configuration, you are removing the capability to process deep links after login. For example, before a user has been authenticated they may access the portal through bookmarks, emails, hrefs, etc that lead to private pages. If you hardcode the service URL, they will not end up on their desired page after authentication. The other question is how do you configure portal to integrate CAS (you have to specify CAS login page) and also redirect to a portal login page with your IFrame portlet when they attempt to access a private page? I don't see a way out of the box but would love to hear how it can be done. Would you just configure the Control Panel's CAS login URL to be the portal login page?