CAS - Redirect to custom login page when credentials are wrong

1
votes

Good morning.

I've successfully configured a CAS SSO server and client. However, I want to change CAS' configurations to use a custom login page. I followed this tutorial to make such configuration and it works like a charm. But, the problem is that when I enter invalid credentials (wrong username or password) it tries to redirect to the CAS' default login page; however, it should redirect to the custom external login page. I would really appreciate if you help me to find out how to make CAS to redirect to a different page when wrong credentials are entered.

This is my casLoginView.jsp

<%@ page contentType="text/html; charset=UTF-8" %>
<html>
<head>
    <script type="text/javascript">

        function doAutoLogin() {
            document.forms[0].submit();
        }
    </script>
</head>
<body onload="doAutoLogin();">
    <form id="credentials" method="POST" action="https://externalsite.com/cas-server-webapp-4.0.0/login?service=<%= request.getParameter("service") %>">
        <input type="hidden" name="lt" value="${loginTicket}" />
        <input type="hidden" name="execution" value="${flowExecutionKey}" />
        <input type="hidden" name="_eventId" value="submit" />
        <input type="hidden" name="username" value="<%= request.getParameter("username") %>" />
        <input type="hidden" name="password" value="<%= request.getParameter("password") %>" />
        <% if ("true".equals(request.getParameter("rememberMe"))) {%>
            <input type="hidden" name="rememberMe" value="true" />
        <% } %>    
        <input type="submit" value="Submit" style="visibility: hidden;" />
    </form>
</body>

And this is my external custom login page:

<form method="GET" action="https://externalsite.com/cas-server-webapp-4.0.0/">
    <p>Username : <input type="text" name="username" /></p>
    <p>Password : <input type="password" name="password" /></p>
    <p>Remember me : <input type="checkbox" name="rememberMe" value="true" /></p>
    <p><input type="submit" value="Login !" /></p>
    <input type="hidden" name="auto" value="true" />
    <input type="hidden" name="service" value="<%= request.getParameter("service") %>" />
</form>

Basically my external login page sends the credentials to the CAS login page and the latter is submited automatically. However, when credentials are wrong, CAS redirects to the default login page and not to my external login page.

Regards.

2
redirectsingle-sign-oncas
You might entice more responses by showing some relevant codeuser3277192
Thanks, I added some relevant code.Richard

2 Answers

1
votes

You need change the code at login-webflow.xml in cas-server-webapp. The code should be changed as below:

<action-state id="handleAuthenticationFailure">
 <!-- Comment FailedLoginException and AccountNotFoundException  -->
 <!--<transition on="FailedLoginException" to="generateLoginTicket"/>-->
 <!--<transition on="AccountNotFoundException" to="generateLoginTicket"/>-->
</action-state>

Add:

<action-state id="customFailedLoginException">
    <evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />
    <transition on="generated" to="customFailedLoginExceptionView" />
</action-state>

<view-state id="customFailedLoginExceptionView" view="externalRedirect:#{requestParameters.service}&amp;errorMsg=failedLogin"/>

<action-state id="customAccountNotFoundException">
    <evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />
    <transition on="generated" to="customAccoundNotFoundExceptionView" />
</action-state>

<view-state id="customAccoundNotFoundExceptionView" view="externalRedirect:#{requestParameters.service}&amp;errorMsg=notFound" />

Now if you submit a user name that do not exists or a password that is wrong, your would get a response url with a parameter called 'errorMsg'.

I also make a sample about how to login cas with client custom login screen rather than server login srceen. You could download it on
https://github.com/yangminxing/cas-custom-login-page

0
votes

I solved my problem by changing the transitions on the login-webflow.xml file. What I did was to create a new action state: 

<action-state id="customFailedLogin">
    <evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />
    <transition on="generated" to="externalRedirection" />
</action-state>

and this one calls a view-state which redirects the user to my external login page

<view-state id="externalRedirection" view="externalRedirect:#{requestParameters.callingUrl}&amp;error=true"/>

(callingUrl is a variable that I created and sent with the service url). At the end I just changed the transition in the handleAuthenticationFailure

<transition on="AccountNotFoundException" to="customFailedLogin"/>
<transition on="FailedLoginException" to="customFailedLogin"/>

Hope it helps to someone else.