Spring Security & CAS - Backup login page in case of CAS failure?

0
votes

I have an application that connects to a CAS server, allows the user to do the CAS/SSO login, and then redirects them to the application's home page. Simple enough.

The problem is that CAS is relatively new to my organization and as of today, we only have it set up on one server. So, if the server becomes unreachable for any reason, the application can no longer be accessed as the CAS login page will not load.

What I would like is for my application to be able to detect
a) the CAS server is unreachable after a reasonable number of retries
b) subsequently redirect the user to the non-CAS/SSO login page and use the basic Spring Security config that is in place using LDAP

I don't see anything in the Spring documentation for this particular scenario. Suggestions?

1
springspring-securitysingle-sign-oncas

1 Answers

0
votes

You could try extending CasAuthenticationEntryPoint. Entry points in Spring Security are the things that determine where to go when authentication is necessary.

public LocalLoginFallbackCasAuthenticationEntryPoint 
    extends CasAuthenticationEntryPoint {

    @Override
    protected String createRedirectUrl(final String serviceUrl) {
        if ( prevailingCircumstancesMandate() ) {
            return "/our/legacy/login/page";
        } else {
            // go to CAS, like normal
            return super.createRedirectUrl(serviceUrl);
        }
    }
}

And then configure in your HttpSecurity object:

@Override
protected void configure(HttpSecurity http) {
    http.exceptionHandling()
            .authenticationEntryPoint(myCustomEntryPoint());
}