-
Notifications
You must be signed in to change notification settings - Fork 26
Configuring custom redirect URLs for un enabled service registrations
Since version 1.0.5 of cas-addons there is an ability to configure a custom redirect URL that will be followed after a login web flow ends in the case where a registered service is configured with disabledServiceUrl extra attribute and has been disabled i.e. enabled=false
The intended use of this is taking an application down for maintenance. You might have practices in place for the traditional complete take-down of the application, which normally replaces an application with a single error page. That's fine, by all means, use other good practices you're comfortable with. But you might want to leave the application mostly "up". Maybe it has not-authenticated experiences worth retaining, or maybe it has an administrative back-door that doesn't require CAS login that you'd like to continue to exercise. This service registration per-service redirect feature allows you to un-enable login to the application in the CAS service registry and have CAS redirect attempts to log in to this application to the URL of your choice. For this intended use, a good URL to choose might be a custom page you've created explaining that there's an outage and setting expectations of when the application will fully return to service.
This feature only works for service registries supporting arbitrary service registration attributes, such as the increasingly popular JSON Service Registry. These instructions are for editing your JSON Service Registry registrations file to actuate this feature.
{
"id":"1",
"serviceId":"https://some_application.example.edu",
"name":"Awesome Application",
"description":"An awesome application that is just not available for login right now.",
"enabled":false,
"extraAttributes":{
"disabledServiceUrl":"https://some_application.example.edu/sorry_unavailable_for_login"
}
}<bean id="serviceAuthorizationCheck" class="net.unicon.cas.addons.web.flow.ServiceAuthorizationCheckWithCustomView">
<constructor-arg index="0" ref="servicesManager"/>
</bean><action-state id="serviceAuthorizationCheck">
<evaluate expression="serviceAuthorizationCheck"/>
<transition on="success" to="generateLoginTicket"/>
<transition on="no" to="redirectToDisabledServiceUrl"/>
</action-state><end-state id="redirectToDisabledServiceUrl" view="externalRedirect:${requestScope.disabledServiceUrl}" />