How to organize forwarding from cas server?

E

Evgeny Afanasev2021-01-05 21:53:08

JavaScript

Evgeny Afanasev, 2021-01-05 21:53:08

good afternoon. There is a front (angular), there is a back API for the front (spring boot). I want to implement my own CAS server. In my understanding, the user presses the login button, he checks for the presence of a JWT, if not, then throws out 403, the front redirects to the CAS service with the login and pass form, after the login a JWT is issued, but now how to redirect the user back to the service from which he came with an already existing JWT token for this service? Also, if my logic of understanding the mechanism is incorrect, then please point it out

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vamp, 2021-01-06
@Afanasevek

When redirecting to cas, you need to pass parameters where to redirect the user back.
If we take this site as an example (qna.habr.com), then when trying to authorize, it redirects to

https://account.habr.com/login/?consumer=qna&ostate=bb9acafa489dc93106685c101891cfffb

Notice the consumer parameter. According to it, cas determines where to return the user. When authorizing on habré, this parameter will contain habr. In habr career there will be career. Etc.
Alternatively, you can write the return address to the database, and cas, using the passed identifier (the state parameter from the example above), will get the address from the database and send the user to it.
Or you can send a specific link right away:

https://cas.example.org/?return_to=https%3A%2F%2Fexample.com%2Farticles%3Fpage%3D8

But in this case, on the side of the cas server, you need to additionally validate the address in order to protect users from possible phishing.