abdessamad, You could look into upgrading your production java. Security is an important part of upgrades, especially for something like cas. Your user is accessing angular app not the spring boot app, so your user can not log in to spring boot app. If I understand correctly, you have two problems; how to log in to spring boot service and how does spring boot service know this particular user of a particular angular app is the one who authenticated. Possibilities to get the flow working. 1. angular app becomes a cas client (search this user group for discussion on this), then it uses the proxy flow I suggested earlier 2. angular app has a login page that redirects to a login page in spring boot service, user goes through normal login flow, spring boot app redirects to angular app after successful login. You will have to create some login token in spring boot app that can be sent to the angular app and used for each api call. The token will have to be secured in some way so a different user can not steal it. 3. access to angular app is through a protected page in spring boot service; so like option 2 but user accesses spring boot service first
The login page that the angular app received was not from the api response. Spring boot cas client blocked (secured) the api and returned the redirect to the login page. Your browser followed the redirect to cas login which was then consumed by the angular app. The angular app would have to detect this and tell the browser to redirect (again). After login, cas will redirect to the spring boot service, not the angular app. The spring boot app will then allow the API call and the response will be dumped to the browser and not your angular app. So how does the user get back to the angular app? Think of it like this; if your back end is secure, your front end should be as well. Ray P.S. If the angular app needs to consume a different API, only option 1 will work. On Thu, 2025-01-23 at 03:55 -0800, abdessamad kech wrote: You don't often get email from abdessamadkec...@gmail.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Hi Ray, Our production environment uses Java 8, while CAS 7.1 requires Java 21. I tried using CAS 6 with Java 17, but I encountered build errors. I think the main challenge is configuring Angular to consume CAS service APIs and manage the login page and redirection effectively. Angular does not need to interact directly with the CAS server, as Spring Security on the CAS server handles this flow. the problem I have is when I call the spring boot app (CAS SERVICE) API from Angular I get the CAS login page HTML as an API response instead of redirecting me to it in the browser. If you have any suggestions or insights on how to resolve these issues, I would greatly appreciate it! Best regards Le mercredi 22 janvier 2025 à 19:56:02 UTC+1, Ray Bon a écrit : abdessamad, I suggest you upgrade to the latest cas version, 7.1.x It sounds like your Angular client needs to interact with the Spring Boot service with the proxy protocol; see protocol flow https://apereo.github.io/cas/7.1.x/protocol/CAS-Protocol.html#proxy-webflow-diagram and config https://apereo.github.io/cas/7.1.x/authentication/Configuring-Proxy-Authentication.html Ray On Tue, 2025-01-21 at 17:24 -0800, abdessamad kech wrote: You don't often get email from abdessam...@gmail.com.Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Hi, I set up CAS server 5.3 and configured a Spring Boot Cas service with Spring Security to delegate authentication to CAS. It is working fine. When I try to call an API (GET, for example) from the browser, I get redirected to the CAS login page. After the authentication validation, the resource or API response is displayed in the browser as a JSON. However, I am facing an issue when trying to call the Spring Boot CAS service APIs from my Angular client (version 17). When I make the first API call from the Angular app, I am not authenticated, so I get the CAS login page as the API response. To handle this, I redirect the user to the CAS login page from the Angular app. Another problem arises after authentication: instead of returning the API response to the Angular app and setting the necessary cookies, the API response is displayed directly in the browser. I have been stuck on this issue for over a week and would greatly appreciate any guidance or suggestions to resolve it. Thank you in advance for your help! -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e5735d1b3adb6ba552920ee4a169d7607d80cc8e.camel%40uvic.ca.
