[cas-dev] Using CAS without the CAS login screen

Scott Battaglia scott.battaglia at gmail.com
Mon Oct 2 22:17:15 EDT 2006 

Jennifer,

Are you collecting the username/password on the client application and then
submitting it?

If so there may be a better alternative.  You can set up CAS to work like
Google Accounts where you embed the login page in your application page.

-Scott

On 10/2/06, Jennifer Yang <jyoonyang at gmail.com> wrote:
>
> Hello,
>
> I am trying something that is advised by CAS not to.  :-)  I am
> investigating the ability to establish SSO in the background without user
> getting redirected to the login screen.
>
> I was following this:
>
> http://www.ja-sig.org/wiki/display/CAS/Using+CAS+without+the+CAS+login+screen
>
> I was able to login and validate the service ticket, simply using
> URLConnection.
>
> However, when I try the second part ("Again, get a login ticket. Then,
> generate Redirect to the browser placing the login ticket, the username, and
> the password on the CAS login URL to which you're redirecting."), I get an
> error when the request is redirected.
>
> 2006-10-02 15:26:21,420 DEBUG [
> org.springframework.webflow.execution.FlowExecutionManager] - Returning
> selected view to client: [ ViewDescriptor at 1cd846c viewName =
> 'casLoginView', redirect = false, model = map['flowExecutionId' ->
> '75D56C4B-663C-1D55-F89F-179D71946ACB', 'currentStateId' -> 'viewLoginForm',
> 'flowExecutionContext' -> [FlowExecutionImpl at 1b0dec3 key =
> '1A7E518C-AE22-32A3-9C6F-9A96DEB4265B', activeFlow = 'loginFlow',
> currentState = 'viewLoginForm', rootFlow = 'loginFlow',
> executingFlowSessions = list[[FlowSessionImpl at 1121b88 flow = 'loginFlow',
> currentState = 'viewLoginForm', attributesCount = 0, attributes =
> map[[empty]]]]]]]
> 2006-10-02 15:27:00,225 DEBUG [
> org.springframework.webflow.execution.FlowExecutionManager] - New request
> received from client, source event is: [ServletEvent at 16b4be5 source =
> org.apache.catalina.connector.RequestFacade at 12c08c7 , id = 'submit',
> stateId = 'viewLoginForm', parameters = map['password' -> 'test', 'service'
> -> 'http://www.google.com', 'lt' ->
> '75D56C4B-663C-1D55-F89F-179D71946ACB', 'username' -> 'test',
> '_currentStateId' -> 'viewLoginForm', 'viewLoginForm' -> 'submit',
> '_eventId' -> 'submit']]
> 2006-10-02 15:27:00,226 WARN [
> org.springframework.web.servlet.DispatcherServlet] - Handler execution
> resulted in exception - forwarding to resolved error view
> org.springframework.webflow.execution.NoSuchFlowExecutionException : No
> executing flow could be found with id '75D56C4B-663C-1D55-F89F-179D71946ACB'
> -- perhaps the flow has ended or expired? This could happen if your users
> are relying on browser history (typically via the back button) that
> reference ended flows.; nested exception is
> java.lang.IllegalStateException: No session attribute '
> org.springframework.webflow.execution.FlowExecution.75D56C4B-663C-1D55-F89F-179D71946ACB'
> found
> java.lang.IllegalStateException: No session attribute '
> org.springframework.webflow.execution.FlowExecution.75D56C4B-663C-1D55-F89F-179D71946ACB' found
>         at
> org.springframework.web.util.WebUtils.getRequiredSessionAttribute(
> WebUtils.java:205)
>         at
> org.springframework.webflow.execution.servlet.HttpSessionFlowExecutionStorage.load
> (HttpSessionFlowExecutionStorage.java :67)
>         at
> org.springframework.webflow.execution.FlowExecutionManager.onEvent(
> FlowExecutionManager.java:424)
>         at
> org.springframework.webflow.execution.FlowExecutionManager.onEvent(
> FlowExecutionManager.java :389)
>         at
> org.springframework.webflow.execution.servlet.ServletFlowExecutionManager.handle
> (ServletFlowExecutionManager.java:77)
>
> I think it's due to the session cookie not getting set correctly, but I
> don't know how to fix it.
>
> Cookie mycookie = new Cookie("JSESSIONID", cookie);
> mycookie.setDomain(<my CAS server hostname>);
> response.addCookie(mycookie);
>
> Could you help?
>
> Thanks,
> Jennifer
>
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20061002/7a5a66e1/attachment.html

More information about the cas-dev mailing list