[cas-dev] Using CAS without the CAS login screen

Scott Battaglia scott.battaglia at gmail.com
Mon Oct 2 23:15:43 EDT 2006 

If your requirement is only that the username/password form appear on the
application page (vs. a redirect) then you can set up an alternative login
page for CAS that is merely the form and then use IFRAMEs to embed this
login page on a particular application (such as a portals) home page.  Its
nice because if you already have a session the user will automatically be
logged in.  If you don't then the user will see the login form on the home
page (but still be able to participate in single sign on).  Google Mail (and
various other Google products) work in a way similar to this.

I'm not sure if this will work in your case though. Note however that if you
collect the username/password and submit them via a URLConnection then you
are not creating a single sign on session within the browser.

-Scott

On 10/2/06, Jennifer Yang <jyoonyang at gmail.com> wrote:
>
> Hi Scott,
>
> Yes, we are collecting the username/password and submitting it.  One of
> the webapp we need to support use dhtml for requesting username/password.
> Other apps can be redirected to the CAS login page.
>
> Could you elaborate Google Accounts solution?  I am not familiar with it.
>
> Thanks,
> Jennifer
>
> On 10/2/06, Scott Battaglia < scott.battaglia at gmail.com> wrote:
> >
> > Jennifer,
> >
> > Are you collecting the username/password on the client application and
> > then submitting it?
> >
> > If so there may be a better alternative.  You can set up CAS to work
> > like Google Accounts where you embed the login page in your application
> > page.
> >
> > -Scott
> >
> > On 10/2/06, Jennifer Yang < jyoonyang at gmail.com> wrote:
> >
> > > Hello,
> > >
> > > I am trying something that is advised by CAS not to.  :-)  I am
> > > investigating the ability to establish SSO in the background without user
> > > getting redirected to the login screen.
> > >
> > > I was following this:
> > > http://www.ja-sig.org/wiki/display/CAS/Using+CAS+without+the+CAS+login+screen
> > >
> > >
> > > I was able to login and validate the service ticket, simply using
> > > URLConnection.
> > >
> > > However, when I try the second part ("Again, get a login ticket. Then,
> > > generate Redirect to the browser placing the login ticket, the username, and
> > > the password on the CAS login URL to which you're redirecting."), I get an
> > > error when the request is redirected.
> > >
> > > 2006-10-02 15:26:21,420 DEBUG [
> > > org.springframework.webflow.execution.FlowExecutionManager] -
> > > Returning selected view to client: [ ViewDescriptor at 1cd846c viewName =
> > > 'casLoginView', redirect = false, model = map['flowExecutionId' ->
> > > '75D56C4B-663C-1D55-F89F-179D71946ACB', 'currentStateId' -> 'viewLoginForm',
> > > 'flowExecutionContext' -> [FlowExecutionImpl at 1b0dec3 key =
> > > '1A7E518C-AE22-32A3-9C6F-9A96DEB4265B', activeFlow = 'loginFlow',
> > > currentState = 'viewLoginForm', rootFlow = 'loginFlow',
> > > executingFlowSessions = list[[FlowSessionImpl at 1121b88 flow =
> > > 'loginFlow', currentState = 'viewLoginForm', attributesCount = 0, attributes
> > > = map[[empty]]]]]]]
> > > 2006-10-02 15:27:00,225 DEBUG [
> > > org.springframework.webflow.execution.FlowExecutionManager] - New
> > > request received from client, source event is: [ServletEvent at 16b4be5source =
> > > org.apache.catalina.connector.RequestFacade at 12c08c7 , id = 'submit',
> > > stateId = 'viewLoginForm', parameters = map['password' -> 'test', 'service'
> > > -> 'http://www.google.com ', 'lt' ->
> > > '75D56C4B-663C-1D55-F89F-179D71946ACB', 'username' -> 'test',
> > > '_currentStateId' -> 'viewLoginForm', 'viewLoginForm' -> 'submit',
> > > '_eventId' -> 'submit']]
> > > 2006-10-02 15:27:00,226 WARN [
> > > org.springframework.web.servlet.DispatcherServlet] - Handler execution
> > > resulted in exception - forwarding to resolved error view
> > > org.springframework.webflow.execution.NoSuchFlowExecutionException :
> > > No executing flow could be found with id
> > > '75D56C4B-663C-1D55-F89F-179D71946ACB' -- perhaps the flow has ended or
> > > expired? This could happen if your users are relying on browser history
> > > (typically via the back button) that reference ended flows.; nested
> > > exception is java.lang.IllegalStateException: No session attribute '
> > > org.springframework.webflow.execution.FlowExecution.75D56C4B-663C-1D55-F89F-179D71946ACB'
> > > found
> > > java.lang.IllegalStateException: No session attribute '
> > > org.springframework.webflow.execution.FlowExecution.75D56C4B-663C-1D55-F89F-179D71946ACB' found
> > >         at
> > > org.springframework.web.util.WebUtils.getRequiredSessionAttribute(
> > > WebUtils.java:205)
> > >         at
> > > org.springframework.webflow.execution.servlet.HttpSessionFlowExecutionStorage.load
> > > (HttpSessionFlowExecutionStorage.java :67)
> > >         at
> > > org.springframework.webflow.execution.FlowExecutionManager.onEvent(
> > > FlowExecutionManager.java:424)
> > >         at
> > > org.springframework.webflow.execution.FlowExecutionManager.onEvent(
> > > FlowExecutionManager.java :389)
> > >         at
> > > org.springframework.webflow.execution.servlet.ServletFlowExecutionManager.handle
> > > (ServletFlowExecutionManager.java:77)
> > >
> > > I think it's due to the session cookie not getting set correctly, but
> > > I don't know how to fix it.
> > >
> > > Cookie mycookie = new Cookie("JSESSIONID", cookie);
> > > mycookie.setDomain(<my CAS server hostname>);
> > > response.addCookie(mycookie);
> > >
> > > Could you help?
> > >
> > > Thanks,
> > > Jennifer
> > >
> > >
> > > _______________________________________________
> > > cas-dev mailing list
> > > cas-dev at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > >
> > >
> > >
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20061002/cbd5e021/attachment.html

More information about the cas-dev mailing list