[cas-dev] Using CAS without the CAS login screen

Jennifer Yang jyoonyang at gmail.com
Tue Oct 3 14:03:48 EDT 2006 

Hi Scott,

One of our app uses DHTML/javascript to display a popup for collecting
username/password.

I understand using URLConnection will not establish SSO session since there
is no browser involved.  It was just first trying to get the whole flow
working: getting the login ticket, logging in and validating service
ticket.  I am really after the second part of that article which uses
redirects: "get a login ticket. Then, generate Redirect to the browser
placing the login ticket, the username, and the password on the CAS login
URL to which you're redirecting."  But I couldn't get this to work.

Thanks,
Jennifer


On 10/2/06, Scott Battaglia <scott.battaglia at gmail.com> wrote:
>
> If your requirement is only that the username/password form appear on the
> application page (vs. a redirect) then you can set up an alternative login
> page for CAS that is merely the form and then use IFRAMEs to embed this
> login page on a particular application (such as a portals) home page.  Its
> nice because if you already have a session the user will automatically be
> logged in.  If you don't then the user will see the login form on the home
> page (but still be able to participate in single sign on).  Google Mail (and
> various other Google products) work in a way similar to this.
>
> I'm not sure if this will work in your case though. Note however that if
> you collect the username/password and submit them via a URLConnection then
> you are not creating a single sign on session within the browser.
>
> -Scott
>
> On 10/2/06, Jennifer Yang <jyoonyang at gmail.com> wrote:
> >
> > Hi Scott,
> >
> > Yes, we are collecting the username/password and submitting it.  One of
> > the webapp we need to support use dhtml for requesting username/password.
> > Other apps can be redirected to the CAS login page.
> >
> > Could you elaborate Google Accounts solution?  I am not familiar with
> > it.
> >
> > Thanks,
> > Jennifer
> >
> > On 10/2/06, Scott Battaglia < scott.battaglia at gmail.com> wrote:
> > >
> > > Jennifer,
> > >
> > > Are you collecting the username/password on the client application and
> > > then submitting it?
> > >
> > > If so there may be a better alternative.  You can set up CAS to work
> > > like Google Accounts where you embed the login page in your application
> > > page.
> > >
> > > -Scott
> > >
> > > On 10/2/06, Jennifer Yang < jyoonyang at gmail.com> wrote:
> > >
> > > > Hello,
> > > >
> > > > I am trying something that is advised by CAS not to.  :-)  I am
> > > > investigating the ability to establish SSO in the background without user
> > > > getting redirected to the login screen.
> > > >
> > > > I was following this:
> > > > http://www.ja-sig.org/wiki/display/CAS/Using+CAS+without+the+CAS+login+screen
> > > >
> > > >
> > > > I was able to login and validate the service ticket, simply using
> > > > URLConnection.
> > > >
> > > > However, when I try the second part ("Again, get a login ticket.
> > > > Then, generate Redirect to the browser placing the login ticket, the
> > > > username, and the password on the CAS login URL to which you're
> > > > redirecting."), I get an error when the request is redirected.
> > > >
> > > > 2006-10-02 15:26:21,420 DEBUG [
> > > > org.springframework.webflow.execution.FlowExecutionManager] -
> > > > Returning selected view to client: [ ViewDescriptor at 1cd846c viewName
> > > > = 'casLoginView', redirect = false, model = map['flowExecutionId' ->
> > > > '75D56C4B-663C-1D55-F89F-179D71946ACB', 'currentStateId' -> 'viewLoginForm',
> > > > 'flowExecutionContext' -> [FlowExecutionImpl at 1b0dec3 key =
> > > > '1A7E518C-AE22-32A3-9C6F-9A96DEB4265B', activeFlow = 'loginFlow',
> > > > currentState = 'viewLoginForm', rootFlow = 'loginFlow',
> > > > executingFlowSessions = list[[FlowSessionImpl at 1121b88 flow =
> > > > 'loginFlow', currentState = 'viewLoginForm', attributesCount = 0, attributes
> > > > = map[[empty]]]]]]]
> > > > 2006-10-02 15:27:00,225 DEBUG [
> > > > org.springframework.webflow.execution.FlowExecutionManager] - New
> > > > request received from client, source event is: [ServletEvent at 16b4be5source =
> > > > org.apache.catalina.connector.RequestFacade at 12c08c7 , id = 'submit',
> > > > stateId = 'viewLoginForm', parameters = map['password' -> 'test', 'service'
> > > > -> 'http://www.google.com ', 'lt' ->
> > > > '75D56C4B-663C-1D55-F89F-179D71946ACB', 'username' -> 'test',
> > > > '_currentStateId' -> 'viewLoginForm', 'viewLoginForm' -> 'submit',
> > > > '_eventId' -> 'submit']]
> > > > 2006-10-02 15:27:00,226 WARN [
> > > > org.springframework.web.servlet.DispatcherServlet] - Handler
> > > > execution resulted in exception - forwarding to resolved error view
> > > > org.springframework.webflow.execution.NoSuchFlowExecutionException :
> > > > No executing flow could be found with id
> > > > '75D56C4B-663C-1D55-F89F-179D71946ACB' -- perhaps the flow has ended or
> > > > expired? This could happen if your users are relying on browser history
> > > > (typically via the back button) that reference ended flows.; nested
> > > > exception is java.lang.IllegalStateException: No session attribute '
> > > > org.springframework.webflow.execution.FlowExecution.75D56C4B-663C-1D55-F89F-179D71946ACB'
> > > > found
> > > > java.lang.IllegalStateException: No session attribute '
> > > > org.springframework.webflow.execution.FlowExecution.75D56C4B-663C-1D55-F89F-179D71946ACB' found
> > > >         at
> > > > org.springframework.web.util.WebUtils.getRequiredSessionAttribute(
> > > > WebUtils.java:205)
> > > >         at
> > > > org.springframework.webflow.execution.servlet.HttpSessionFlowExecutionStorage.load
> > > > (HttpSessionFlowExecutionStorage.java :67)
> > > >         at
> > > > org.springframework.webflow.execution.FlowExecutionManager.onEvent(
> > > > FlowExecutionManager.java:424)
> > > >         at
> > > > org.springframework.webflow.execution.FlowExecutionManager.onEvent(
> > > > FlowExecutionManager.java :389)
> > > >         at
> > > > org.springframework.webflow.execution.servlet.ServletFlowExecutionManager.handle
> > > > (ServletFlowExecutionManager.java:77)
> > > >
> > > > I think it's due to the session cookie not getting set correctly,
> > > > but I don't know how to fix it.
> > > >
> > > > Cookie mycookie = new Cookie("JSESSIONID", cookie);
> > > > mycookie.setDomain(<my CAS server hostname>);
> > > > response.addCookie(mycookie);
> > > >
> > > > Could you help?
> > > >
> > > > Thanks,
> > > > Jennifer
> > > >
> > > >
> > > > _______________________________________________
> > > > cas-dev mailing list
> > > > cas-dev at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > > >
> > > >
> > > >
> > >
> > > _______________________________________________
> > > cas-dev mailing list
> > > cas-dev at tp.its.yale.edu
> > >  http://tp.its.yale.edu/mailman/listinfo/cas-dev
> > >
> > >
> > >
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
> >
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20061003/7f81ffec/attachment.html

More information about the cas-dev mailing list