Keep old login pages
Dave Brondsema
dave at brondsema.net
Mon Feb 26 08:53:07 EST 2007
Edmund Mielach wrote:
> Hi!
>
> I try to realize a sigle-sign-on mechanism for two webapps, one written
> in PHP and a Java based one. My first tests where quite successful. But
> now my problem is, that I want to keep the original loginpages of my
> webapplications. Therefore I tried to change them in a way, that they
> send the credentials directly to CAS, including the correct redirect URL
> by changing the action attribute of the login forms to
> “https://myurl/cas/login?service=<<mywebapp>> “. However, without a
> correct flowExecutionKey (I'm not familiar with the spring framework,
> but as far as I know this is an ID to control a workflow) I have no
> chance to login at this point.
>
> Does anyone have an idea how to get a valid flowExecutionKey into my
> original loginpages? With a valid flowExecutionKey the whole thing would
> work exactly as it should. Or isn't this a very good idea because of any
> security reasons?
>
Take a look at
http://www.ja-sig.org/wiki/display/CAS/Using+CAS+without+the+CAS+login+screen
if you haven't yet. It discussess some of the security/usability
issues, and provides some options. I use what is described in the
second paragraph of "Alternative approaches": proxying the CAS login
screen into your app. That might work for you.
--
Dave Brondsema
Software Developer
Cornerstone University
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 888 bytes
Desc: OpenPGP digital signature
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20070226/027098d6/attachment.bin
More information about the cas
mailing list