Keep old login pages
Scott Battaglia
scott.battaglia at gmail.com
Mon Feb 26 09:05:54 EST 2007
We don't recommend screen scraping (as your application would need to be
updated if the login page changed). What we do recommend is that you create
a minimal login screen and change the last redirect of the login flow to use
JavaScript to handle the redirect. Then embed this minimal login screen on
your application pages with an iframe. This would allow you to keep your
existing login page (though they would be formatted slightly different
depending on how you format the minimal login screen) and still allow you to
participate in single sign on.
Its very similar to Google Accounts.
-Scott
On 2/26/07, Dave Brondsema <dave at brondsema.net> wrote:
>
> Edmund Mielach wrote:
> > Hi!
> >
> > I try to realize a sigle-sign-on mechanism for two webapps, one written
> > in PHP and a Java based one. My first tests where quite successful. But
> > now my problem is, that I want to keep the original loginpages of my
> > webapplications. Therefore I tried to change them in a way, that they
> > send the credentials directly to CAS, including the correct redirect URL
> > by changing the action attribute of the login forms to
> > "https://myurl/cas/login?service=<<mywebapp>> ". However, without a
> > correct flowExecutionKey (I'm not familiar with the spring framework,
> > but as far as I know this is an ID to control a workflow) I have no
> > chance to login at this point.
> >
> > Does anyone have an idea how to get a valid flowExecutionKey into my
> > original loginpages? With a valid flowExecutionKey the whole thing would
> > work exactly as it should. Or isn't this a very good idea because of any
> > security reasons?
> >
>
> Take a look at
>
> http://www.ja-sig.org/wiki/display/CAS/Using+CAS+without+the+CAS+login+screen
> if you haven't yet. It discussess some of the security/usability
> issues, and provides some options. I use what is described in the
> second paragraph of "Alternative approaches": proxying the CAS login
> screen into your app. That might work for you.
>
> --
> Dave Brondsema
> Software Developer
> Cornerstone University
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070226/aa62af30/attachment.html
More information about the cas
mailing list