CAS with non-browser clients

[Scott Battaglia]

Paul,

If you required such functionality, you could merely add an "Action" to the
Web Flow before the form is displayed that sets a response code in the HTTP
Header.

CAS uses Spring Web Flow for its login flow:
http://www.springframework.org/documentation

-Scott

On 6/6/07, Paul Harrison <pharriso at eso.org> wrote:
>
> Hi,
>
> I was searching for an elegant solution to the problem of signalling
> to a non-browser client that CAS login is required. During an
> interactive session with a standard web browser it is obvious to the
> user that they need to log-in because they are presented with the
> login form, but as far as I am aware this is not signalled in any way
> at the http protocol level - unlike digest and basic authentication
> with the use of 401 status requests and WWW-Authenticate headers -
> but in common with any form based authentication. This means that
> when trying to write a non-browser tool that wants to access http
> resources protected by CAS I can only think of two options when
> working out when a username/password needs to be sent.
>
> 1. hard code the location of the CAS login page into the application
> and use that to recognise when to send the credentials
> 2. parse any html pages that are returned looking for a form with
> <input type="password" />
>
> neither of which I class as "elegant" - I would appreciate any ideas
> on this subject.
>
> Cheers,
>         Paul.
>
> Paul Harrison
> ESO Garching
> www.eso.org
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070606/48371547/attachment.html