Hi Daniel, There are certain issues with each approach that one discuss:
1. Does the using application know which domain to be sent as a parameter? - that information poses a restriction that each application needs to know prior to sending to cas. 2. Are all users aware of the domain in which they are logging into - if yes then a drop down can be provided in which they can select the domain and then proceed with the login. 3. Creating a virtual host subdomain - would imply configuration needs every time a new domain is required - so know the frequency of this change request as would each application be aware of which subdomain url to redirect the user to? That conditional logic of using different sub domain login url's in case of different conditions would then need to be used in cas filter - unless each application is specific to a subdomain. If we are using approach 2, domain information can be sent as part of user info by modifying the jsp file: casServiceValidation.jsp to return additional info. Regards, Shivani On Thu, Nov 26, 2009 at 10:46 PM, Daniel Cukier <[email protected]> wrote: > I'd like to opinion of people of this list for what should be the best > solution for my problem. > > All users in my current database have 2 keys to be unique identified: > - the domain the user belongs to > - the username > > So, if a user called 'john' in the domain 'brazil' wants to log in, he > should provide both username, domain. > > The problem is the login page in CAS has just the username field. The > question is what is the best way to provide the domain to CAS. Some > alternatives: > 1 - Create a hidden field on the login page, pass a ?domain=xxxxx > parameter in login url, and use a special Credential with the domain > parameter > 2 - make the user login filling the username with something like > 'user/domain' > 3 - Guess the domain based on a Virtual host subdomain. For example: at > brazil.mylogin.com the domain is brazil, at usa.mylogin.com the domain is > usa and so on. > 4 - Any other idea? > > Another question: once the user is logged, how can I get the domain > information from the applications? because cas:serviceResponse responds just > cas:user. Is there any way to receive other parameters? Is this a good > practice? > > Thanks for your help! > > Daniel > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
