CAS doesnt have a global.asax, which is an ASP.NET thing. The plausible place to make the modification in 4.3.2 is to add something to org.jasig.cas.web.flow.SendTicketGrantingTicketAction which is where the Cookie is generated. However, what the right way to generate a header in Spring Web Flow is not my expertise, and although the Cookie is a header, it is hidden behind the Spring CookieGenerator class. This may be a modification that is beyond your comfort zone. If not, it is certainly possible to find the HttpServletResponse object from the RequestContext object passed to doExecute and then use the Servlet API to set the header.
From: Victor Careaga [mailto:bichosoft4...@gmail.com] Sent: Thursday, October 07, 2010 2:36 PM To: cas-dev@lists.jasig.org Subject: Re: [cas-dev] Frames & cas Hi howard you rigth Third party cookies are my problem, now i am working with the second option (add a P3P header to the CAS response), well i keep work on this solution but dont work :/ in my global.asax change the method: Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs) HttpContext.Current.Response.AddHeader("p3p", "CP=""IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT""") End Sub later i try Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs) HttpContext.Current.Response.AddHeader("p3p", "CP=""CAO PSA OUR""") End Sub but still not working, maybe i skip something Thx for help and directions grettings, bciho 2010/10/7 Howard Gilbert <howard.gilb...@yale.edu> When an application inside a frame sends a cookie (at least in IE) it is regarded as a third party cookie and is subject to a security/privacy policy that can lead to it being rejected by the browser. One solution is to assume that CAS is in your Intranet zone and change the browser policy to accept all cookies. Another may be to add a P3P header to the CAS response at about the same time and in about the same way that we write the TGTC itself. I found some useful info at http://petesbloggerama.blogspot.com/2007/08/aspnet-loss-of-session-cookies-w ith.html Which you have to adjust since it is about ASP.NET although the same problem could apply to us. Generally, Google for Cookies and Frames Disclaimer: security/privacy is a moving target and may change over time or from release to release and from browser to browser. Fixes may be transient and localized. Nothing you do can prevent the paranoid delusional cookiephobes from coming up with another conspiracy theory. From: Victor Careaga [mailto:bichosoft4...@gmail.com] Sent: Thursday, October 07, 2010 10:39 AM To: cas-dev@lists.jasig.org Subject: Re: [cas-dev] Frames & cas hi scott yes all works fine whittin frame redirections and SSO i am a little confuse, debugging my code i found this happend with frame site A request for a ticket if no find redirect to CAS login (service parameter), user loging and ticket is find then the user can pass in site A, the user change to site B, ticket not found and redirect to login page (service parameter) no ticket is found and login page appears Within frames site A request for a ticket if no find redirect to CAS login (service parameter), user loging and ticket is find then the user can pass in site A, the user change to site B, ticket not found and redirect to login page (service parameter) ticket is found and site B appears -- You are currently subscribed to cas-dev@lists.jasig.org as: bichosoft4...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- Z (LI) ¿Suspiras al recordar aquellos días del Minix-1.1, cuando los hombres eran hombres y escribían sus propios drivers? Errare humanum est blog personal http://bicho-soft.blogspot.com/ -- You are currently subscribed to cas-dev@lists.jasig.org as: howard.gilb...@yale.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
