Hi, On Sep 2, 2011, at 8:30 AM, Marvin Addison wrote:
>> We are trying to implement login form in a lightbox overlay. Does anyone >> have suggestions around how this could be done ? > > Just wanted to ping this thread to see if anyone has some ideas. I'm > not a UX guy and I had to Google "lightbox" for a clue, but after some > brief research it sounds like an interesting requirement that might be > of general value to the community. Any UX folks in the CAS community > have provided the CAS login form using js/dom magic in general or > lightbox in particular? I'm not the UX person who implemented it, but we did do this for one of our applications. This is the flow: * User clicks on a login link, which brings up the lightbox with CAS in an iframe within. (If the user has JS disabled, this link goes to the usual full-page CAS login.) * The user logs into the iframed CAS login page. * If the authentication is successful, the application reloads the whole page. Since the user is now logged in, she sees the version of the app for logged-in users. The tricky part is detecting if the authentication was successful from outside the iframe. This is implemented by watching the load event on the iframe. After the login form submission, the content will either be the application or the login error page. The key insight of the guy who implemented this (my colleague Mark Wimbiscus Yoon) was to use cross-domain content restrictions in our favor. If the iframe contains the application, the outer context (also the application) can read content from within it. If the iframe still contains a page on the CAS server (i.e., the user's authentication attempt failed), the outer context is prevented from reading content from it (specifically, an exception is thrown). This allows the application to detect whether the authentication was successful and do the redirect. The big caveat for this approach is that we couldn't get it to work on IE, so IE users still use the traditional CAS flow. Other than that, it's pretty good -- it doesn't require any collaboration from the CAS server to work, so its entirely up to the application to support it. (In our case, we did add a separate compact view for the CAS server so that the login form would fit more nicely in the iframe, but that's not mandatory.) Rhett -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
