> As supporting new protocols (https://wiki.jasig.org/display/CAS/CAS+Roadmap, > https://wiki.jasig.org/pages/viewpage.action?pageId=28574039) is one of the > main CAS purposes, I'm wondering about the right strategy to integrate > external protocols (including OAuth).
Excellent question. We should spend some time thinking about this. > Overriding the /login process seems to me like a limited solution as it makes > things more complicated to understand and maintain and I'm not sure we can > even make all protocols work at the same spot. I'm fairly certain we can by leveraging what has been arguably the best tool for extensibility in the CAS project: Spring Webflow. With a fairly simple set of components that are conceptually similar to the existing ArgumentExtractors, we could dispatch each protocol to a flow that is designed to support it specifically. In my mind the beauty of this approach is that we don't have to add new URIs for each protocol we support and we don't have to architect a single API for all existing and future protocols, which seems like the biggest barrier to designing more robust multi-protocol support. Webflow has allowed us to add a number of new and interesting features to CAS in an extensible and backward compatible fashion; I'm fairly certain we could do the same with protocol support. M -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
