-Scott
On 10/3/06, Jennifer Yang
<[EMAIL PROTECTED]> wrote:
Hi Scott,
One of our app uses DHTML/_javascript_ to display a popup for collecting username/password.
I understand using URLConnection will not establish SSO session since there is no browser involved. It was just first trying to get the whole flow working: getting the login ticket, logging in and validating service ticket. I am really after the second part of that article which uses redirects: "get a login ticket. Then, generate Redirect to the browser placing the login ticket, the username, and the password on the CAS login URL to which you're redirecting." But I couldn't get this to work.
Thanks,
JenniferOn 10/2/06, Scott Battaglia < [EMAIL PROTECTED]> wrote:If your requirement is only that the username/password form appear on the application page (vs. a redirect) then you can set up an alternative login page for CAS that is merely the form and then use IFRAMEs to embed this login page on a particular application (such as a portals) home page. Its nice because if you already have a session the user will automatically be logged in. If you don't then the user will see the login form on the home page (but still be able to participate in single sign on). Google Mail (and various other Google products) work in a way similar to this.
I'm not sure if this will work in your case though. Note however that if you collect the username/password and submit them via a URLConnection then you are not creating a single sign on session within the browser.
-ScottOn 10/2/06, Jennifer Yang < [EMAIL PROTECTED]> wrote:Hi Scott,
Yes, we are collecting the username/password and submitting it. One of the webapp we need to support use dhtml for requesting username/password. Other apps can be redirected to the CAS login page.
Could you elaborate Google Accounts solution? I am not familiar with it.
Thanks,
JenniferOn 10/2/06, Scott Battaglia < [EMAIL PROTECTED]> wrote:Jennifer,
Are you collecting the username/password on the client application and then submitting it?
If so there may be a better alternative. You can set up CAS to work like Google Accounts where you embed the login page in your application page.
-ScottOn 10/2/06, Jennifer Yang < [EMAIL PROTECTED]> wrote:Hello,_______________________________________________
I am trying something that is advised by CAS not to. :-) I am investigating the ability to establish SSO in the background without user getting redirected to the login screen.
I was following this:
http://www.ja-sig.org/wiki/display/CAS/Using+CAS+without+the+CAS+login+screen
I was able to login and validate the service ticket, simply using URLConnection.
However, when I try the second part ("Again, get a login ticket. Then, generate Redirect to the browser placing the login ticket, the username, and the password on the CAS login URL to which you're redirecting."), I get an error when the request is redirected.
2006-10-02 15:26:21,420 DEBUG [org.springframework.webflow.execution.FlowExecutionManager] - Returning selected view to client: [ [EMAIL PROTECTED] viewName = 'casLoginView', redirect = false, model = map['flowExecutionId' -> '75D56C4B-663C-1D55-F89F-179D71946ACB', 'currentStateId' -> 'viewLoginForm', 'flowExecutionContext' -> [EMAIL PROTECTED] key = '1A7E518C-AE22-32A3-9C6F-9A96DEB4265B', activeFlow = 'loginFlow', currentState = 'viewLoginForm', rootFlow = 'loginFlow', executingFlowSessions = [EMAIL PROTECTED] flow = 'loginFlow', currentState = 'viewLoginForm', attributesCount = 0, attributes = map[[empty]]]]]]]
2006-10-02 15:27:00,225 DEBUG [org.springframework.webflow.execution.FlowExecutionManager] - New request received from client, source event is: [EMAIL PROTECTED] source = [EMAIL PROTECTED] , id = 'submit', stateId = 'viewLoginForm', parameters = map['password' -> 'test', 'service' -> 'http://www.google.com ', 'lt' -> '75D56C4B-663C-1D55-F89F-179D71946ACB', 'username' -> 'test', '_currentStateId' -> 'viewLoginForm', 'viewLoginForm' -> 'submit', '_eventId' -> 'submit']]
2006-10-02 15:27:00,226 WARN [org.springframework.web.servlet.DispatcherServlet] - Handler execution resulted in exception - forwarding to resolved error view
org.springframework.webflow.execution.NoSuchFlowExecutionException : No executing flow could be found with id '75D56C4B-663C-1D55-F89F-179D71946ACB' -- perhaps the flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that reference ended flows.; nested exception is java.lang.IllegalStateException: No session attribute 'org.springframework.webflow.execution.FlowExecution.75D56C4B-663C-1D55-F89F-179D71946ACB' found
java.lang.IllegalStateException: No session attribute 'org.springframework.webflow.execution.FlowExecution.75D56C4B-663C-1D55-F89F-179D71946ACB ' found
at org.springframework.web.util.WebUtils.getRequiredSessionAttribute(WebUtils.java:205)
at org.springframework.webflow.execution.servlet.HttpSessionFlowExecutionStorage.load(HttpSessionFlowExecutionStorage.java :67)
at org.springframework.webflow.execution.FlowExecutionManager.onEvent(FlowExecutionManager.java:424)
at org.springframework.webflow.execution.FlowExecutionManager.onEvent(FlowExecutionManager.java :389)
at org.springframework.webflow.execution.servlet.ServletFlowExecutionManager.handle(ServletFlowExecutionManager.java:77)
I think it's due to the session cookie not getting set correctly, but I don't know how to fix it.
Cookie mycookie = new Cookie("JSESSIONID", cookie);
mycookie.setDomain(<my CAS server hostname>);
response.addCookie(mycookie);
Could you help?
Thanks,
Jennifer
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
_______________________________________________
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
_______________________________________________
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
_______________________________________________
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
_______________________________________________
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
_______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
