On 02/11/2016 21:12, Yan Zhou wrote:
Can you elaborate on JSONP?
> Would app. B now have to know user's password?
No need.
JSONP is pre-CORS. It has some limitations compared to Ajax, but some useful
possibilities, like auto CAS login.
Here is an example of adding auto login in angularJS:
https://github.com/prigaux/angular-seed/commit/4d51d23280eb959a3d1773b2fcc69c4cf50ccd88
By the way, another simpler solution is to allow restricted redirect after
login in app B.
Make the user go to:
- https://b/login?redirect=https://a/
which redirects to (normal CAS login)
- https://cas/login?service= https://b/login?redirect=https://a/
which redirects to
- https://b/login?redirect=https://a/&ticket=xxxx
=> set-cookie of application b
which redirects to
- https://a
this app can do AJAX request https://b/rest
=> works since cookie of app B
cu
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9fb6de0f-4362-e621-cad3-ba50c19a2277%40univ-paris1.fr.
