Am Samstag, den 14.08.2010, 10:10 -0400 schrieb Scott Battaglia:
> The username is not exposed to an application until after they've
> validated a ticket.
Is there any security reason for holding back that information? I think
I saw the username in the saml/google-logic together with a ticket.
> 
> 
> If you want to change the ticket parameter you'd have to write your
> own custom JSP pages that returns the POST response.
Thougt so.
> 
> 
> On Fri, Aug 13, 2010 at 4:14 AM, Felix Schumacher
> <[email protected]> wrote:
>         On Thu, 12 Aug 2010 09:13:06 -0400, Scott Battaglia
>         <[email protected]> wrote:
>         > You may be falling prey to an existing bug:
>         
>         > https://issues.jasig.org/browse/CAS-868 [1]
>         Right, I changed the webflow according to the bug entry and I
>         get the
>         ticket posted.
>         
>         Now is there an easy way to get the userid posted, too?
>         Besides that I
>         would like to change
>         the name of the key "ticket" to something else.
>         >
>         > Also, I would recommend updating to 3.4.2.1
>         
>         I will do so shortly.
>         
>         Thanks
>          Felix
>         >
>         > Cheers,
>         > Scott
>         >
>         > On Thu, Aug 12, 2010 at 7:27 AM, Felix Schumacher  wrote:
>         >  Hi,
>         >
>         >  I have installed successfully a CAS Server (Version 3.4.2)
>         and got SSO
>         >  working with phpCAS, pam_cas and Soulwing Realm
>         Implementation.
>         >
>         >  Now I would like to integrate a legacy app, for which I
>         think it would
>         > be
>         >  possible to use a FORM-Based login using method=POST and
>         have the
>         > ticket
>         >  (and hopefully the username) verfied by an external
>         service, which we
>         > could
>         >  provide.
>         >  Unfortunately I didn't get any parameters posted in my
>         simple login
>         > form.
>         >
>         >  I did the following:
>         >
>         >   * Implement a simple login-page to represent my legacy
>         app.
>         
>         >  https://appserver/login [3]
>         >    This page just echoes back the given parameter, so that I
>         can verify
>         >  the posted Data.
>         >   * Called the CAS Server login page with parameters service
>         and method
>         >  like
>         >
>         >
>         >
>         
> https://casserver/cas-server/login?service=https://appserver/login&method=POST
>         
>         > [4]
>         >
>         >  The Browser was correctly redirected to the legacy app
>         
>         >  https://appserver/login [5], but no data was posted. At the
>         same time
>         > there was
>         >  no ticket get parameter.
>         >
>         >  Do I have to configure anything else? Can I influence the
>         parameter
>         > names
>         >  or values while sending th initial request to the CAS
>         server?
>         >
>         >  Bye
>         >   Felix
>         >
>         >  --
>         
>         >  You are currently subscribed to [email protected]
>         [6] as:
>         > [email protected] [7]
>         >  To unsubscribe, change settings or access archives, see
>         
>         > http://www.ja-sig.org/wiki/display/JSG/cas-user [8]
>         
>         --
>         
>         You are currently subscribed to [email protected] as:
>         [email protected]
>         To unsubscribe, change settings or access archives, see
>         http://www.ja-sig.org/wiki/display/JSG/cas-user
>         
> 
> 
> -- 
> You are currently subscribed to [email protected] as: 
> [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user



-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to