On Sat, Aug 14, 2010 at 10:47 AM, Felix Schumacher < [email protected]> wrote:
> Am Samstag, den 14.08.2010, 10:10 -0400 schrieb Scott Battaglia: > > The username is not exposed to an application until after they've > > validated a ticket. > Is there any security reason for holding back that information? I think > I saw the username in the saml/google-logic together with a ticket. > The SAML logic is self-validating (i.e. its signed). The CAS protocol is simpler (no need for a PKI infrastructure other than the SSL cert for the web server) but it requires a round-trip validation to confirm the validity of the ticket. Cheers, Scott > > > > > > If you want to change the ticket parameter you'd have to write your > > own custom JSP pages that returns the POST response. > Thougt so. > > > > > > On Fri, Aug 13, 2010 at 4:14 AM, Felix Schumacher > > <[email protected]> wrote: > > On Thu, 12 Aug 2010 09:13:06 -0400, Scott Battaglia > > <[email protected]> wrote: > > > You may be falling prey to an existing bug: > > > > > https://issues.jasig.org/browse/CAS-868 [1] > > Right, I changed the webflow according to the bug entry and I > > get the > > ticket posted. > > > > Now is there an easy way to get the userid posted, too? > > Besides that I > > would like to change > > the name of the key "ticket" to something else. > > > > > > Also, I would recommend updating to 3.4.2.1 > > > > I will do so shortly. > > > > Thanks > > Felix > > > > > > Cheers, > > > Scott > > > > > > On Thu, Aug 12, 2010 at 7:27 AM, Felix Schumacher wrote: > > > Hi, > > > > > > I have installed successfully a CAS Server (Version 3.4.2) > > and got SSO > > > working with phpCAS, pam_cas and Soulwing Realm > > Implementation. > > > > > > Now I would like to integrate a legacy app, for which I > > think it would > > > be > > > possible to use a FORM-Based login using method=POST and > > have the > > > ticket > > > (and hopefully the username) verfied by an external > > service, which we > > > could > > > provide. > > > Unfortunately I didn't get any parameters posted in my > > simple login > > > form. > > > > > > I did the following: > > > > > > * Implement a simple login-page to represent my legacy > > app. > > > > > https://appserver/login [3] > > > This page just echoes back the given parameter, so that I > > can verify > > > the posted Data. > > > * Called the CAS Server login page with parameters service > > and method > > > like > > > > > > > > > > > > https://casserver/cas-server/login?service=https://appserver/login&method=POST > > > > > [4] > > > > > > The Browser was correctly redirected to the legacy app > > > > > https://appserver/login [5], but no data was posted. At the > > same time > > > there was > > > no ticket get parameter. > > > > > > Do I have to configure anything else? Can I influence the > > parameter > > > names > > > or values while sending th initial request to the CAS > > server? > > > > > > Bye > > > Felix > > > > > > -- > > > > > You are currently subscribed to [email protected] > > [6] as: > > > [email protected] [7] > > > To unsubscribe, change settings or access archives, see > > > > > http://www.ja-sig.org/wiki/display/JSG/cas-user [8] > > > > -- > > > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
