On Wed, 25 Aug 2010 10:28:49 -0400 (EDT), "Patrick A. Treptau"
<[email protected]> wrote:
> Thank you for all your input. I have a short follow-up question: I
> understand that you are all seem to be using a unified login with the
same
> look and feel that redirects the user to a page with a list of CASified
> services. Are your users still able to use the original URLs (ie.
> webmail.example.edu) and are then redirected to this one central login
> portal?
I think they are using the normal CAS way of login, which is in ascii like
following
(having a valid TGT Cookie established with CAS already)
Browser Service CAS
| get S/login | |
X------------------->X |
X X |
X R(CAS/login?s=S) X |
X<-------------------X |
X | |
X get CAS/login?s=S | |
X------------------------------------------>X
X | X
X | R(S/login?t=T) X
X<------------------------------------------X
X | |
X get S/login?t=T | |
X------------------->X |
X X .
X logged in :) X .
X<-------------------X .
X |
X get S/ressource |
X------------------->X
. .
. .
R(...) means a redirect is issued to the ... url.
CAS is the url of the cas server, eg. http://cas.example.org/
S is the url of the service, eg. http://webmail.example.org
s=S is short for service=S
t=T is short for ticket=T
T is the service ticket granted by cas (since the user has a valid ticket
granting ticket TGT)
So the user will not see any cas server login if they have logged in once
to the "portal login". Therefore a list of services is not needed. The
portal where your services/applications are listed would just be another
service secured by cas itself. That way users could go directly to
webmail.example.org. If they are already authenticated by cas, the could
use webmail directly. Otherwise they would have to login, after that they
would get redirected to webmail. Equally the could use the portal page to
get links to their applications/services.
But maybe I just didn't understand your question.
Bye
Felix
>
> What happens, for example, they go to webmail.example.edu? User visits
the
> link, is redirected to this one unified CAS portal and then redirected
back
> to the service (ie. webmail) or are they redirected to a portal that
lists
> all the CASified services where the user has to click again on the
various
> services to get access? From a user experience I would assume the
latter,
> because otherwise how do people know what services are CASified and what
> services are not.
>
> Thank you very much!
> -Patrick
>
> Patrick A. Treptau
> Sr. Systems Administrator
> Swarthmore College
> phone (610) 328-8508
> e-mail [email protected]
>
> ----- Original Message -----
> From: "Marc Thompson" <[email protected]>
> To: [email protected]
> Sent: Tuesday, August 24, 2010 5:59:58 PM
> Subject: Re: [cas-user] CAS User Experience
>
> Patrick,
> We've been using and implementing CAS here at The University of Utah
> for a over a year now. I have personally CASified a couple
> different applications, one php and the other ColdFusion. The other
> implementations on campus have been with Java and Perl based apps to
> my knowledge.
> We use a single unified CAS login: https://ulogin.utah.edu/ for all
> apps. There is currently a CAS committee putting together a set of best
> practices for various Documentation, including an Implementation Guide.
>
> Marc
>
> On 8/24/2010 3:18 PM, Patrick A. Treptau wrote:
>> We are just getting started with CAS and are very impressed with the
>> features and usability. At this point we have CASified several
>> application for testing and are in the process of discussing the user
>> experience from a UI perspective. We are very interested to hear how
>> other institutions have implemented CAS.
>>
>> Do you have one unified CAS login ("the" CAS login or CAS portal) that
>> you present to the user with a selection of CASified apps -or- do have
>> you CASified your apps to emulate the original login screen for each
>> service with help of CAS services and themes and let the user get the
>> CAS ticket from any CASified app (of course, the user gets his ticket
>> from CAS, I am talking about the login screen only)? It seems that the
>> latter solution is much more labor intensive and might be confusing
>> for the users to identify and select all available CASifies apps and
>> personally I find the first solution (portal) more user-friendly.
>>
>> Thank you very much,
>> -Patrick
>>
>> Patrick A. Treptau
>> Sr. Systems Administrator
>> Swarthmore College
>> phone (610) 328-8508
>> e-mail [email protected]
>>
>>
>
> --
> ------------------------------------------- Marc Thompson
> Software Engineer
> Media Solutions
> University Information Technology
> University of Utah
> 801.585.9264 [email protected]
> -------------------------------------------
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
