Hi ... the password hidden field would hold a generated hash that no user knows.. The hash would be different each visit and would not be valid after a period of time. But it grants the student access to our site.
The page the student gets to that renders the button with the hash, is part of a password protected site thats using a different student account mechanism. The main campus that hosts the site is not willing to use CAS. But we are CASified. The wonders of a decentralized departments. So: A student logs into Site A with their credentials. The student browses to a page to complete a declaration. Once the declaration is done, they must visit Site B. Site A is hosted at the main campus with an homegrown athentication mechanism. Site B is hosted at a satellite campus that has CASified a bunch of web apps for students to use. The nice to have is that the student will not have to log in again to visit Site B as its a requirement of the student to visit the site once the original declaration is done. So I was thinking of the idea below ... but am open to any other suggestions. Thanks, Andrew ________________________________________ From: Scott Battaglia [[email protected]] Sent: Sunday, August 29, 2010 12:59 PM To: [email protected] Subject: Re: [cas-user] Alternative authenticating Why would you want to do that? What's your use case? We tend not to encourage you to put passwords in HTML pages. On Fri, Aug 27, 2010 at 2:47 PM, Andrew Wang <[email protected]<mailto:[email protected]>> wrote: Hi ... I was wondering if it was possible to have a remote site with: <form action="https://cas.server.com/cas/login";> <input type="hidden" name="username" value="SomeUserName"/> <input type="hidden" name="password" value="SomeBigGeneratedHash"/> <input type="submit" value="Let me in"/> </form> I've added an Authenticaton handler that takes "SomeBigGeneratedHash" and the username ... does some checking and lets user in if things are ok. I noticed 2 hidden tags on the cas login page <input type="hidden" name="lt" value="e3s1" /> <input type="hidden" name="_eventId" value="submit" /> But I can't figure out how/what lt and _eventId is used. Any pointers on whether this is possible or what I am missing is greatly appreciated. Our apps are casified (which is great bw) but right now, casifying the remote site is not possible. Thanks, Andrew -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
