I’m not an expert, but to me this all sounds like CAS is behaving as expected.
When you log into site A you authenticate against CAS. When you then go to site B you are still logged into CAS, but site B does not know this yet. When you authenticate against CAS in site B, it does not ask for authentication because you are already authenticated. What you have to do is have both Site A and Site B check with CAS to see if you are authenticated when you first open the page (rather than having a link to the login server). That way, when the user attempts to open the page at Site A they get the Login form, not a link to the login form. When they authenticate, then they get the link to Site B, and when they go to Site B, they are automatically authenticated and the Site A page pops up rather than the login form. You need to have some code that checks if the user is logged in before rendering the page (by checking a session variable or whatever you are using to keep track of whether or not the user is logged in), and redirects them with a 302 temporary redirect to the CAS login server if they are not logged in. The short answer is that your app is still responsible for actually logging in the user �C CAS is a central repository for credentials so to the user it appears as if they do not have to re-authenticate for each application. Aaron From: 橡树 [mailto:[email protected]] Sent: Friday, December 10, 2010 3:24 AM To: [email protected] Subject: [cas-user] A general question on CAS SSO Hi, I encounter a problem, and wait for your advice. There are two sites which were all successfully configured with phpCAS 1.1.0. In the homepage of the site A, there are two links: 1. <a href="http://localhost/sitea/index.php/main/login";>Login A</a> 2.<a href="http://localhost/siteb";>Go to B</a> In the same way, there are two links in the homepage of the site B. They are: 1. <a href="http://localhost/siteb/index.php/main/login";>Login B</a> 2.<a href="http://localhost/sitea";>Go to A</a> When I click the link "Login A" in the homepage of the site A, I was redirected to the CAS server. After user authentication, I come back to the homepage of the site A as a logged in user. Then I click the link "Go to B" in the homepage of the site A, I come to the homepage of the site B. But now I'm not a logged in user of the site B. Why? I hope I can log in the site B automatically because I have passed the user authentication when I logged in the site A. Then I click the link "Login B" in the homepage of the site B, I logged in the site B without user authentication this time. Is my understanding wrong, or are there any configuration errors? Any help would be most appreciated. Regards, Blue -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
