Thanks for your reply,your advice is good but one exception need service(app) and cas at same global domain.
On Sun, Mar 11, 2012 at 12:27 AM, jleleu <[email protected]> wrote: > Hi, > > I don't know any official CAS solution for anonymous and authenticated > page. I think it also depends on the CAS client you use. > > I faced the same problem and found the same solution for Spring Security. > The idea is to : > - change the CAS server to make it create a specific cookie on global > domain after login, for example a cookie name "authenticated" on host " > mydomain.com" with value "true" if my CAS server and applications are on > www.mydomain.com > - add a specific filter in spring security to force a round-trip to CAS > with gateway=true if this specific cookie is found. This way, the user goes > through CAS server to retrieve authentication and if it fails (SSO > expiration by example), no login page is displayed (gateway=true). > > Best regards, > Jérôme > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
