Thanks for the feedback. I just received additional information. The vendor was trying use CAS to sign in instructors to a Native Windows application.
A conversation has taken place with the vendor and we are going to set them up to authenticate directly to an Active Directory server. I don't even know what SSO means between a WEB App and a Native App. Cheers, Bryan -----Original Message----- From: Marvin S. Addison [mailto:[email protected]] Sent: Tuesday, May 08, 2012 12:58 PM To: [email protected] Subject: Re: [cas-user] Screen scraping CAS Login page > Does anyone have an opinion on this email I received: I think the author is right to question the need for screen scraping credentials from the CAS login screen. I'd need more information to determine whether it's as bad as it sounds, but if nothing else it's against the spirit of SSO: - Credentials presented to CAS are not shared with third parties - CAS is a trusted consumer of authentication credentials (The second follows from the first; your trustworthiness is damaged by allowing the first.) M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
