I am still trying to find out a way to use our own login page.
First of all, I see that using external login UI is on the CAS 3 to do list.
But when is it going to be implemented?
We use CAS not for single sign on. But other applocations with we need to
integrate with has adopted this cas solution.
After the user logins to our application, I tried to invoke cas login as
acceptor. I post the username and password plus a randomly generated LT to the
cas login url, hoping that the cas server will validate the user credential
(again) without the cas login UI. According to
http://www.jasig.org/cas/protocol, this should work. I use httpclient to do the
post. However, the response I got from the post is always the CAS login form
(which I desperately tried to avoid). It means that the login failed. But I
don't see why it could fail. If I directly login through cas login page with
the same credential, it logged me in.
httpclient code is attached.
The second question is:
Is the value of cookie CASTGC is the same value as the Ticket granting ticket?
Thanks.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
private String postToCasLogin(HttpServletResponse httpResponse, String
userName, String password) throws Exception {
HttpClient client = null;
String casServer = System.getProperty(Constants.CAS_PROPERTY_LOGIN_URL);
// String service =
System.getProperty(Constants.CAS_PROPERTY_APP_SERVER);
String service = "http://localhost:8080/myapp";;
String response = null;
try {
client = new DefaultHttpClient();
CookieStore cookieStore = new BasicCookieStore();
HttpContext httpContext = new BasicHttpContext();
httpContext.setAttribute(ClientContext.COOKIE_STORE, cookieStore);
final HttpPost post = new HttpPost(casServer);
post.addHeader("Content-type", "application/x-www-form-urlencoded");
post.addHeader("Accept", "text/plain");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
nameValuePairs.add(new BasicNameValuePair("username", userName));
nameValuePairs.add(new BasicNameValuePair("password", userName));
nameValuePairs.add(new BasicNameValuePair("lt", "LT-" +
UUID.randomUUID().toString()));
nameValuePairs.add(new BasicNameValuePair("service", service));
post.setEntity(new UrlEncodedFormEntity(nameValuePairs, "UTF-8"));
HttpResponse casResponse = client.execute(post, httpContext);
HttpEntity entity = casResponse.getEntity();
if (entity != null) {
response = EntityUtils.toString(entity);
}
int code = casResponse.getStatusLine().getStatusCode();
if (code != 200) {
log.warn("Invalid response code (" + code + ") from CAS
server!");
throw new Exception("code is not 200");
}
cookieStore = (CookieStore)
httpContext.getAttribute(ClientContext.COOKIE_STORE);
cookieStore.getCookies();
if (cookieStore.getCookies() != null) {
for (org.apache.http.cookie.Cookie cookie :
cookieStore.getCookies()) {
if (cookie.getName().equals("CASTGC")) {
httpResponse.addCookie(new Cookie("CASTGC",
cookie.getValue()));
break;
}
}
}
return response;
}
