We have exactly the same problems, there are 3 ways to do inline or embedded login that I am aware of. All of them are somewhat hacky:
1. Using JavaScript you can login to CAS, Details can be found here: https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen 2. Writing a Java class that will do a post behind a scenes and will simulate a login of a customer. Internally we wrote such a class I have to ask if I can share it with you, but even so, it is still somewhat a hack. 3. Using CAS 3.5 Restful API, (WHICH HAS NOT BEEN DESIGNED FOR THIS CASE) but can work. In fact we did a proof of concept prototype for our business and it worked. The whole IDEA of CAS as I understand this that a user has to login via a secure site, TGC cookie has to be sent via secure channel (https) for CAS login domain. If you do embedded login you have to make sure you secure the cookie (TGC) if you store it yourself and naturally you have to make sure you don't sent password in clear-text, which means your Drupal page most likely has to be https to be protected against Man-in-the-middle attacks. Mateusz Szczap eBay.de ________________________________________ Von: Rex Posadas [[email protected]] Gesendet: Dienstag, 20. November 2012 22:19 An: [email protected] Betreff: [cas-user] How to simulate a submit in the CAS login page Hello All, I have an in-line login form in my website (Drupal). When a user enters his email and password I want to submit that form to the CAS login page. If the user enters the correct u/p they should be logged in and taken back to the home page. But, when I do a form post to the CAS login page with the query parameter “&_evenId=submit” I am simply taken to the CAS login page. It looks like it ignored my POST body. I was expecting the form post to log me in and redirect me back to my site’s home page (Given that the credentials are correct). I’ve verified that the service name in the URL is correct during the post. I’ve also verified that the username and password are correct. Is it possible to do what I’m trying to? Is so, how? If not, why not? Thanks. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
