That sounds right, but the JSESSIONID is not available when I do a GET. And I can't grab it from the cookie since that cookie is only available in the CAS domain.
I don't know how uMobile is doing it. Maybe they modified CAS to not validate against the session id? From: Domazlicky, Eric [mailto:[email protected]] Sent: Wednesday, November 21, 2012 9:27 AM To: [email protected] Subject: RE: [cas-user] How to simulate a submit in the CAS login page Rex, My guess is that the LT is only valid for a particular session. When performing the initial GET are you also grabbing the JSESSIONID cookie CAS sets and sending the cookie back, along with the LT and other fields, when doing the POST? From: Rex Posadas [mailto:[email protected]] Sent: Tuesday, November 20, 2012 4:50 PM To: [email protected] Subject: RE: [cas-user] How to simulate a submit in the CAS login page Thank you for the reply. The "lt" from the initial GET doesn't look usable. I get the following error: ticket 'LT-75-EGTIgg2D9gnTteUKtXYodtv9c0hVpc' not recognized (the ticket in the error changes per request obviously) I verified that I'm passing all the fields mentioned below back to CAS. Any ideas as to why I'm getting error? From: Domazlicky, Eric [mailto:[email protected]] Sent: Tuesday, November 20, 2012 1:34 PM To: [email protected] Subject: RE:[cas-user] How to simulate a submit in the CAS login page Instead of enabling the CAS REST API you could use the approach uMobile uses. Submit the login form properly to CAS. Note that this requires you do an initial GET on the CAS login page to get the random hidden form field called the "lt". Then you must submit with the username,password,execution,_eventId and the "lt" you got from the initial GET. Use an HTTP debugger like Fiddler and watch how the login process works with a browser and it should be fairly easy to emulate in your script. From: Rex Posadas [mailto:[email protected]] Sent: Tuesday, November 20, 2012 1:19 PM To: [email protected] Subject: [cas-user] How to simulate a submit in the CAS login page Hello All, I have an in-line login form in my website (Drupal). When a user enters his email and password I want to submit that form to the CAS login page. If the user enters the correct u/p they should be logged in and taken back to the home page. But, when I do a form post to the CAS login page with the query parameter "&_evenId=submit" I am simply taken to the CAS login page. It looks like it ignored my POST body. I was expecting the form post to log me in and redirect me back to my site's home page (Given that the credentials are correct). I've verified that the service name in the URL is correct during the post. I've also verified that the username and password are correct. Is it possible to do what I'm trying to? Is so, how? If not, why not? Thanks. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
