Thanks for replying. Admittedly we're looking into end-user authentication through REST, because the application is rich, complex and stand-alone : it rarely requires a server. I's a single HTML page which responds through complex javascript logic, most of it writing to the client's local file system. Once in a while, in the background(!), our javascript might take a business decision to login to the server and upload some data (which is where CAS comes in).
Bottom line, we'd like to login through a GUI-less javascript code. So REST sounds appropriate, doesn't it? We've read https://wiki.jasig.org/display/CASUM/RESTful+API which warns about end-user restful login, but we're willing to take the security risk (dictionary attack) given that our security isn't like a Bank or the CIA. Thanks very much ________________________________ From: Scott Battaglia <[email protected]> To: [email protected] Sent: Friday, April 26, 2013 8:18 PM Subject: Re: [cas-user] RESTful API - text explanation for failed login Just to clarify, you're not attempting to use the RESTful API for end-user authentication are you? RESTful API is designed for service-to-service interaction. -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Apr 25, 2013 at 8:21 PM, sol myr <[email protected]> wrote: Hi, > >Our application requirements are, to give some text explanation when login >fails (we have several reasons, such as "wrong password", "account locked by >administrator" etc). >Is there a way to return this reason through the RESTful API >(https://wiki.jasig.org/display/CASUM/RESTful+API)? >I.e. when client asks for a TicketGrantingTicket (through REST), if he >provided correct credentials he'll get a response of the TGT. >But if he provided wrong credentials, he'll get an HTTP 400 *plus the text* >explanation for the failure reason. > >Is there a way to achieve this? > >Thank you > > > > > >-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
