Hi all, I've been searching for information regarding a fairly typical web application pattern: account creation with automatic login. I've found one page on the wiki (https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen) that looks relevant, but seems somewhat "experimental". Is there a consensus best practice for doing this?
For clarity, I have a Spring application (using Spring Security 3.2) that I have configured to use CAS. The normal "intercept a protected URL" pattern works. But in this application, I can create a new user account. Ideally, I would like to present a "success" page after the account has been created and have the user be logged-in at that point. The typical CAS workflow, however, relies on the user performing direct input of the password, since it's usually undesirable to have applications handle the password. However, at least one application must handle account creation so this should be a fairly standard exception. Any pointers, ideas, flames, etc would be much appreciated. TIA -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
