Am 02.07.13 16:47, schrieb Ohsie, David: The recommended way is to let CAS present the login screen. You can customize the CAS login screen to look however you want it to look by supplying your own .jsp or changing the .css. right, but from a usability point of view it would be nice to have the input fields, where one is entering the username and password, on the content management system side. I don't mean to submit the username and password to the content management system, but as described below would submit it directly to CAS by setting the action attribute accordingly. It might make sense to better understand the reason for the "login ticket". I have been "googling" for some documentation on the "login ticket", but didn't find any useful information. Do you have any pointers about the "login ticket" which are explaining the concept of it? [DO] I believe that the purpose of the login ticket is to ensure to avoid situations where someone is able to come to the user's browser after they left their desk and hit the "back" button to get back to the login screen to resubmit the username and password and login. The login ticket means that the login form can only be used once and must be used within some configurable timeout of being displayed to the user. You could disable it at some loss of security, but I still am not understanding why you don't put in your html/css to be served up by cas. Also, I don't think that your scheme will work for SSO. When you hit submit, CAS is going to validate your password and give you back a cookie. Then the next application, if it forwards to your login screen is going to again request a login, since the CAS SSO processing will not have had a chance to kick in. I really think that you should get things working in the usual way before you try such advanced customization. David Ohsie Software Architect EMC Corporation Thanks for your help Michael David Ohsie Software Architect EMC Corporation From: Michael Wechner [mailto:[email protected]] Sent: Sunday, June 30, 2013 10:01 AM To: [email protected] Subject: Re: [cas-user] No active FlowSession to access Working more on this it seems that the important parameters are <input type="hidden" name="lt" value="LT-2-gFLyRN567tfyyjDetBvbgjdvCJ6ePm"/> <input type="hidden" name="execution" value="e1s1"/> <input type="hidden" name="_eventId" value="submit"/> (whereas I have removed the gateway parameter from the login screen generated by the content management system) which is documented at https://wiki.jasig.org/display/CAS/Using+CAS+without+the+CAS+login+screen https://wiki.jasig.org/display/CAS/Using+CAS+from+external+link+or+custom+ex ternal+form I wonder whether this is still the recommended way, because it seems to me rather complicated. The reason I am asking is because it seems to me that the usecase that the username and password field are part of a website itself is quite common. Best wishes Michael Am 30.06.13 14:59, schrieb Michael Wechner: Hi I am using apache-tomcat-7.0.25/webapps/cas-server-webapp-3.5.2 running at https://127.0.0.1:7443/cas-server-webapp-3.5.2/login I have created my own login screen inside my content management system, e.g. http://127.0.0.1:8080/yanel/my-website/login.html whereas the forms links to the CAS server <form action="https://127.0.0.1:7443/cas-server-webapp-3.5.2/login"; method="POST"> Inside the form I have set hidden fields like <input value="http://127.0.0.1:8080/yanel/my-website/"; name="service" type="hidden"/> such that CAS can redirect back to the content management system, and <input value="true" name="gateway" type="hidden"/> such that CAS does not prompt itself for username and password When I hit the submit button, then I receive the following error message inside the log4j file of CAS: 2013-06-30 14:52:40,362 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in FlowScope: http://127.0.0.1:8080/yanel/my-website/login.html 2013-06-30 14:52:40,362 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in FlowScope: http://127.0.0.1:8080/yanel/my-website/login.html 2013-06-30 14:52:40,363 DEBUG [org.jasig.cas.web.flow.TerminateWebSessionListener] - Error getting service from flow state. java.lang.IllegalStateException: No active FlowSession to access; this FlowExecution has ended at org.springframework.webflow.engine.impl.FlowExecutionImpl.getActiveSession(F lowExecutionImpl.java:191) at org.springframework.webflow.engine.impl.RequestControlContextImpl.getFlowSco pe(RequestControlContextImpl.java:134) at org.jasig.cas.web.support.WebUtils.getService_aroundBody8(WebUtils.java:87) at org.jasig.cas.web.support.WebUtils.getService_aroundBody9$advice(WebUtils.ja va:57) at org.jasig.cas.web.support.WebUtils.getService(WebUtils.java:1) at org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody 0(TerminateWebSessionListener.java:62) at org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody 1$advice(TerminateWebSessionListener.java:57) at org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted(TerminateW ebSessionListener.java:1) at org.springframework.webflow.engine.impl.FlowExecutionListeners.fireSessionSt arted(FlowExecutionListeners.java:126) at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutio nImpl.java:367) at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutio nImpl.java:225) at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowEx ecutorImpl.java:140) at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandle rAdapter.java:193) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl et.java:923) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle t.java:852) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer vlet.java:882) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.jav a:789) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatc herServlet.java:128) at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(Safe DispatcherServlet.java:57) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j ava:1) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:210) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(Char acterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestF ilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati ngFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilt erProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:210) at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientIn foThreadLocalFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce ssor.java:987) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac tProtocol.java:579) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java: 307) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja va:895) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9 18) at java.lang.Thread.run(Thread.java:680) 2013-06-30 14:52:40,363 DEBUG [org.jasig.cas.web.flow.TerminateWebSessionListener] - Error getting service from flow state. java.lang.IllegalStateException: No active FlowSession to access; this FlowExecution has ended at org.springframework.webflow.engine.impl.FlowExecutionImpl.getActiveSession(F lowExecutionImpl.java:191) at org.springframework.webflow.engine.impl.RequestControlContextImpl.getFlowSco pe(RequestControlContextImpl.java:134) at org.jasig.cas.web.support.WebUtils.getService_aroundBody8(WebUtils.java:87) at org.jasig.cas.web.support.WebUtils.getService_aroundBody9$advice(WebUtils.ja va:57) at org.jasig.cas.web.support.WebUtils.getService(WebUtils.java:1) at org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody 0(TerminateWebSessionListener.java:62) at org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody 1$advice(TerminateWebSessionListener.java:57) at org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted(TerminateW ebSessionListener.java:1) at org.springframework.webflow.engine.impl.FlowExecutionListeners.fireSessionSt arted(FlowExecutionListeners.java:126) at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutio nImpl.java:367) at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutio nImpl.java:225) at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowEx ecutorImpl.java:140) at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandle rAdapter.java:193) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl et.java:923) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle t.java:852) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer vlet.java:882) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.jav a:789) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatc herServlet.java:128) at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(Safe DispatcherServlet.java:57) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j ava:1) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:210) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(Char acterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestF ilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati ngFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilt erProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:210) at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientIn foThreadLocalFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce ssor.java:987) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac tProtocol.java:579) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java: 307) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja va:895) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9 18) at java.lang.Thread.run(Thread.java:680) Any idea what I might be doing wrong? All I would like is that my own content management system is prompting for username and password and not the CAS webapp. I have searched the web quite a bit for similar solutions, and IIUC this must be possible somehow. Thanks for your help Michael -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
smime.p7s
Description: S/MIME cryptographic signature
