Sorry i forgot the wiki link lol https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen
2013/11/8 KaTeLmE <[email protected]> > Seems like this to increase the security and avoid CSRF attacks. It forces > to any application to submit the credentials by POST method in CAS server > app. > > See my comment in CAS wiki > > If you need avoid that behaviour, for example to submit via ajax...., you > should create a non-interactive authentication action > (org.jasig.cas.web.flow.AbstractNonInteractiveCredentialsAction) like > SPNEGO, X509 Certificates or remote trusted client are doing, and modify > the login-webflow to handle you behaviour. > > I hope that this helps you!! > > > 2013/11/8 Michael Wechner <[email protected]> > >> Hi >> >> I am still working on generating the login screen by the content >> management system instead CAS, >> whereas I have read >> >> https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen >> >> I understand that one wants to prevent that credentials are being sent to >> the content management system, >> but having the action pointing to the CAS Server directly >> >> <form action="https://127.0.0.1:7070/cas-server-webapp-3.5.2/login"; >> method="POST"> >> >> does not seem to me like violating in security issues. >> >> But of course this does not work because of the required Login Ticket. >> >> I have been reading >> >> http://www.jasig.org/cas/protocol >> >> but I still don't really understand what's the purpose of the Login >> Ticket. >> Does somebody have some more hints on this? >> >> I am currently considering to disable the login ticket validation inside >> >> cas-server-3.5.2/cas-server-core/src/main/java/org/jasig/cas/web/flow/ >> AuthenticationViaFormAction.java >> >> but I guess this is not really considered best practice :-) >> >> Thanks >> >> Michael >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
