On Thu, 19 Dec 2013, Mark wrote:
Hi,
I've got the following setup:
- cas server
- web app A
- web app B
I've got some secured pages on web app B, which when I try to visit, cas
forces me to log in if I'm not logged in already. This works as
expected.
But after I log in and I go back to web app A's (non-secured) front
page, I have a problem. I use Spring's security:authentication tag to
display the username of the logged in user. In this scenario, it
appears that web app A doesn't know that a user is logged in via cas
("anonymousUser" is what's displayed).
How do I configure my webapp so that I can have web app A's non-secure
pages access and display the cas username?
CAS does not provide a global session for all your applications. It is an
authentication service.
Since the user does not yet have a session with web app B, web app B will
not know the user's identity. You must first have web app B redirect the
user to CAS. When they come back from CAS with their service ticket, web
app B can validate the ticket and establish a session using the
information provided by CAS.
I suggest that you remove the username displayed on non-secured areas of
web app B.
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
