Hi, OK. You don't need an auto login process here (as you don't have the user's password, which is a good thing), but as I also suggested, you need an authentication handler taking a username and a OTP (one-time password) = an authentication code, to authenticate a user. I would got that way.
So you would have two authentication handlers, one processing user's login and password and one processing a username and an authentication code (which can be used only once). Best regards, Jérôme 2013/12/27 Joe <[email protected]> > Sorry, rereading what I want to do, I can see now, how it's a bit > misleading. > > So (on the application server side) I have authenticated the user via an > authentication code, and have created the account. CAS has not yet > authenticated the user. I want to tell CAS that the current user and > session is authenticated without passing the password back over the public > wire .(The application server might pass the user/password to CAS). > > I can think of a few ways to do this, but is there a recommended way? > > -Joe > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
