Le Jeu 15 juin 2006 14:24, Stephen A. Cochran a écrit : > On Jun 15, 2006, at 5:20 AM, Velpi wrote: > > >> It is certainly possible to do a fallback to BASIC >> authententication. (these people do that I think: >> http://www.it-practice.dk/en/4/products/) I also think IIS+IE uses it >> automatically, but I don't have any experience with IIS. >> >> >> I'm not sure that it's possible to do a fallback to a form, but I >> think I read that the protocol supports it... > > A fallback to a form is fairly easy becuse the client is always > directed to a error page if auth fails. So you just put the form on that > page. I *think* that will work inside cas when > CAS does spnego > natively, try spnego, if fail to go other views. > > With apache doing the spnego, I can set up spnego auth on /login. If > it fails, redirect to /cas/login. But if it's succesful I can't redirect to > /cas/login and maintain the environment > variables, at least not that I've figured out how. > > Steve
Yes, this is true about the fallback which may happen in 2 cases : - the client doesn't know how to deal with SPNEGO. In that case, the browser will not answer to the HTTP 401 with "WWW-Authenticate Negotiate" in the header and will display the content of the page which was send by the server (here the login form) - the client didn't provide a valid SPNEGO Token. In this case, we just have to deal with this error in the webflow. Arnaud Lesueur _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
