Hi, I'm CASifying a portal framework I'm developing. I've two type of users: local users that are stored within the portal persistence store and institutional users that are stored on multiple ADs of the institution.
Local users must be authenticated locally and institutional users must authenticate to the CAS server. In order to implement that I must control the login process, i.e., the login and the password are typed from the portal's login page instead of the CAS login page. If the username has a local prefix I will use the local authentication mechanism, otherwise I will use CAS to authenticate the user. The solution I've came across was to implement the following actions on my LoginServlet (running on my framework): 1) Call programmatically the login service, and parsed the inputs "action", "lt" (login ticket) and "_eventId" 2) Call the login service (using the POST method) and add to the above inputs, the username and password 3a) Parse the ticket from the "Location" header (note: the response code is 3xx) 3b) Parse the "Set-Cookie" header 4) Proceed with the serviceValidate message using the Java CAS client 5) On success, set the "Set-Cookie" header of the response with the value retrieved in 3b) Everything works fine and I've encapsulated all this code in a class. This solution seems a little ugly. I've read the documentation but I couldn't find any solution to implement a programmatic login. Am I missing something or this is the only way to do it? Thanks. VĂtor _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
