Edmund Mielach wrote: > Hi! > > I try to realize a sigle-sign-on mechanism for two webapps, one written > in PHP and a Java based one. My first tests where quite successful. But > now my problem is, that I want to keep the original loginpages of my > webapplications. Therefore I tried to change them in a way, that they > send the credentials directly to CAS, including the correct redirect URL > by changing the action attribute of the login forms to > “https://myurl/cas/login?service=<<mywebapp>> “. However, without a > correct flowExecutionKey (I'm not familiar with the spring framework, > but as far as I know this is an ID to control a workflow) I have no > chance to login at this point. > > Does anyone have an idea how to get a valid flowExecutionKey into my > original loginpages? With a valid flowExecutionKey the whole thing would > work exactly as it should. Or isn't this a very good idea because of any > security reasons? >
Take a look at http://www.ja-sig.org/wiki/display/CAS/Using+CAS+without+the+CAS+login+screen if you haven't yet. It discussess some of the security/usability issues, and provides some options. I use what is described in the second paragraph of "Alternative approaches": proxying the CAS login screen into your app. That might work for you. -- Dave Brondsema Software Developer Cornerstone University
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
