Scott Battaglia wrote: > We don't recommend screen scraping (as your application would need to > be updated if the login page changed). What we do recommend is that > you create a minimal login screen and change the last redirect of the > login flow to use JavaScript to handle the redirect. Then embed this > minimal login screen on your application pages with an iframe. This > would allow you to keep your existing login page (though they would be > formatted slightly different depending on how you format the minimal > login screen) and still allow you to participate in single sign on. > > Its very similar to Google Accounts. Is embedding the login page inside an iFrame a practice the community wants to recommend? It seems to open yourself up to social engineering and phishing attacks, since even the minimal protection offered by users looking at the location bar's URL is no longer available. One of CAS's potential benefits would seem to be discouraging users from typing their credentials into just any login box they see...
Jason -- Jason Shao Application Developer, Architecture & Engineering Team Rutgers University - Enterprise Systems & Services v. 732-445-2869 | f. 732-445-5493 | [EMAIL PROTECTED] _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
