I may need to add manual login to my webapp (meaning, not use the web.xml
method or jsp tag library). Just to be sure that I am covering all bases, I
have described the logic I have used below. Can someone confirm that it sounds
ok?
Say there are 2 pages, Page1 and Page2. There is a link to Page2 from Page1.
Basically, I want to make sure that whether the user goes to Page2 via Page1 or
directly, he is always going to be authenticated. So, here is the logic that
EVERY page executes-
Get ticket parameter
if ticket is null
redirect to CAS login with renew=FALSE
Get ticket parameter
validate ticket
if user is authenticated
display page
else
redirect to CAS with renew=TRUE
I am mostly concerned about passing renew=FALSE the first time because that
makes CAS reuse a previous SSO session. I think I need to do this because if
the user gets to Page2 from Page1, then ticket will be null. But I should not
require the user to sign in again because he just did to enter Page1.
If there is no ticket and I redirect to CAS with renew=false, I will be
REQUIRED to login- is that a correct statement?
Thanks for your time.
____________________________________________________________________________________
The fish are biting.
Get more visitors on your site using Yahoo! Search Marketing.
http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
