Hi,
I was searching for an elegant solution to the problem of signalling
to a non-browser client that CAS login is required. During an
interactive session with a standard web browser it is obvious to the
user that they need to log-in because they are presented with the
login form, but as far as I am aware this is not signalled in any way
at the http protocol level - unlike digest and basic authentication
with the use of 401 status requests and WWW-Authenticate headers -
but in common with any form based authentication. This means that
when trying to write a non-browser tool that wants to access http
resources protected by CAS I can only think of two options when
working out when a username/password needs to be sent.
1. hard code the location of the CAS login page into the application
and use that to recognise when to send the credentials
2. parse any html pages that are returned looking for a form with
<input type="password" />
neither of which I class as "elegant" - I would appreciate any ideas
on this subject.
Cheers,
Paul.
Paul Harrison
ESO Garching
www.eso.org
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
