Scott, Dale and Russ, Thanks for the responses guys! I really really appreciate the feedback.
I understood the UserAgent Idea which Scott suggested, which I have outlined below. However I have not yet explicitly created a cookie on the client end yet. So I do not completely understand the implications of "Poor man's Gateway" idea that Scott suggested or the idea suggested by Dale (employed by mod_auth_cas) as both involve setting cookies. I am sure its a simple thing to learn and I will learn in soon. Probably this would be a dumb question but would web crawlers allow you to create cookies? You've all got me moving once again. :) Will contact once I learn more about the cookie idea. This is a great forum!!! cheers, Kristin PS: UserAgent idea.... Step 1. Identify a crawler using the UserAgent string (with the help of a UserAgent list for the important crawlers out there). Step 2: If crawler then DO NOT redirect to CAS. Just create a IS-A-CRAWLER=YES object in the HTTP session and let the crawler get the page it wants. Step 3: If not a crawler then create IS-A-CRAWLER=NO object in the session and redirect to CAS as usual. For subsequent page requests by user/crawler, we will check for IS-A-CRAWLER object and follow step 2 or step 3. On Dec 20, 2007 6:18 PM, Dale Ogilvie <[EMAIL PROTECTED]> wrote: > Perhaps I'm misunderstanding the requirement but... > > The way some clients handle this is to utilize a application specific > cookie for all user authentication after the first. The flow goes something > like this: > > 1. Client browses to secure app for the first time > 2. App redirects to CAS because there is no valid "app user cookie" > 3. CAS returns a service ticket > 4. App validates ST, then sets user specific "app user cookie", and allows > access > 5. Client returns to app which accepts the passed "app user cookie" as the > auth credential and allows access > > This is a one-time authentication with CAS, to obtain a application > specific cookied credential which is used thereafter. > > mod_auth_cas uses this technique I believe. > > Dale > > ------------------------------ > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Kristin Coles > *Sent:* Friday, 21 December 2007 12:46 p.m. > *To:* [email protected] > *Subject:* Are CAS redirects incompatible with Google web crawler? > > Hi guys, > I have a working Single Sign On solution (which wouldn't have been > possible without this forum). However this made our webpages incompatible > with Google's web crawler (Googlebot)? When I use "Google Webmaster tools" > too see our website logs, I now see thousands of Redirect error messages > (which weren't there before the Single Sign On). > > http://www.google.com/support/webmasters/bin/answer.py?answer=35157 > > According to the above link, I should "Minimize the number of redirects > needed to follow a link from one page to another" to avoid the Redirect > error messages. > > Right now, I am redirecting 3 times for every page visit. > 1. Redirect to the CAS server to get a ticket. > 2. Redirect back to the page (service url) from the CAS server > 3. Self-redirect without the ticket parameter > > Is this a common problem with a simple solution? Can anyone please tell me > how to get over this hurdle. > > Thank you! > Kristin > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
