I have just came to know that a cookie would not work for two top level domains but would work for a domain and its sub-domains. Now I understand exactly what Scott meant by a "Poor man's gateway". :) Thank you Scott. You are genius. :)
In our case, we host xyz.com, subdomain.xyz.com and cas.xyz.com. So the "Poor man's Gateway" should fit our case fine. However, we have a plan to host multiple top-level domains in future. Hence this solution would be a good temporary fix. Meanwhile we will have to research what a long-term solution would be. Thanks for the help Scott. Any other ideas are welcome. Regards, Shashi On Dec 20, 2007 7:43 PM, Kristin Coles <[EMAIL PROTECTED]> wrote: > Scott, Dale and Russ, > > Thanks for the responses guys! I really really appreciate the feedback. > > I understood the UserAgent Idea which Scott suggested, which I have > outlined below. However I have not yet explicitly created a cookie on the > client end yet. So I do not completely understand the implications of "Poor > man's Gateway" idea that Scott suggested or the idea suggested by Dale > (employed by mod_auth_cas) as both involve setting cookies. I am sure its a > simple thing to learn and I will learn in soon. Probably this would be a > dumb question but would web crawlers allow you to create cookies? > > You've all got me moving once again. :) Will contact once I learn more > about the cookie idea. This is a great forum!!! > > cheers, > Kristin > > PS: UserAgent idea.... > Step 1. Identify a crawler using the UserAgent string (with the help of a > UserAgent list for the important crawlers out there). > Step 2: If crawler then DO NOT redirect to CAS. Just create a > IS-A-CRAWLER=YES object in the HTTP session and let the crawler get the page > it wants. > Step 3: If not a crawler then create IS-A-CRAWLER=NO object in the session > and redirect to CAS as usual. > > For subsequent page requests by user/crawler, we will check for > IS-A-CRAWLER object and follow step 2 or step 3. > > > > > > On Dec 20, 2007 6:18 PM, Dale Ogilvie <[EMAIL PROTECTED]> wrote: > > > Perhaps I'm misunderstanding the requirement but... > > > > The way some clients handle this is to utilize a application specific > > cookie for all user authentication after the first. The flow goes something > > like this: > > > > 1. Client browses to secure app for the first time > > 2. App redirects to CAS because there is no valid "app user cookie" > > 3. CAS returns a service ticket > > 4. App validates ST, then sets user specific "app user cookie", and > > allows access > > 5. Client returns to app which accepts the passed "app user cookie" as > > the auth credential and allows access > > > > This is a one-time authentication with CAS, to obtain a application > > specific cookied credential which is used thereafter. > > > > mod_auth_cas uses this technique I believe. > > > > Dale > > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] > > *On Behalf Of *Kristin Coles > > *Sent:* Friday, 21 December 2007 12:46 p.m. > > *To:* [email protected] > > *Subject:* Are CAS redirects incompatible with Google web crawler? > > > > Hi guys, > > I have a working Single Sign On solution (which wouldn't have been > > possible without this forum). However this made our webpages incompatible > > with Google's web crawler (Googlebot)? When I use "Google Webmaster tools" > > too see our website logs, I now see thousands of Redirect error messages > > (which weren't there before the Single Sign On). > > > > http://www.google.com/support/webmasters/bin/answer.py?answer=35157 > > > > According to the above link, I should "Minimize the number of redirects > > needed to follow a link from one page to another" to avoid the Redirect > > error messages. > > > > Right now, I am redirecting 3 times for every page visit. > > 1. Redirect to the CAS server to get a ticket. > > 2. Redirect back to the page (service url) from the CAS server > > 3. Self-redirect without the ticket parameter > > > > Is this a common problem with a simple solution? Can anyone please tell > > me how to get over this hurdle. > > > > Thank you! > > Kristin > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
