Github user necouchman commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/121#discussion_r107404577
--- Diff:
extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/form/CASTicketField.java
---
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas.form;
+
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.net.URLEncoder;
+import java.security.SecureRandom;
+import org.apache.guacamole.form.Field;
+
+
+/**
+ * Field definition which represents the ticket returned by an CAS service.
+ * Within the user interface, this will be rendered as an appropriate "Log
in
+ * with ..." button which links to the CAS service.
--- End diff --
Good question. It seems like the default behavior by all of the
applications I have integrated with CAS is that, as soon as the application
login page is displayed, you are redirected transparently to the CAS login
page, then, once you've successfully authenticated, you're redirected back to
the application page where the ticket is validated and the application allows
you in. My guess is that most of the applications that people want SSO
integration with in CAS they want people to be able to hit a page, login and
then, after that, just get transparently logged into each application without
having to do anything - including click another button to trigger the CAS SSO
login.
This is a little different from something like OpenID (or Google, Yahoo,
Live, etc.), where so many different providers are integrating with the SSO
system, and you want some clue that your data in the SSO system is going to be
accessed by the application you're trying to use. In the case of CAS, the
target is more organizations that are intentionally building and integrating
applications into an SSO framework, and trying to make it as easy as possible
for users to interact with those applications.
That said, I'm not opposed to have a single SSO button somewhere that
allows the user to bypass username/password authentication to Guacamole and
proceed to SSO, if that's what we think should happen?
So, the short answer to "What would be the ideal user experience?" That
depends :-).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
