Hi Yan,
We have built something like this before,
And the answer is: yes you can! When user login to webapp using CAS
protocol, they can SSO to their native app.
However some implementation is needed, I can give you some information on
this:
- So achieve this, you would want the native app
Hi Lee,
This should not happen, you should be able to login once and it will be
fine, please provider some more info, specifically in:
- Are you using https or http? http SSO for CAS will not work, if so please
change to using https
- Do you have your debug log, can you see any issue there?
-
With cas5.3x, in the LAN, multiple different systems are connected to the
same cas, and you need to log in again when you enter different systems.
How do I log in once to enter different systems without logging in? This
place is very confused, I found that tiket is saved under / service
--
-
Hello,
Say, one webapp using CAS protocol to authenticate against CAS 5.3,
another native mobile app uses OpenID Connect to authenticate.
When user gets into Mobile app, can he SSO to webapp?
Thx,
Yan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
Ray, thank you for clarifications. Right, it probably means instead of 302
response we need to send 401 back and then ajax script needs to call CAS in
a different subdomain for a login (that indeed won't require user to
provide creds if the CAS login session is still valid). Again, it's all
Ken,
I meant invalidate the app session, not the login session. If the CAS session
is still valid, user would not see login screen.
Session invalidation is more of a concern if your app stores data in the
session.
Ray
On Thu, 2019-04-11 at 10:56 -0700, Ken Zilber wrote:
Thank you for the
Thank you for the quick response.
Sending ajax calls to a subdomain the script did not come from will be an
issue, however, there are solutions (it is doable). My point/question is
that it won't be as seamless/easy as with simple http browser calls
(javascript needs special call handlers,
Ken,
To clarify, the TGT is not sent to the client. TGC is all that is needed.
If all your apps are on same domain, does CORS apply?
You could invalidate your app session when JWT expires. App would then follow
normal authentication behaviour and redirect to CAS. This of course would not
work
JWT looks as a nice way for a CASified use-facing application to
communicate with internal REST APIs/microservices. These microservices
can't be accessed by users directly, don't have state and don't need to
deal with sessions and don't need to become CAS controlled services and
JWT looks as a nice way for a CASified use-facing application to
communicate with internal REST APIs/microservices. These microservices
can't be accessed by users directly, don't have state and don't need to
deal with sessions and don't need to become CAS controlled services and
Thanks Julien for your reply.
It looks like it's a static attribute. I once configured:
> ... principalAttributeList = uid, displayName, phoneNumber, emailAddress
Then I added the homeAddress attribute to database, the homeAddress attribute
is not registering (configured) to
Just opened a new topic at CAS developer:
https://groups.google.com/a/apereo.org/forum/#!topic/cas-dev/hdEXtWk9yQg
On Thursday, April 11, 2019 at 12:03:34 PM UTC+2, Michele Melluso wrote:
>
>
> Hi,
>
> I made your same path in finding a solution.
>
> Our problem is that the reset link in plain
Hi,
I made your same path in finding a solution.
Our problem is that the reset link in plain text is misinterpreted by apple
mail client, and when users click the link, the token is truncated at the
first dot occurrence.
@cas developers
Would it be a possibility to add a property to be used
Hi,
I have yesterday the same problem on a delegated auth and I needed to
watch on cas properties (as it's not listed).
On my case users can come from several auth systems, one is local from
my LDAP, but users can use a delegated auth. So in my conf I have the
basic auth from my local LDAP
Hi!
Having problems upgrading from 5.3.5 to 6.0.3 on docker.
Running fine on localhost (http), but getting errors like below on rc
(https):
2019-04-11 07:19:02,477 ERROR
[org.springframework.boot.web.servlet.support.ErrorPageFilter] -
15 matches
Mail list logo
