saying that you will use MAC doesnt really say HOW you are going to implement sso.
if you are going to use CAS, at least from what i understand of it, here is one way the integration can work: user is on a page they click a link that requires login your iauthorizationstrategy implementation detects that next action requires login, it checks for CAS token, doesnt see it, it then records the current url and issues a 302 to CAS passing in the current url as a callback user sees CAS login page user authenticates CAS redirects back to the callback url the url again causes your iauthorizationstrategy implementation to wake up. this time it sees the CAS token and lets the action proceed. -igor On Thu, Jun 18, 2009 at 7:51 PM, Jeff Longland<[email protected]> wrote: > I'm relatively new to Wicket and trying not to carry forward any > preconceived notions from other frameworks. What is the > suggested/preferred means of authenticating single sign-on requests > from another application? In particular, I'm thinking about MAC > (http://en.wikipedia.org/wiki/Message_authentication_code) but could > potentially use a proper single sign-on framework ala CAS. I've > searched the list and saw some mention of using a servlet filter? Any > guidance would be appreciated. > > Thanks, > Jeff > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
