Hi
I am still working on generating the login screen by the content
management system instead CAS,
whereas I have read
https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen
I understand that one wants to prevent that credentials are being sent
to the content management system,
but having the action pointing to the CAS Server directly
<form action="https://127.0.0.1:7070/cas-server-webapp-3.5.2/login";
method="POST">
does not seem to me like violating in security issues.
But of course this does not work because of the required Login Ticket.
I have been reading
http://www.jasig.org/cas/protocol
but I still don't really understand what's the purpose of the Login Ticket.
Does somebody have some more hints on this?
I am currently considering to disable the login ticket validation inside
cas-server-3.5.2/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java
but I guess this is not really considered best practice :-)
Thanks
Michael
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
