Is there an example of this anyplace I can look at? -Joe
On Fri, Dec 27, 2013 at 11:52 PM, Jérôme LELEU <[email protected]> wrote: > Hi, > > OK. You don't need an auto login process here (as you don't have the user's > password, which is a good thing), but as I also suggested, you need an > authentication handler taking a username and a OTP (one-time password) = an > authentication code, to authenticate a user. I would got that way. > > So you would have two authentication handlers, one processing user's login > and password and one processing a username and an authentication code (which > can be used only once). > > Best regards, > Jérôme > > > > 2013/12/27 Joe <[email protected]> >> >> Sorry, rereading what I want to do, I can see now, how it's a bit >> misleading. >> >> So (on the application server side) I have authenticated the user via an >> authentication code, and have created the account. CAS has not yet >> authenticated the user. I want to tell CAS that the current user and >> session is authenticated without passing the password back over the public >> wire .(The application server might pass the user/password to CAS). >> >> I can think of a few ways to do this, but is there a recommended way? >> >> -Joe >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
