IIUC the errors are being displayed inside casLoginView.jsp
by <form:errors path="*" id="msg" cssClass="errors" element="div" /> I am not familiar with JSP and Spring MVC, but it would be nice to generate an html redirect back to the original service when such errors occur: |<meta http-equiv="refresh" content="0; url=http://original-service?error=..."; /> and appending the error message, such that the content management system could display it accordingly. Does anyone have an idea how to do this best with JSP and Spring MVC, or would it be better to change the CAS flow somehow? Thanks Michael | Am 09.11.13 17:52, schrieb Michael Wechner: > Thanks for you feedback as well. > > I have the tried the solution described at > > https://wiki.jasig.org/display/CAS/Using+CAS+from+external+link+or+custom+external+form > > and this works fine. > > As others noted one still has to figure out how to handle errors and > also it might > be a bit irritating that while CAS is doing the login process the > browser screen becomes / stays "white" for > some time, until it finally does the redirect back to the content > management system. > > Thanks > > Am 08.11.13 23:26, schrieb KaTeLmE: >> Sorry i forgot the wiki link lol >> >> https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen >> >> >> 2013/11/8 KaTeLmE <kate...@gmail.com <mailto:kate...@gmail.com>> >> >> Seems like this to increase the security and avoid CSRF attacks. >> It forces to any application to submit the credentials by POST >> method in CAS server app. >> >> See my comment in CAS wiki >> >> If you need avoid that behaviour, for example to submit via >> ajax...., you should create a non-interactive authentication >> action >> (org.jasig.cas.web.flow.AbstractNonInteractiveCredentialsAction) >> like SPNEGO, X509 Certificates or remote trusted client are >> doing, and modify the login-webflow to handle you behaviour. >> >> I hope that this helps you!! >> >> >> 2013/11/8 Michael Wechner <michael.wech...@wyona.com >> <mailto:michael.wech...@wyona.com>> >> >> Hi >> >> I am still working on generating the login screen by the >> content management system instead CAS, >> whereas I have read >> >> https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen >> >> I understand that one wants to prevent that credentials are >> being sent to the content management system, >> but having the action pointing to the CAS Server directly >> >> <form >> action="https://127.0.0.1:7070/cas-server-webapp-3.5.2/login"; >> method="POST"> >> >> does not seem to me like violating in security issues. >> >> But of course this does not work because of the required >> Login Ticket. >> >> I have been reading >> >> http://www.jasig.org/cas/protocol >> >> but I still don't really understand what's the purpose of the >> Login Ticket. >> Does somebody have some more hints on this? >> >> I am currently considering to disable the login ticket >> validation inside >> >> >> cas-server-3.5.2/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java >> >> but I guess this is not really considered best practice :-) >> >> Thanks >> >> Michael >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org >> <mailto:cas-user@lists.jasig.org> as: kate...@gmail.com >> <mailto:kate...@gmail.com> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> You are currently subscribed tocas-u...@lists.jasig.org >> as:michael.wech...@wyona.com >> To unsubscribe, change settings or access archives, >> seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > michael.wech...@wyona.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
