Am 10.11.13 14:32, schrieb Michael Wechner:
IIUC the errors are being displayed inside
casLoginView.jsp
by
form:errors path=* id=msg cssClass=errors element=div /
I am not familiar with JSP and Spring MVC, but it would be nice to
generate an html redirect back to the original service
IIUC the errors are being displayed inside
casLoginView.jsp
by
form:errors path=* id=msg cssClass=errors element=div /
I am not familiar with JSP and Spring MVC, but it would be nice to
generate an html redirect back to the original service when such errors
occur:
|meta http-equiv=refresh
Hi,
Quoting Scott from a discussion on a pull request :
*The reason that LoginTickets/Tokens exist (which essentially forces a
session) was to combat an issue with browsers reposting credentials when
users hit the back button. This issue was around in 2005. Not sure if its a
major issue right
Thanks for your explanation. Some time ago I posted a similar question,
but missed somehow the reply of David Ohsie (but found it now via
Google), where he also mentioned this scenario
http://www.mail-archive.com/cas-user@lists.jasig.org/msg14315.html
I understand this security risk, but I
Thanks for you feedback as well.
I have the tried the solution described at
https://wiki.jasig.org/display/CAS/Using+CAS+from+external+link+or+custom+external+form
and this works fine.
As others noted one still has to figure out how to handle errors and
also it might
be a bit irritating that
Hi
I am still working on generating the login screen by the content
management system instead CAS,
whereas I have read
https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen
I understand that one wants to prevent that credentials are being sent
to the content management
michael.wech...@wyona.com
אל: cas-user@lists.jasig.org cas-user@lists.jasig.org
נושא: [cas-user] Why is a login ticket needed?
תאריך: יום ו׳, נוב 8, 2013 19:59
Hi
I am still working on generating the login screen by the content
management system instead CAS,
whereas I have read
https://wiki.jasig.org
Seems like this to increase the security and avoid CSRF attacks. It forces
to any application to submit the credentials by POST method in CAS server
app.
See my comment in CAS wiki
If you need avoid that behaviour, for example to submit via ajax, you
should create a non-interactive
Sorry i forgot the wiki link lol
https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen
2013/11/8 KaTeLmE kate...@gmail.com
Seems like this to increase the security and avoid CSRF attacks. It forces
to any application to submit the credentials by POST method in CAS server