Skip to content

Home

Jump to bottom Edit New page
peakpg edited this page Apr 26, 2011 · 9 revisions

Issue – CAS module autologin a user is already logged in via another service.

Assume I have the following:

  1. Cms website – browsercms.org – Uses an embedded login form on every page, and dynamically shows form if user is not logged in.
  2. Other CAS enabled website – othersite.org
  3. CAS Server – cas.browsercms.org
  4. A GSA/Google Mini – gsa.browsercms.org – Set up to crawl sites 1 and 2 above.

If a user goes othersite.org, logs in using CAS, they will have sessions on both CAS and othersite, but not on browsercms.org. The ‘proper’ solution would be to turn on gateway, but this doesn’t work properly with BrowserCMS becuase:

  1. Caching: Most HTML pages are cached by Apache, so the CMS never gets a chance to handle redirects.
  2. Performance: Even if caching were disabled, this would add two additional redirects for every single page/image/etc in the entire site.
  3. Google Search Appliance/Mini: Does not react well to the multiple redirects that gatewaying causes.

Options:

Can I add an iframe to each CMS page that makes a request to cas.browsercms.org? It would have access to the ticket granting cookie (TGC). It could use gatewaying and detect if a ST was return, then cause a complete page redirect if the user was logged in? This would add some load for each page, but we can rate limit it if needed.

Reference URLs:

  • :https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen
Add a custom footer
Add a custom sidebar
Clone this wiki locally