JASIG CAS Login without CAS login screen

Question

We are trying to use CAS server for SSO for our existing web based applications. Our goals are

• Achive SSO across the various applications (including cross domain).
• Have Customized login (In UI Terms) pages for different apps, when they are redirected to CAS Server login page.
• Ability to do login without going to the CAS Login page, reason being "A small login section" is embedded in the page itself and user will not be redirected to the CAS login page for better usability.

We are done with the first and second goal. But having problems with third one.

For this functionality we are trying to replicate the same actions as in second goal , only difference being submitting/posting the data (credentials , login tickets etc) from non CAS login page.

• We cannot use iframes to show the CAS login page in the small section , this is vulnerable to browser compatability issues.
• We cannot use ajax to use CAS api's to getting the login ticket and doing the HTTP post (cross domain issue)
• What we have done is : Retrieve the loginticket and execution id on the load of the non cas login page by doing an HTTP post on the server side. when we post the username / password along with the loginticket and execId , the CAS server instead of accepting the post data redirects the user to CAS login page but doing a browser back and submitting the data again works fine. Reasons is no jsession extablished between the CAS and the browser and hence CAS rejects any post data. We can use the CAS restAPI but it will just login the user and no help in getting the SSO done.

Any thoughts on how can we handle this problem ??

Thanks, Pratik

Answer 1

There is a wiki page on CAS which debates about that : https://wiki.jasig.org/display/CAS/Using+CAS+without+the+Login+Screen (but which is older than the google groups discussion proposed by Misagh M).

My solution is "Using CAS from external link or custom external form".