[web2py] Re: In search of CAS 2 provider and consumer example

Thu, 28 Feb 2013 15:17:32 -0800 

It is not a bug. CAS is different from OAuth. In OAuth the provider must be 
authorized to pass user info to another app. In CAS no. CAS passes user 
info (username, etc but not password) to all the apps which requeste it 
within the trusted realm. By default the trusted realm is the domain.

If the user is already logged into the provider and visits the consumer, 
the user is not required to authenticate again (consumer redirects to 
provider which redirects back to consumer).

Massimo

On Thursday, 28 February 2013 16:34:02 UTC-6, rh wrote:
>
> On Thu, 28 Feb 2013 13:57:00 -0800 (PST) 
> Massimo Di Pierro 
> <massimo....@gmail.com <javascript:>> wrote: 
>
> > Without ssl which adds complication ... Can you explain in detail 
> > what does not work? Is the consumer app not redirecting to the 
> > provider? Do you get an error? Do you get redirected back? 
>
> It is working now, read on for more. 
> I just finished re-testing with a new virtualenv and a fresh web2py that I 
> got from github. 
>
> Not sure how to categorize this issue but I was expecting not to see the 
> consumer app page until after I authenticated on the provider page. 
> Is it a doc bug? 
> Seeing the consumer page before authenticating was what had 
> me duped.  And I think that the CAS documentation should include 
> this important step. It seems that without the decorator there's 
> no point of authenticating in this example. 
>
> To see only the provider login page when going to the "consumer" page 
> I add the auth decorator to 
>
> applications/consumer/controllers/default.py 
>
> (Here's the complete index function with decorator to avoid confusion 
> for anyone else.) 
>
> @auth.requires_login() 
> def index(): 
>     """ 
>     example action using the internationalization operator T and flash 
>     rendered by views/default/index.html or views/generic.html 
>
>     if you need a simple wiki simple replace the two lines below with: 
>     return auth.wiki() 
>     """ 
>     response.flash = T("Welcome to web2py!") 
>     return dict(message=T('Hello World')) 
>
> Thanks again for the help. 
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to