Contents
- Overview
- Before You Register Your Application URL
- Register Your Application URL
- Web Login process
- Access Control
- Sample Clients
- Frequently Asked Questions
- Troubleshooting
- Technical Support
...
UH Login (CAS) is available for University of Hawai?i (UH) Web site developers to authenticate users with their UH username and password. It alleviates the problem of having to develop a user authentication system as part of the Web-enabled application (web application) development. It also provides increased security for users by not allowing Web applications to handle their passwords (often using insecure means such as sending it in the clear or unnecessarily storing it).
UH Login (CAS) enhances security by requiring Web application developers to register their applications. This prevents rogue Web applications, phishing Web sites, etc., from misusing this service and misleading UH community members.
...
- Will authentication include the release of attributes to your application?
- If yes, UH Data Governance guidelines apply. For each unique application you must submit a separate request. What that means is that you cannot register a single URL and host multiple applications under it.
- Is your application hosted on a non-UH server?
- If yes, your request may be subject to the UH Data Sharing Request process. Please send an inquiry to datagov@hawaii.edu or call 956-7487.
Anchor | ||||
---|---|---|---|---|
|
...
url
(DISABLED)Note Although Jasig's CAS protocol documentation describes the use the the
url
parameter, the Jasig developers have disabled it in recent versions of CAS to prevent potential abuse. Their explanation of the situation may be found in this thread from the cas-users mailing list. Theurl
parameter defined in the former CAS 2.0 specification is not a valid parameter in CAS 3.0 anymore. CAS Servers MUST ignore givenurl
parameters.
Examples
To logout a user and prevent her from automatically logging back into a Web application, the Web application can forward the user to the Logout URL of UH Login. That URL will destroy the ticket-granting cookie that enables the single sign-on feature and gives the user a page that informs them that they have logged out of UH Login.
No Format https://$WEBLOGIN-HOST/cas/logout
To logout a user and prevent her from automatically logging back into a Web application, the Web application can forward the user to the Logout URL of UH Login. That URL will destroy the ticket-granting cookie that enables the single sign-on feature and redirect the user to the URL identified by the
service
parameter.No Format https://$WEBLOGIN-HOST/cas/logout?service=https://myserver/myapp
Info The URL provided by the
service
parameter must be registered to use UH Login.
...
Application Not Authorized to Use UH Login
Problem:
Your application cannot successfully authentication against CAS.
Example error message:
Expand | ||
---|---|---|
|
Solutions:
Expand | ||
---|---|---|
|
...