Support non-interactive logins

Question

Support non-interactive logins

Closed this issue 7 years ago · 1 comments

In the situation where the user does not yet have a session for a web application but there is an AJAX call to a protected resource, we want the response to be 400 (Bad Request) rather than the login screen if the user has not yet logged into CAS.

Similarly, in the situation where the user does not yet have a session for a REST API but there is a call to the API, we want the response to be 400 (Bad Request) rather than the login screen if the user has not yet logged into CAS.

I believe this has to be implemented as a separate workflow in CAS server, possibly triggered by a special query parameter similar to gateway=true.

Answer 1 · 2017-08-14T19:46:05.000Z

Actually, it seems that gateway=true is designed exactly for this purpose. Done!