Login includes advisory attributes that help CAS to present its end user experience. These attributes must not have security implications because they are succeptible to end user manipulation (are passed through a redirect on the user's web browser). - service — specifies the identity of the service for which a Service Ticket is desired. Also the URL to which CAS redirects the web browser after a succesful authentication.
- gateway — specifies whether CAS must immediately redirect back to the service. When true, CAS must not render any login pages but must instead immediately redirect back to the service desiring CAS authentication, either having succeeded in authenticating the request without rendering a login screen (single sign on) and including a corresponding service ticket or failing to authenticate the user and including no ticket.
- renew — specifies whether Single Sign On authentication is acceptable or whether CAS must re-render the login screen providing the user an opportunity to present primary credentials anew. Without this feature, CAS would provide users the bad user experience of failing to render the login screen, redirecting the user back to the application, and yet having authentication fail because the ticket ultimately will not be accepted by the application.
|