arpost
commented
7 years ago Actually, it seems that gateway=true is designed exactly for this purpose. Done!
Closed arpost closed 7 years ago
arpost
commented
7 years ago Actually, it seems that gateway=true is designed exactly for this purpose. Done!
In the situation where the user does not yet have a session for a web application but there is an AJAX call to a protected resource, we want the response to be 400 (Bad Request) rather than the login screen if the user has not yet logged into CAS.
Similarly, in the situation where the user does not yet have a session for a REST API but there is a call to the API, we want the response to be 400 (Bad Request) rather than the login screen if the user has not yet logged into CAS.
I believe this has to be implemented as a separate workflow in CAS server, possibly triggered by a special query parameter similar to gateway=true.