Here is the item I mentioned about the confirmation page in the
webauth FAQ ("Why does weblogin display another page after login?"):
http://webauth.stanford.edu/faq.html#PF02
This could be replaced by an HTTP redirect.
Bob say's we might at least want it to be conditional on whether
it's the initial login. And, part of the intent is also to provide a
final opportunity for the user to cancel, which would be lost
in always refreshing. (I'm not sure how critical that feature
is, though).
Ideally, perhaps this should be user-configurable. I don't
think we need to solve this for the pilot, though...
Concerns from Jeff Schiller (8/1/2006)1. Can be supported from a CGI(or fcgi) script (no integration with
base webserver required).
2. 1 can be done from Java, PHP, Perl and Python under Solaris,
Linux and IIS/Windows.
a) Libraries already available for these languages/operating
system, or token format trivial enough that parsing it doesn't
require a major development effort.
b) Simple design, doesn't require multiple message exchanges
between the various system components.
3. May have an Apache module available. Both for version 2.X and
1.3.X.
4. Is secure (of course).
I wrote a system a number of years ago (which we actually used in production for two years for the undergraduate housing lottery) which met these requirements (well, we never did 3, but we didn't need to). Code to create and parse the tokens was written in Java, C and Python (Perl would not be hard to add, nor PHP).
I can share the code, formats, I just have to find the code... We stopped using it when we converted to using Certificates even for the incoming students accessing the lottery the summer before they arrived on campus.