Ram,
Two things:
1. I think you should spend some time reading about the CAS architecture so
you how it works.
CAS 1 architecture: http://www.jasig.org/cas/cas1-architecture
CAS 2 architecture: http://www.jasig.org/cas/cas2-architecture
Proxy authentication: http://www.jasig.org/cas/proxy-authentication
The TGT is some information granted by the CAS server and retained by
the user as proof the user logged in.
The ST is some information granted by the CAS server, passed along by
the user, and verified by CAS client protecting application to ensure user
logged in.
2. Check out the RESTful API
RESTful API: http://www.ja-sig.org/wiki/display/CASUM/RESTful+API
HTH,
A-
On 6/15/09 8:51 AM, "Ram Mohan" <[email protected]> wrote:
> Hi,
>
> I am a newbie to CAS and security. In my case, CAS Server 3.3.2 + Acegi CAS
> Client is used for Authentication.
> I took up a task of providing API for username/password authentication i.e,
> MyClass.authenticate(Credentials credentials).
> I think I dont even need to generate a Service Ticket. TGTĀ cookie is enough.
>
> For me, its simply looking like authentication without the login UI and
> sending the credentials as parameters in the request.
> am i going in the right direction? also, i think application of this sort
> would already have been implemented as this is a common scenario. Any pointers
> in this regard would be very helpful
>
> Thanks in advance,
> Ram
--
Andrew Feller, Analyst
LSU University Information Services
200 Frey Computing Services Center
Baton Rouge, LA 70803
Office: 225.578.3737
Fax: 225.578.6400
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
