One approach would be to use the CAS RESTful API in the rich client to create a TGT. The rich client would use that TGT to create ST's with the RESTful API to access the web-service. In order to support the web browser the rich client could store the TGT in the same way the browser (which varies by browser) reads cookies. This would mean when the web browser is opened it would hit the service and then ask the cas server for a ST and the CAS server would see the TGT allowing SSO. Then even if the user clicks on a link in that web app that requires SSO it would still be performed as long as the TGT was still valid.
On Thu, Aug 20, 2009 at 1:54 PM, Aksel <[email protected]> wrote: > I have a customer that wants to call a CAS protected web-service from a > windows desktop client. He also wants to share the session with a > web-browser. This means clicking on a link inside the thick client to open a > browser with an already established CAS session to use a web-application. > Does anyone know if this is possible with CAS? > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
