Hi Scott, My replies inline
________________________________ From: Scott Battaglia <[email protected]> To: [email protected] Sent: Wednesday, September 7, 2011 5:06 AM Subject: Re: [cas-dev] RESTful and Digest On Wed, Aug 17, 2011 at 10:26 AM, Ravi Julapalli <[email protected]> wrote: Hi, > >We have been looking at CAS being a solution to federate a set of internal and >external websites. >One of the key requirements of our project is to have a "encrypted digest" >that is passed by client sites to server so as to validate that requests are >indeed coming from known sources. Any reason locking it down via the existing services management tool won't work? Ravi:- Our current project involves having 3rd party payment gateway (Paywizard) with SSO, and Paywizard would not accept any requests / responses that donot have digest with them. The algorithm for Digest and what constitutes the digest is being custom built by us. >We would also like to change the format of XML responses that are sent out by >server. The XML is merely stored in JSP pages that you can change (unless you're using SAML) I am seeking for some guidance on the following 1. Is there existing ability with CAS to perform a preliminary check requests (authenticate etc) are addressed. > You can easily do it as part of the login flow (which is a Spring Web Flow file), though I would confirm that the Services Management Tool doesn't meet your needs. Ravi:- Does this mean we would need to alter Services Management Tool. I think use of Digest in headers is often specially when systems are remotely located on different networks. If we are to make changes to Services Management Tool, i would like to do it in such a way that the code we develop can be contributed back. Would welcome your advice. 2. If we are to write this custom piece of code , where would we have to write this code. >3. How can we change the structure of XML response from CAS on a validate >request. Our intention is to have all validations done as RESTful with XML >responses. There are a number of JSP pages in the webapp that you would need to replace. All CAS Service validate calls are "RESTful-like" and they already work with all clients so I don't know what benefit you gain by customizing them. Ravi:- Changes to structure of XML is to incorporate Digest element. Cheers, Scott Being new to CAS and also to Java, any help provided enabling me to understand the architecture better and help resolving requirements is greatly appreciated.best regards, >Ravi > >-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
