Hi All,
I recently wrote a small library for CAS impersonation -- meaning that a user
could quickly authenticate and send a request+data through CAS as another user
for the purposes of calling an API/Webservice that is secured by CAS.
My question is this: should this even be done? Perhaps I'm really
circumventing what CAS is meant for in the first place.
To clarify, this is what I'm doing:
- Alice logs into CASified webapp W
- W needs to retrieve data from service S
- W uses library to contact S as "imaginary" user Bob
- S performs task UNRELATED to user Bob (GetAllUsers(...) or something
like that)
- W receives data back from S and uses it appropriately
Again, Bob is not a true user (student/staff/faculty), but an account made
solely for contacting this service.
Anything look wrong here?
Best,
Eric Lauffenburger
[email protected]
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
