I am having trouble following this. It seems to be totally opposite of why I would want to use CAS. To me, the point of CAS is that I want it to be *the* central login page. I don't want to hide it behind my own login page.
The TGT cookie is in the user's browser, but it is supposed to be located in the domain of the *CAS* server. When any service protected by CAS needs to authenticate, it redirects the user's browser to the CAS server, and that cookie is available *to the CAS service only*. It is not meant to be shuffled around to other services, even if they are ones I maintain or control. Does that make sense? Can you explain why you are trying to use ajax to log into CAS? Thanks, Carl Waldbieser ITS Systems Programmer Lafayette College ----- Original Message ----- From: "Marcos" <[email protected]> To: "CAS Community" <[email protected]> Cc: [email protected] Sent: Tuesday, May 3, 2016 6:30:06 AM Subject: Re: [cas-user] where is TGT stored on client side? Hi, I'm having this same problem: I do login by Ajax against the SSO. I receive the cookie and the TGT, and I validate it against the SSO from my application server. Then, I change from my .com domain to .es, and I lose the session on my server and the TGT. I'm thinking to make my SSO server to store the TGT in session and make a method to to retrieve it. El martes, 12 de abril de 2016, 17:57:42 (UTC+2), Yan Zhou escribió: > > > if user goes to another app using CAS, browser will need to send TGT > ticket (CAS Protocol diagram shows it is getting that from cookie). > > If TGT is not in cookie, where does the browser getting it from when user > goes to another app. that uses CAS (after he login in successfully into the > first app.)? > > Yan > > > On Tuesday, April 12, 2016 at 11:21:42 AM UTC-4, Misagh Moayyed wrote: >> >> The TGC is encrypted and signed. You wouldn’t know what’s inside it and >> wouldn’t have access to it. (The protocol does not say that TGC is the same >> as TGT. It says it is a representation of the TGT identifying the sso >> session). >> >> >> >> What kind of subsequent requests? >> >> >> >> *From:* Yan Zhou [mailto:[email protected]] >> *Sent:* Tuesday, April 12, 2016 7:02 AM >> *To:* Misagh Moayyed <[email protected]> >> *Cc:* CAS Community <[email protected]> >> *Subject:* Re: [cas-user] where is TGT stored on client side? >> >> >> >> OK, can you elaborate a bit? I am curious how this is done. >> >> >> >> I see SET-COOKIE on TGC xxxx when authentication is complete, but I do >> not see browser sends the TGT cookie along with subsequent request. >> >> >> >> So, I wonder how this works. >> >> >> >> Thx, >> >> Yan >> >> >> >> On Tue, Apr 12, 2016 at 9:55 AM, Misagh Moayyed <[email protected]> >> wrote: >> >> You cannot see it. >> >> >> >> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Yan >> Zhou >> *Sent:* Tuesday, April 12, 2016 6:46 AM >> *To:* CAS Community <[email protected]> >> *Subject:* [cas-user] where is TGT stored on client side? >> >> >> >> Hi there, >> >> >> >> The CAS protocol says that TGT is stored as a cookie on client browser. >> But, when I look at cookie on browser (Chrome), I do not see TGT, the only >> one there is CASSESSIONID, which is how CAS tracks user place in the login >> flow. >> >> >> >> Where is TGT stored on client? How can I see it? >> >> >> >> Everything works fine on server side, I do see TGT, etc., I just cannot >> find where it is stored on client. >> >> >> >> Thanks, >> >> Yan >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/15308aa1-497b-4c19-82da-a7d88b6a4b32%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/15308aa1-497b-4c19-82da-a7d88b6a4b32%40apereo.org?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/00dd01d194c3%24060ddb40%24122991c0%24%40unicon.net >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00dd01d194c3%24060ddb40%24122991c0%24%40unicon.net?utm_medium=email&utm_source=footer> >> . >> >> >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >> >> >> > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/40e19df3-d4c7-40b5-90a7-c34994e0f6e4%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1397624515.23601853.1462296190995.JavaMail.zimbra%40lafayette.edu. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
