Marcos, That begs the question, what benefit do you hope to get by using CAS in this way? Is it just for the single-sign on aspect? In that case, have you considered just using LDAP authentication, which would be a better fit for this scenario?
If it is just a question of the UI, it is definitely possible to customize the CAS login UI to look like an existing login page. You can also make the page appear different for a particular service provider. Thanks, Carl ----- Original Message ----- From: "Marcos" <[email protected]> To: "CAS Community" <[email protected]> Cc: "Marcos" <[email protected]>, [email protected] Sent: Wednesday, May 4, 2016 4:30:01 AM Subject: Re: [cas-user] where is TGT stored on client side? Hi Carl, Thank you for your response. The reason why I'm not using the CAS login page is that my users want to keep the current login page, so I'm trying the Ajax auth. Marcos. El martes, 3 de mayo de 2016, 19:23:32 (UTC+2), waldbiec escribió: > > > I am having trouble following this. It seems to be totally opposite of > why I would want to use CAS. > To me, the point of CAS is that I want it to be *the* central login page. > I don't want to hide it behind my own login page. > > The TGT cookie is in the user's browser, but it is supposed to be located > in the domain of the *CAS* server. When any service protected by CAS needs > to authenticate, it redirects the user's browser to the CAS server, and > that cookie is available *to the CAS service only*. It is not meant to be > shuffled around to other services, even if they are ones I maintain or > control. > > Does that make sense? Can you explain why you are trying to use ajax to > log into CAS? > > Thanks, > Carl Waldbieser > ITS Systems Programmer > Lafayette College > > ----- Original Message ----- > From: "Marcos" <[email protected] <javascript:>> > To: "CAS Community" <[email protected] <javascript:>> > Cc: [email protected] <javascript:> > Sent: Tuesday, May 3, 2016 6:30:06 AM > Subject: Re: [cas-user] where is TGT stored on client side? > > Hi, > > I'm having this same problem: > > I do login by Ajax against the SSO. I receive the cookie and the TGT, and > I > validate it against the SSO from my application server. > Then, I change from my .com domain to .es, and I lose the session on my > server and the TGT. > I'm thinking to make my SSO server to store the TGT in session and make a > method to to retrieve it. > > > > El martes, 12 de abril de 2016, 17:57:42 (UTC+2), Yan Zhou escribió: > > > > > > if user goes to another app using CAS, browser will need to send TGT > > ticket (CAS Protocol diagram shows it is getting that from cookie). > > > > If TGT is not in cookie, where does the browser getting it from when > user > > goes to another app. that uses CAS (after he login in successfully into > the > > first app.)? > > > > Yan > > > > > > On Tuesday, April 12, 2016 at 11:21:42 AM UTC-4, Misagh Moayyed wrote: > >> > >> The TGC is encrypted and signed. You wouldn’t know what’s inside it and > >> wouldn’t have access to it. (The protocol does not say that TGC is the > same > >> as TGT. It says it is a representation of the TGT identifying the sso > >> session). > >> > >> > >> > >> What kind of subsequent requests? > >> > >> > >> > >> *From:* Yan Zhou [mailto:[email protected]] > >> *Sent:* Tuesday, April 12, 2016 7:02 AM > >> *To:* Misagh Moayyed <[email protected]> > >> *Cc:* CAS Community <[email protected]> > >> *Subject:* Re: [cas-user] where is TGT stored on client side? > >> > >> > >> > >> OK, can you elaborate a bit? I am curious how this is done. > >> > >> > >> > >> I see SET-COOKIE on TGC xxxx when authentication is complete, but I do > >> not see browser sends the TGT cookie along with subsequent request. > >> > >> > >> > >> So, I wonder how this works. > >> > >> > >> > >> Thx, > >> > >> Yan > >> > >> > >> > >> On Tue, Apr 12, 2016 at 9:55 AM, Misagh Moayyed <[email protected]> > >> wrote: > >> > >> You cannot see it. > >> > >> > >> > >> *From:* [email protected] [mailto:[email protected]] *On Behalf Of > *Yan > >> Zhou > >> *Sent:* Tuesday, April 12, 2016 6:46 AM > >> *To:* CAS Community <[email protected]> > >> *Subject:* [cas-user] where is TGT stored on client side? > >> > >> > >> > >> Hi there, > >> > >> > >> > >> The CAS protocol says that TGT is stored as a cookie on client browser. > >> But, when I look at cookie on browser (Chrome), I do not see TGT, the > only > >> one there is CASSESSIONID, which is how CAS tracks user place in the > login > >> flow. > >> > >> > >> > >> Where is TGT stored on client? How can I see it? > >> > >> > >> > >> Everything works fine on server side, I do see TGT, etc., I just cannot > >> find where it is stored on client. > >> > >> > >> > >> Thanks, > >> > >> Yan > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "CAS Community" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> Visit this group at > >> https://groups.google.com/a/apereo.org/group/cas-user/. > >> To view this discussion on the web visit > >> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/15308aa1-497b-4c19-82da-a7d88b6a4b32%40apereo.org > > >> < > https://groups.google.com/a/apereo.org/d/msgid/cas-user/15308aa1-497b-4c19-82da-a7d88b6a4b32%40apereo.org?utm_medium=email&utm_source=footer> > > > >> . > >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "CAS Community" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> Visit this group at > >> https://groups.google.com/a/apereo.org/group/cas-user/. > >> > >> To view this discussion on the web visit > >> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/00dd01d194c3%24060ddb40%24122991c0%24%40unicon.net > > >> < > https://groups.google.com/a/apereo.org/d/msgid/cas-user/00dd01d194c3%24060ddb40%24122991c0%24%40unicon.net?utm_medium=email&utm_source=footer> > > > >> . > >> > >> > >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > >> > >> > >> > > > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. > > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/40e19df3-d4c7-40b5-90a7-c34994e0f6e4%40apereo.org. > > > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0ce70337-9739-4e6c-9846-be5fb274784d%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1983993536.23959747.1462367987543.JavaMail.zimbra%40lafayette.edu. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
