They are both conceptually, more or less, the same. The caveat with the REST API is, you will have to manage the SSO session, and you will need to manually pass in the uid/psw to CAS while with the proxy scenario, the user is required to be present to do that for you automatically and CAS keeps SSO. Also, turning on the REST API has the potential of becoming the target of DOS attacks, unless properly secured.
-- Misagh From: Robert <[email protected]> Reply: Robert <[email protected]> Date: July 11, 2016 at 1:36:54 AM To: CAS Community <[email protected]> Subject: [cas-user] CAS with REST services We are currently using CAS 3 for a traditional web application, and we are moving towards a more modern architecture with a single page application and rest services. My first question would be if the CAS protocol is still the right choice for us. I don't have experience with development using CAS so far, but I tried to gather information about it. Looking at the CAS protocol at https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html it seems that the normal web flow is not appropriate anymore for our application. I read that CAS 4 contains a REST service for requesting TGTs and STs. So I had the following simple solution in mind for our application. The client (browser) would initially request a TGT from the CAS server and store this. Each time when the client needs to call one of our REST services, it would request a ST from the CAS server and call our service with the ST. The application service would verify the ST with the CAS server before executing the method. The downside of this solution is that 2 additional remote calls need to be made for each app service call. Documentation seems to point towards Proxy Granting Tickets, such as in the Spring Security documentation http://docs.spring.io/spring-security/site/docs/4.1.0.RELEASE/reference/htmlsingle/#cas-pt-client But I can't find a conceptual explanation why I need it and how it works. When I look at the CAS protocol documentation for proxy's it just seems to add even more overhead compared to my solution and we would need a proxy web application. that we need to call instead of the actual app service. https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol.html Thanks for any help you can provide me. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c81eba4-f0ed-45ac-a362-d7f4d95c8077%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57869b3a.5faee68a.14275%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
