Hi,
Solutions:
- proxy CAS: As the proxy ticket can only be validated once, you will need to
cache the ticket, or create your own session
- JWT: create a JWT and check it on app B.
- oauth
- JSONP login on app B. We are using this quite a lot. Simple and works great.
Commits implementing this on angular-seed :
https://github.com/prigaux/angular-seed/commits/master
and especially the first one:
https://github.com/prigaux/angular-seed/commit/27eae718ff6fd3206f60926317c7a24ddfd79b68
I wrote some doc on this, alas in french:
http://prigaux.github.io/presentation-web-widgets-cas-jsonp/index.html#/7
Happy CAS,
cu
On 01/11/2016 20:22, Yan Zhou wrote:
Hello,
CAS protocol does not let the apps (CAS client) get TGT ticket. We have a need
for that.
We have two web apps, both are casified in CAS 4.1.X. One web app has AngularJS
(Javascript) front end, and, the other webapp is UI-Less, it just offers REST
services.
Javascript code in App A wants to call REST API in App B. We run into problem
with CORS, etc. But, even after CORS are enabled, still run into trouble.
So, the thought is, if Javascript code can get hold of TGT after user login to
the app. A, then, JS code call use CAS REST API to authenticate against the 2nd
app (the UI-less REST Services).
Is that a bad idea, and how is that possible?
Yan
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected] <mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60e5fea-2a9b-4515-8a92-a7c2c8769497%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60e5fea-2a9b-4515-8a92-a7c2c8769497%40apereo.org?utm_medium=email&utm_source=footer>.
--
Pascal Rigaux
Expert en développement et déploiement d'applications
DSIUN-SAS (service applications et services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 402 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 44 07 86 59
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ea50cbeb-3a79-ddc2-5865-f1aa0bfdd040%40univ-paris1.fr.
