There have been several requests on this, so I think it’s safe to say that JWT generation can of course be on the roadmap, provided you file an issue, make the request and explain the use case in as much detail as possible. If you are also able and willing to participate in the feature development/testing, that would also be a major plus for “roadmap” items to be accepted and released.
--Misagh From: [email protected] [mailto:[email protected]] On Behalf Of Lewis Henderson Sent: Wednesday, November 16, 2016 4:29 AM To: [email protected] Subject: Re: [cas-user] Re: CAS and OAuth interoperability Jerome, The CAS secured application is from a third party that I cannot modify. On the JWT front, I like the idea of this behind the gateway. I understand from the website that CAS JWT support is 'read only' in that it does not generate JWTs. Is generation on the roadmap? Are there any examples of JWT in action that I can reference? Cheers Lewis Henderson Director CobraFlow Limited M:0788 7788 436 Skype:CobraFlow www.cobraflow.com <http://www.cobraflow.com> On 16 November 2016 at 10:59, Jérôme LELEU <[email protected] <mailto:[email protected]> > wrote: Hi, You may change your CAS-secured application into an OAuth-secured application to directly retrieved an access token, but in any case, you'll need to check this access token via the CAS server from the OAuth resource server. So indeed, using JWT is a way to pass identity from one app to the other, without requiring a third-party to validate the identity. Best regards, Jérôme 2016-11-16 8:36 GMT+01:00 Lewis Henderson <[email protected] <mailto:[email protected]> >: Thanks for jumping in Jerome. I have the situation where I have OAuth secured resources behind a Zuul edge gateway. The gateway is secured by CAS (OAuth & CAS). I now need a CAS secured application to be able to talk to an OAUth resource server behind the gateway. So far, the external application authenticates successfully and retrieves it's proxy ticket ready to talk to the resource server. In theory, I could also secure the resource server with CAS to accept the proxy ticket, but this is just duplicating the work. The application is already authenticated with the gateway and has been able to get a proxy ticket for the resource server. It seems that I should be able to just 'pass the authentication' on. Would JWT be a solution if conversion to an OAuth token is not a good idea? -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:cas-user%[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/50bd7ae6-1ea3-484a-930e-d9c359ac9c88%40apereo.org. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LyAZ%2B5z8YjviDrAOE5D-rFg-5%3DEeGzXT5UAuYA7D%3D4-_A%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LyAZ%2B5z8YjviDrAOE5D-rFg-5%3DEeGzXT5UAuYA7D%3D4-_A%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGxExJ6a%2BfSzzzzgD9mm7ea%3D2%2BW1i45a0b-Qu6uepsN-jjQa2w%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGxExJ6a%2BfSzzzzgD9mm7ea%3D2%2BW1i45a0b-Qu6uepsN-jjQa2w%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00ec01d2401b%2489d8b0e0%249d8a12a0%24%40unicon.net.
