Hey, everybody. To preface this, I've tried both googling and looking through the discussions here but still haven't found an answer for the following situation.
I'm currently building a back-end service with no web-based nor native GUI and I'm having trouble coming up with a proper way to secure it with CAS (5.3, if that matters). My plan right now is to have an endpoint in my API where the user can POST their credentials which I will forward to CAS's REST API (with the ID of my service) .I will then return the TGT that CAS gives me to the user and on any subsequent data request I will try to extract the same TGT (header, cookie, whatever) and validate it by requesting a ST for my own service from CAS. It *works *but it sounds a bit stupid because I don't actually do anything with ST, it's just a confirmation call to make sure the TGT is valid. This flow is the one I've managed to piece together basically on my own as the REST API portion of the official documentation is really lacking in my opinion. Is there a better solution to this problem? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c4d561cf-8734-40ef-97ea-2c193147bc10%40apereo.org.
