jm, This sounds like proxy protocol, https://apereo.github.io/cas/6.0.x/installation/Configuring-Proxy-Authentication.html Your APIs will have to be CASified.
Ray On Mon, 2019-08-19 at 21:20 -0700, jm wrote: Hi all, There are some sensitive API providers(services without web interface) in our company, and some web services will invoke those APIs. Web services are all logged in via CAS service provided by me. Here comes the requirement: sensitive API providers want to obtain orgin caller from the caller. They want to know the origin user and the origin service to which the user logged in. So I have to record some information when some events happen, they are: 1. User authentication successfully 2. ST granted and validated successfully 3. TGT expired I have an idea to do this. I can make an aspect to hijack inspectr framework's APIs, in aspect I will get AuditActionContext object and do a HTTP call to send this audit event to my service. But is there better way to do this? Like subscribing some events directly in CAS or ... something I didn't realized. James -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d4d392407572532a03287f96fc0b31ab23422e54.camel%40uvic.ca.
