Hi, the solution was not selected for PoC. --
s pozdravem *Petr Gašparík* konzultant IT bezpečnosti gsm: [+420] 603 523 860 e‑mail: [email protected] *AMI Praha a.s.* Pláničkova 11, 162 00 Praha 6 tel.: [+420] 274 783 239 | web: www.ami.cz [image: AMI Praha a.s.] Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s. jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu. Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování, zprostředkování nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh. Nakládáním s neoprávněně získanými informacemi se vystavujete riziku právního postihu. út 26. 11. 2019 v 14:14 odesílatel Artur Łaga <[email protected]> napsal: > Hi, > > Would you manage to achieve the scenario you wanted with surrogate > mechanism? > I'm interested in the 2nd point from you scenario in particular. > > I'm trying to get almost the same working path, but have problem with > generating TGT through REST Api - it's looked like the REST Api doesn't > accept the surrogate special syntax > ([surrogate-userid][separator][primary-userid]). Calling the TGT method as > described in > https://apereo.github.io/2019/06/12/cas61x-rest-api/#exchange-tokens with > surrogate in username param always gives AccountNotFoundException exception. > > My CAS instance is configured with surrogate auth enabled - the normal > authentication with impersonate is working well. > > Regards, > Artur > > > W dniu środa, 28 sierpnia 2019 23:50:36 UTC+2 użytkownik Petr Gašparík - > AMI Praha a.s. napisał: >> >> Oh! I know! >> >> https://apereo.github.io/cas/6.0.x/installation/Surrogate-Authentication.html#preselected >> >> It is done simply by +user in REST authentication request, right? Genial! >> >> Petr >> >> On Wednesday, August 28, 2019 at 9:42:17 AM UTC+2, Petr Gašparík - AMI >> Praha a.s. wrote: >>> >>> Hi Misagh, >>> that's what I don't know for sure. >>> >>> Can be REST used for issuing TGT for different user than authenticated >>> one? Like "sudo make TGT for userX" ? >>> I studied wiki, I think sudoer needs to know user's password. >>> >>> -- >>> >>> s pozdravem >>> >>> *Petr Gašparík* >>> solution architect >>> >>> gsm: [+420] 603 523 860 >>> e‑mail: [email protected] >>> >>> *AMI Praha a.s.* >>> Pláničkova 11, 162 00 Praha 6 >>> >>> tel.: [+420] 274 783 239 | web: www.ami.cz >>> >>> [image: AMI Praha a.s.] >>> >>> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá >>> za společnost AMI Praha a.s. >>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít >>> výhradně písemnou formu. >>> >>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může >>> obsahovat důvěrné nebo osobní >>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv >>> zveřejňování, zprostředkování >>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail >>> neoprávněně, informujte o tom prosím >>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně >>> všech jeho příloh. Nakládáním >>> s neoprávněně získanými informacemi se vystavujete riziku právního >>> postihu. >>> >>> >>> út 27. 8. 2019 v 21:45 odesílatel Misagh <[email protected]> napsal: >>> >>>> Wouldn't step 1 and 2 also be handled using the rest protocol? >>>> >>>> On Tue, Aug 27, 2019, 6:48 PM Petr Gašparík - AMI Praha a.s. < >>>> [email protected]> wrote: >>>> >>>>> Hi, >>>>> in my proof of concept, I want piece of code (program library) to *log >>>>> in user to CASified application without user's password.* >>>>> >>>>> That could be done in this way: >>>>> >>>>> 1. library authenticates to CAS with its login/password >>>>> - CAS responds with OK/fail >>>>> 2. library requests to generate TGT for specified user >>>>> - CAS responds with TGT >>>>> 3. library requests ST via TGT >>>>> - CAS responds with ST >>>>> 4. library forms URL for CASified application with ST >>>>> 5. user is logged in to CASified application >>>>> >>>>> I know steps 3-5 are doable through REST + CAS protocol. >>>>> >>>>> *What about step 2, how to do that*? Can I for example use >>>>> suggoration for that? >>>>> >>>>> (CASified application means application that use CAS client to get >>>>> authenticated users from CAS) >>>>> >>>>> best regards >>>>> >>>>> *Petr Gašparík* >>>>> >>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABAspd0yUWw42pPzBTgErQkTyoV_u1tszcjg5M7oNwRsM%3D_6Vg%40mail.gmail.com >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABAspd0yUWw42pPzBTgErQkTyoV_u1tszcjg5M7oNwRsM%3D_6Vg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGSBKkcBb3d0m%3D_oUe-M1PZdUeoEp0%3DUYfZP6o%3DD4%2BbTHL4gHg%40mail.gmail.com >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGSBKkcBb3d0m%3D_oUe-M1PZdUeoEp0%3DUYfZP6o%3DD4%2BbTHL4gHg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/7b9a0d8f-ee9f-42f7-9cde-ef57591c4280%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7b9a0d8f-ee9f-42f7-9cde-ef57591c4280%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABAspd1q8L94DQb%2BKbJ3S5DR2TB0kVukO5ue1u3r7d0mxuGJ1g%40mail.gmail.com.
