Ritesh, Can the service be modified to use OAuth2 or OIDC for authorization/authentication instead of PGT?
Ray On Sun, 2022-07-10 at 19:45 -0700, Ritesh Tripathi wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Folks, We have the following scenario: A. We have a web-app that is deployed in tomcat container and protected via cas-client. B. The browser based interaction all works well with authentication via CAS Server. C. We have an android app - that also authenticates with CAS via OIDC protocol. [In the cas - user authenticates via delegated oAuth2 protocol via gmail, so we don't have access to user password]. D. In mobile - app - we are able to authenticate successfully and get the userid. E. The mobile app - needs to call the REST Web-service - from a URL that is protected via CAS Client. [so both mobile app and web-app are talking to same URL]. F. Now - when we make calls to REST Web-service that is protected via CAS from mobile app - we are redirected to login page. Since we don't have access to password of the user - we can't use the REST Web-service for CAS to get the TGT for user and hence ST for the rest-web-service. Alternatively - if we internally hard-code some user of CAS to fetch the TGT and then ST, it add about 300 ms of additional time to service calls and additional 2 calls to be made to fetch the data from REST API for each API Call. This leaves us an option of proxy authentication. The issue is that we are unable to get the Proxy Granting Ticket for mobile app - when we do authentication via OIDC Protocol. 1. Is it possible to get PGT for mobile app authentication via OIDC? 2. Is there any other approach to solve the above scenario? Request you all to please give idea's about possible solutions to the above situation. I am sure people would have solved the above challenge. Thank you for your support and time. Best Regards Ritesh -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac5946cd9817aa4597f8c293870ad124e41f2848.camel%40uvic.ca.