Hello,
Other option would be to let CAS issue TGC as signed JWT and then using
that JWT in API calls. API can issue ST for itself on the fly.
However this lets the API to completely impersonate the original user...
so it has some caveats on its own.
Better to use what Ray suggested, if you can.
Some other thing that comes to mind is to employ OIDC with password
grant. Your app can issue itself a signed JWT token. This token will be
your authentication to the API. If you do it right, the API can validate
the JWT even without contacting the CAS server on every request.
Cheers,
Fiisch
On 11/29/2022 03:26 AM, Ray Bon wrote:
Michael,
The ST gets sent to the API endpoint. The cas client that is in that
application will know how to handle it.
Ray
On Mon, 2022-11-28 at 20:20 +0000, Michael Remijan wrote:
Notice: This message was sent from outside the University of Victoria
email system. Please be cautious with links and sensitive information.
I looked at the REST-Protocol and it looks interesting.
I don’t know the CAS instance I’ll be using has this available, but
that’s a separate issue.
Looking at the REST-Protocol documentation, it seem like first you
get a Ticket Granting Ticket, then you use that to get a Service
Ticket, and then after you have the Service Ticket you are able to
call the service? I didn’t see any example of what to do with the
Service Ticket once you have it.
Thanks!
*From:*Petr Fišer <petr.fiser...@gmail.com>
*Sent:* Wednesday, November 23, 2022 1:27 AM
*To:* cas-user@apereo.org; Michael Remijan <mjremi...@live.com>
*Subject:* Re: [cas-user] CAS Client help
Hello,
It is probably better to use this
https://apereo.github.io/cas/6.6.x/protocol/REST-Protocol.html
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas%2F6.6.x%2Fprotocol%2FREST-Protocol.html&data=05%7C01%7C%7C84d3290b16a542b292a808dacd23b15c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638047850430666439%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zVpEXj5OA1BfUDkhKg2KbHTjy98o3wXfRYEqLJhtm7k%3D&reserved=0>
.
Cheers,
Fiisch
On 11/22/2022 10:48 PM, Michael Remijan wrote:
Hello user community,
I am looking for some information on a CAS client and I haven’t been
able to find it anywhere online.
All CAS Client references I’ve find have been for configuring a Web
App so that user login integrates with CAS for authentication.
Unfortunately, this is not what I need.
I have an REST API endpoint I need to integrate with in a
headless/background process kind of way. Basic data integration
stuff…periodically call the API throughout the day, get the data,
process data. So I need an example of this kind of
integration…having a background process pass the CAS authentication
server what it needs to authenticate the request in a
non-interactive, headless manner so my process can integrate with a
REST API.
Any examples like this exist? Any help would be appreciated.
Mike
--
- Website: https://apereo.github.io/cas
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=05%7C01%7C%7C84d3290b16a542b292a808dacd23b15c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638047850430666439%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=DQFJYd9Luy%2FzmxI7%2BvnQE7fLHO%2FO73FL7bAxZZFVRF8%3D&reserved=0>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=05%7C01%7C%7C84d3290b16a542b292a808dacd23b15c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638047850430666439%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TPOE8pbDnyzjmu7LahBebqX9aZFmKB%2BwkfYypt3gEqY%3D&reserved=0>
- List Guidelines: https://goo.gl/1VRrw7
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=05%7C01%7C%7C84d3290b16a542b292a808dacd23b15c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638047850430666439%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jT2nlwapf5X5h%2FmhgOc8Y2Ghy%2FqDNbqjmHOU0TfTUBU%3D&reserved=0>
- Contributions: https://goo.gl/mh7qDG
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=05%7C01%7C%7C84d3290b16a542b292a808dacd23b15c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638047850430666439%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xkEOKJDtTJ3j4KacUinEQ9rdNX1sEc0GX4So690yGsw%3D&reserved=0>
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email tocas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM6PR06MB48902D25FA770FA95065FDB3D20D9%40DM6PR06MB4890.namprd06.prod.outlook.com
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FDM6PR06MB48902D25FA770FA95065FDB3D20D9%2540DM6PR06MB4890.namprd06.prod.outlook.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7C%7C84d3290b16a542b292a808dacd23b15c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638047850430666439%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YgYk2Q6%2FLV3rZhZK17mhBoxfMP1T5PlwiqkHd8KDyg0%3D&reserved=0>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8260f71d-2ad2-3f6f-6b83-774db3cb2e2d%40gmail.com.