Are you validating the proxy ticket in the same ticket that requested it? The target service should be validating it (and it can use the CAS client to do so).
On Thu, Jun 18, 2009 at 1:23 PM, Scott Battaglia <[email protected]>wrote: > I'm not exactly sure what you're doing here. You appear to have > re-implemented the logic in the CAS client. > > > > On Thu, Jun 18, 2009 at 12:24 PM, deanhe01 <[email protected]>wrote: > >> >> I have an application that needs to access another service, without asking >> the user for their credentials again. Perfect for the CAS proxy ticket. >> After finding a fairly good high-level explanation of the CAS proxy on the >> wiki >> >> http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough >> >> Clear, concise, and I couldn't get it to work with URL manipulation. >> After >> flailing around a bit I configured a servlet attached to my >> proxyCallbackUrl >> that does the following: >> >> ApplicationContext context = >> WebApplicationContextUtils.getWebApplicationContext(getServletContext()); >> ProxyGrantingTicketStorage proxyTicketStorage = >> (ProxyGrantingTicketStorage) context.getBean(proxyGrantingStorageBean); >> CommonUtils.readAndRespondToProxyReceptorRequest(request, response, >> proxyTicketStorage); >> >> In my application I can do the following: >> >> CasAuthenticationToken p = (CasAuthenticationToken) >> request.getUserPrincipal(); >> String pt = p.getAssertion().getPrincipal().getProxyTicketFor("blorf"); >> >> To validate the ticket I construct a url of the form https://<my cas >> server>/proxyValidate?service=<target service>&ticket=<ticket returned >> from >> getProxyTicketFor()> >> >> This works but, I don't like it. Is there a "best practice" for >> retrieving >> the proxy ticket? >> >> Thanks in advance >> >> Dean >> >> >> >> >> >> >> >> -- >> View this message in context: >> http://www.nabble.com/BestPractice-Pattern--for-CAS-Proxy-Ticket-Generation--tp24095305p24095305.html >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
