A bit more detail:
In my main application I am calling a SOAP service on a different server.
This service will need to validate the proxy ticket so the user will not be
forced to present their credentials again. My ideal sequence for the
process:
User logs in
Cas authenticates
Application retrieves a proxy ticket
Application calls SOAP service passing proxy ticket
SOAP service validates proxy ticket, does its thing and returns result.
my auth provider is configured like this:
<bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<sec:custom-authentication-provider />
<property name="userDetailsService" ref="NOAUserDetailsService"/>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://<my cas
server> />
<property name="proxyGrantingTicketStorage"
ref="proxyGrantingTicketStorage" />
<property name="proxyCallbackUrl"
value="https:myapp/secure/receptor" />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>
deanhe01 wrote:
>
> I have an application that needs to access another service, without asking
> the user for their credentials again. Perfect for the CAS proxy ticket.
> After finding a fairly good high-level explanation of the CAS proxy on the
> wiki
>
> http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough
>
> Clear, concise, and I couldn't get it to work with URL manipulation.
> After flailing around a bit I configured a servlet attached to my
> proxyCallbackUrl that does the following:
>
> ApplicationContext context =
> WebApplicationContextUtils.getWebApplicationContext(getServletContext());
> ProxyGrantingTicketStorage proxyTicketStorage =
> (ProxyGrantingTicketStorage) context.getBean(proxyGrantingStorageBean);
> CommonUtils.readAndRespondToProxyReceptorRequest(request, response,
> proxyTicketStorage);
>
> In my application I can do the following:
>
> CasAuthenticationToken p = (CasAuthenticationToken)
> request.getUserPrincipal();
> String pt = p.getAssertion().getPrincipal().getProxyTicketFor("blorf");
>
> To validate the ticket I construct a url of the form https://<my cas
> server>/proxyValidate?service=<target service>&ticket=<ticket returned
> from getProxyTicketFor()>
>
> This works but, I don't like it. Is there a "best practice" for
> retrieving the proxy ticket?
>
> Thanks in advance
>
> Dean
>
>
>
>
>
>
>
>
--
View this message in context:
http://www.nabble.com/BestPractice-Pattern--for-CAS-Proxy-Ticket-Generation--tp24095305p24095357.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
