Hi, I think you had emailed me to say you got this worked out? Was that true or do you need additional assistance? Your flow/process looks exactly correct.
-Scott On Thu, Jun 18, 2009 at 1:53 PM, deanhe01 <[email protected]> wrote: > > A bit more detail: > > In my main application I am calling a SOAP service on a different server. > This service will need to validate the proxy ticket so the user will not be > forced to present their credentials again. My ideal sequence for the > process: > > User logs in > Cas authenticates > Application retrieves a proxy ticket > Application calls SOAP service passing proxy ticket > SOAP service validates proxy ticket, does its thing and returns result. > > > my auth provider is configured like this: > > <bean id="casAuthenticationProvider" > > class="org.springframework.security.providers.cas.CasAuthenticationProvider"> > <sec:custom-authentication-provider /> > <property name="userDetailsService" ref="NOAUserDetailsService"/> > <property name="serviceProperties" ref="serviceProperties" /> > <property name="ticketValidator"> > <bean > class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> > <constructor-arg index="0" value="https://<my cas > server> /> > <property name="proxyGrantingTicketStorage" > ref="proxyGrantingTicketStorage" /> > <property name="proxyCallbackUrl" > value="https:myapp/secure/receptor" /> > </bean> > </property> > <property name="key" value="an_id_for_this_auth_provider_only"/> > </bean> > > > > > deanhe01 wrote: > > > > I have an application that needs to access another service, without > asking > > the user for their credentials again. Perfect for the CAS proxy ticket. > > After finding a fairly good high-level explanation of the CAS proxy on > the > > wiki > > > > http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough > > > > Clear, concise, and I couldn't get it to work with URL manipulation. > > After flailing around a bit I configured a servlet attached to my > > proxyCallbackUrl that does the following: > > > > ApplicationContext context = > > WebApplicationContextUtils.getWebApplicationContext(getServletContext()); > > ProxyGrantingTicketStorage proxyTicketStorage = > > (ProxyGrantingTicketStorage) context.getBean(proxyGrantingStorageBean); > > CommonUtils.readAndRespondToProxyReceptorRequest(request, response, > > proxyTicketStorage); > > > > In my application I can do the following: > > > > CasAuthenticationToken p = (CasAuthenticationToken) > > request.getUserPrincipal(); > > String pt = p.getAssertion().getPrincipal().getProxyTicketFor("blorf"); > > > > To validate the ticket I construct a url of the form https://<my cas > > server>/proxyValidate?service=<target service>&ticket=<ticket returned > > from getProxyTicketFor()> > > > > This works but, I don't like it. Is there a "best practice" for > > retrieving the proxy ticket? > > > > Thanks in advance > > > > Dean > > > > > > > > > > > > > > > > > > -- > View this message in context: > http://www.nabble.com/BestPractice-Pattern--for-CAS-Proxy-Ticket-Generation--tp24095305p24095357.html > Sent from the CAS Users mailing list archive at Nabble.com. > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
