Anthony, CAS is based off of Kerberos, which uses a one-time use ticket similar to CAS service tickets to attempts to authenticate Alice to Bob by way of a trusted third party. These tickets are one-time use because if someone was able to intercept the ticket, they would be able to gain access to an application as the user the ticket was actually destined for. Since CAS works this way, the user and service trust CAS and CAS arranges introductions are necessary.
While it is possible to change this behavior of CAS, I doubt anyone will fess up about it as it is an incredibly bad practice similar to not using HTTPS for shopping carts and logging into secure web services. HTH, A- On 7/20/09 1:34 PM, "Anthony R. J. Ball" <[email protected]> wrote: > > It seems somewhat ridiculous to me to have a redirect to CAS, have > CAS redirect a service ticket back to the app, than have the app talk > to CAS in the background to validate the service ticket. Why can't you > just have a base ticket that allows you to just do the single backend > lookup and store that in a local cookie? Or can you? > > I did read about login caching, but that just seems like a band-aid > solution skirting the real issue. -- Andrew Feller, Business System Programmer LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
