We have new portal software for our University that has been purchased and our shop wants to make it SSO with our CAS server. The only thing is that the software is so proprietary all we can do are modify pieces of it here and there. So we don't have the ability to CASify it; all we can change are little portlets like the login portlet, etc. Our idea to CASify it was going to be in the login portlet to check for the existence of the TGT cookie; if it wasn't there show them a link asking them to login. If it was there, get the TGT and use the RESTful CAS API to get a service ticket and then validate the service ticket. The portal lives on a different server at a different path. So I was successfully able to change the TGT path from server.domain.edu to just .domain.edu, but since I can't change the the TGT path our portlet can't see the cookie. I noticed that the InitialFlowSetupAction is a final class, doesn't that mean it really isn't meant to be subclassed and replaced?
I appreciate your help on this. - Ryan On Thu, Sep 17, 2009 at 8:16 AM, Scott Battaglia <[email protected]>wrote: > On Thu, Sep 17, 2009 at 10:14 AM, Ryan Andreasen <[email protected] > > wrote: > >> Thanks for your reply Scott. So it sounds like there is no way to change >> the cookie's path then, is that correct? >> > > Not unless you replace that InitialFlowSetupAction (if you want, you could > open a JIRA issue for us to expose a flag to turn off the auto-config). Is > there a particular reason you want to change the cookie path scope? > > Cheers, > Scott > > >> >> On Wed, Sep 16, 2009 at 7:29 PM, Scott Battaglia < >> [email protected]> wrote: >> >>> We actually do that on purpose because the cookie should be scoped as >>> minimally as possible so we have it set on the first request (because >>> Servlet 2.4 doesn't have the ContextPath on the ServletContext) in order to >>> do autoconfiguration (we also didn't just want to assume everyone deployed >>> to /cas). Once Servlet 2.5 is more popular (and maybe its popular enough?) >>> we can access the servlet context from within the Spring Application Context >>> and set it in the config via that, this way people can change it there if >>> they really wanted to. Our goal is to make sure its always set to the >>> proper context path. >>> >>> Cheers, >>> Scott >>> >>> >>> On Wed, Sep 16, 2009 at 6:57 PM, Ryan Andreasen < >>> [email protected]> wrote: >>> >>>> >>>> I noticed in the spring-configuration folder that there is a >>>> ticketGrantingTicketCookieGenerator.xml file. It looks like this file >>>> is >>>> used to set properties of the TGT cookie such as name, cookie age, path, >>>> and >>>> domain. >>>> >>>> I have been playing around with changing the domain & path. By changing >>>> the >>>> values in that file for the domain, CAS honors it and sure enough >>>> creates >>>> the TGT for the domain specified. However, if I change the path in the >>>> ticketGrantingTicketCookieGenerator.xml, CAS still creates the cookie >>>> with a >>>> path of "/cas", not what I specified in the xml file. I am using CAS >>>> 3.3.1. >>>> Is this desired, or a bug? It looks like there is a class >>>> "InitialFlowSetupAction" that sets the path also/instead, but I don't >>>> really >>>> see what it is doing. >>>> >>>> Any comments are GREATLY appreciated. >>>> >>>> Thanks! >>>> -- >>>> View this message in context: >>>> http://www.nabble.com/Changing-TGT-Cookie-Path-tp25482399p25482399.html >>>> Sent from the CAS Users mailing list archive at Nabble.com. >>>> >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
