On Wed, Oct 7, 2009 at 10:32 AM, David Jefferson <[email protected]>wrote:
> Well... I have read those docs several times but it has not sunk in > yet...<SIGH> > > So... If I'm starting to understand correctly... I can put aside for the > moment questions about the cookie that CAS server generates for SSO support > since I don't need to support SSO (yet) and the cookie does not come in to > play for a single client app authenticating against CAS. > The cookie *always* comes into play but the cookie is ONLY SENT between the CAS SERVER and the BROWSER. NO client sees it EVER. (caps for emphasis only) > > In the CAS 1 arch doc it discusses setting up a jsp to accept the "ticket" > attribute on the request from from CAS, and then I need to invoke the call > to validate the ticket and inspect the response. Looking at the example > given at > > > http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml > > for integrating a client app with the CAS server, it seems to imply that > the validation filter provided in the CAS client jar will handle this for > me. > > Does the validation filter do what I assume it does or do I need to > validate the ticket in my client code as described in the CAS 1 doc? > Yes, the client nicely handles everything for you! Its our gift to you ;-) > > Finally..., > > After validation the service ticket is removed from the ticket registry. > When the authenticated user tries to navigate from page A to page B CAS > client authentication filter sends a new request to CAS server, It doesn't send a request to the server, it redirects the client to the server. > CAS server verifies that the service and netid are ones that it recognizes > as current and that the user has been authenticated (if yes, how does CAS > check this?), No, it reads the session cookie, establishes than an SSO session still exists, issues a service ticket and redirects the client back to the application with the ticket appended. The service then validates the ticket. Hope that helps. Scott > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
