Hi, I have a set up where each GUI(php) call is actually a web service call to a server (Spring 2.0.1 CAS client) component. The PhP gui itself is authentication using PhPCAS. After authenthentication, each web service is a proxied call with _cas_stateless_ as user, and the PGT as password.
I see in CAS log: First web service call to the same web-service 10.90.145.5 - - [09/Oct/2009:22:26:10 +0000] "GET /cas/proxy?targetService=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spri ng_cas_security_check&pgt=TGT-3-v4BcdVSPnbXVfxGLebFNeaB3sulG1dOCHRxu4fN0msEG 9WoOVI-ttan-osx-lt.rwc.silverspringnet.com HTTP/1.1" 200 224 10.90.145.5 - - [09/Oct/2009:22:26:10 +0000] "GET /cas/proxyValidate?pgtUrl=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2FcasVe rify.jsp&ticket=ST-12-OMlY90zXETbQ9gidOj0E-midtierhost&service=https%3A%2F%2 Fmidtierhost%3A11951%2Fssn_ws%2Fj_spring_cas_security_check HTTP/1.1" 200 411 Subsequent web service call to the same web-service 10.90.145.5 - - [09/Oct/2009:22:26:49 +0000] "GET /cas/proxy?targetService=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spri ng_cas_security_check&pgt=TGT-3-v4BcdVSPnbXVfxGLebFNeaB3sulG1dOCHRxu4fN0msEG 9WoOVI-midtierhost HTTP/1.1" 200 224 10.90.145.5 - - [09/Oct/2009:22:26:49 +0000] "GET /cas/proxyValidate?pgtUrl=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2FcasVe rify.jsp&ticket=ST-13-ydObKnkhK5UZ1ivPluTj- midtierhost&service=https%3A%2F%2Fmidtierhost%3A11951%2Fssn_ws%2Fj_spring_ca s_security_check HTTP/1.1" 200 412 I expect NOT to see the subsequent calls to CAS. Is my supposition correct? I recalled reading somewhere that either the Java CAS client(3.1.3) or Spring may cache the PGT? Thanks. Theen-Theen -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
