Sweet, that makes sense. Thanks! This is probably common knowledge in
the world of web-apps, since it wasn't mentioned in the arch docs. As
helpful those docs were, through trying to understand them I think I
need to call Bosely to replant the hair I ripped out =P
Scott Battaglia wrote:
On Mon, Oct 12, 2009 at 9:15 PM, Jayson Ash <[email protected]
<mailto:[email protected]>> wrote:
<snip />
That said, since reading the other emails about the subject still
leaves me confused with the browser never sending the cookie to
the webapp but to CAS instead. How does the webapp know when to
redirect the browser to the CAS login page?
The client redirects when there is no valid user in the session for
the web application.
David Jefferson wrote:
Well... I have read those docs several times but it has not
sunk in yet...<SIGH>
So... If I'm starting to understand correctly... I can put
aside for the moment questions about the cookie that CAS
server generates for SSO support since I don't need to support
SSO (yet) and the cookie does not come in to play for a single
client app authenticating against CAS.
In the CAS 1 arch doc it discusses setting up a jsp to accept
the "ticket" attribute on the request from from CAS, and then
I need to invoke the call to validate the ticket and inspect
the response. Looking at the example given at
http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml
for integrating a client app with the CAS server, it seems to
imply that the validation filter provided in the CAS client
jar will handle this for me.
Does the validation filter do what I assume it does or do I
need to validate the ticket in my client code as described in
the CAS 1 doc?
Finally...,
After validation the service ticket is removed from the ticket
registry. When the authenticated user tries to navigate from
page A to page B CAS client authentication filter sends a new
request to CAS server, CAS server verifies that the service
and netid are ones that it recognizes as current and that the
user has been authenticated (if yes, how does CAS check
this?), CAS server generates a new service ticket, CAS sends
the new ticket back to the app service, CAS client validation
filter validates the new ticket, if all is good the user is
redirected to page B. Is this correct?
--
You are currently subscribed to [email protected]
<mailto:[email protected]> as: [email protected]
<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
