Thanks, Marvin, I found the protocol documents which helped. I agree
with incorporating diagrams into the protocol documents and I agree
with adding more links if they help to clear up the information
already provided.
Here is a sequence diagram in as much as I understand about using CAS
with an SSO solution. In my scenario the back-end service is an LDAP
server. Client is the browser, Service is the WebApp, and Server is
the CAS Server. I'm lacking confidence that this is 100% correct.
---------- ----------- ---------- --------------------
| Client | | Service | | Server | | Back-end Service |
---------- ----------- ---------- --------------------
|Request for webpage | |
|----------->| | |
| | | |
|Redirect to login url, provides ServiceID |
|<-----------| | |
| | | |
|Request login page, sends ServiceID (and ticket granting cookie
if already logged in)
|------------------------->| |
| | | |
|redirect to requested webpage (if already logged in)
|<-------------------------| |
| | | |
|GET request with service "ticket" as parameter (if already logged in)
|----------->| | |
| | | |
|Requested webpage (if already logged in) |
|<-----------| | |
| | | |
|Login Landing Page (if not logged in) or error page
|<-------------------------| |
| | | |
|POST credentials (username and password)
|------------------------->| |
| | | |
| | |Validates Username and Password
| | |---------------->|
| | | |
| | |Validation result|
| | |<----------------|
|Error page (on fail) | |
|<-------------------------| |
|Redirect to service with service ticket (on success)
|<-------------------------| |
| | | |
|GET request for service "ticket" as parameter (on success)
|----------->| | |
|Requested webpage (on success) |
|<-----------| | |
| | | |
| | | |
| | | |
Quoting Marvin Addison <[email protected]>:
diagram that illustrates the most
current version of CAS and describes, in detail, the intricacies of
the relationships between components in a typical SSO solution
The best place for a CAS SSO workflow diagram is in the protocol
documents. I don't believe they contain a diagram currently, but I
agree that a good diagram could be helpful to augment the verbal
description of protocol interactions.
If you would like to discuss SSO workflows in general, which is what I
understand from the phrase "typical SSO solution," then that would be
out of scope of the protocol documents. I would argue that a general
discussion of SSO belongs on a general reference like Wikipedia, and
that CAS deployers need to come to the CAS wiki with this background
before diving into the details of CAS deployment. I believe a
thoughtful bibliography of links to general SSO resources would better
serve our audience on the CASUM wiki.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
