> There is no single token which > can give access to all the services configured against CAS.
It is correct that no single token can give _direct_ access to a service. The ticket-granting ticket is used to grant access indirectly by granting a service ticket to the service, which in turn presents it to CAS. If the service ticket validates successfully, then the user is granted access to the service. The service ticket is then typically discarded since it is single use by default. This workflow is discussed in further detail at http://www.jasig.org/cas/protocol. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
