Jose,
Thanks a lot for your reply! If you don’t mind, I'd like to clarify something. You wrote: As I understand it, when you login using the login form (authentication via web browser) you get back a TGT in the cookie. But if you're being redirected from a service, and you're passing the service parameter to the login form, then you get a TGT in the cookie if you didn't have one, and you're redirected back to service with ticket (a Service Ticket - ST) being passed as a parameter. http://app/ -> redirects to http://cas/login?service=http://app/ -> upon login, TGT gets added to the cas cookie -> and user gets redirected to http://app/?ticket=ST Either your app or mod_auth_cas can validate that ST. If you access another app, say http://app2/, then you're redirected to cas but cas finds the TGT on the cookie and, if SSO is enabled, you get a ST back and a redirection to your application. http://app2/ -> redirects to http://cas/login?service=http://app/ -> TGT is found on the cas cookie -> and user gets redirected to http://app/?ticket=ST Did you mean this instead: http://app2/ -> redirects to http://cas/login?service=http://app2/ -> TGT is found on the cas cookie -> and user gets redirected to http://app2/?ticket=ST That is, if I go to http://app2/, shouldn’t I be redirected to http://cas/login?service=http://app2/ and after authentication, be redirected to http://app2/?ticket=ST instead of http://app/?ticket=ST? If that is the case, then I guess the TGT is really not tied to the service passed as a parameter to the /cas/login URL. It is only used to redirect the user to that service after authentication is complete. Is that correct? Also, when you say “if SSO is enabled”, isn’t SSO enabled by default unless the renew parameter is specified and set to true? I apologize if these seem like basic questions, but I’m really trying to get a better understanding of how CAS works. Thanks again for your reply, Pat -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
