-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Guimaraes, Patricia (NIH/NLM) [C] escribió: > By credentials, do you mean either the username and password, or the TGT? > Because the username and password are passed only once. After that, only
I mean, if the TGT is not stored anywhere and you need to access a service that you didn't access before and you don't have an ST for, you'll get asked for username/password again (or the ST won't validate for the second service if you're not using the login form) > the TGT is passed to the Authentication Web Service so a service ticket can > be obtained. In my view, that's essentially the same thing that happens > when authentication is done via the web browser, except that in the case > of the web browser, it happens transparently to the user, and in the case > of the web service client, the client needs to get a service ticket every > time. Yes, I do agree with you, I'm basically fine with doing it that way, my RESTful calls are using HTTPS and I'm not storing the TGT anywhere (you could argue it's safer) and it's also transparent for my users. My middleware does authorization as well as password policy checks for the objects in LDAP, since I haven't been able to setup the password policy handler for CAS. If I were just using the login form I couldn't have this, but I agree this is my particular scenario and not the CAS universal scenario where it excels. As soon as I get consumable error messages with semantics related to the password policy and SAML with user attributes working, I think the road is ready for browser-only CAS for me in new deployments. - -- José Miguel Parrella Romero (bureado.com.ve) PGP: 0×88D4B7DF Debian Developer Caracas, VE/Quito, EC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJL4vzSAAoJEMAyQqmI1Lff0rEP/3oXBipFsTg1q5og+qOZJuI4 bUOCOYVVPiZI3KJ/YRUWqtmBBZMODHVnuxZbb9R7uNv3iVswYBgCt7GLxycM2kRG QrQVRVBQ5h2ex+rsB1nfDqr+1r9kfnEGSTQ7xl3qc77R07M5Rz4uVbkOGFIeT//s IQpNI6UNDInDAOZMxVsrbUfclDNQ2QtzS0K7F84kciW4/cq8Ju6/RsWUfKslXFk/ V6/22Df0HdbzM3/D5nHnlT4E9AUwTjh5yY7tNHxEZ8Bg6tBVseoeBfJ3D4f3aX60 EdFeza4BbyFkbSRf6/im+oGq/XH1gc0zI1T3hr0vQu1Cnnyu0MTeG/UVAiLbTyii PoYuC3rxF1cXCxZ13HuA4pUdOWT5ssMXxgqf8X035tQLqFNadlcfCaIX2IyIA0gU GdEmebW9BIM8mgY0mnno024zOWERRf/GAE8gQk/kjq2eZLF+TCbAr4tNmWfpSVUQ oIUvCdLxXRLGoI3YQH4yUTIU1AKICrw8aFAUa39LW0hUvPTFyBSooyxL/3QHXjq4 wthu9pNbK6E/LFgu2iHc5/ftqHCmI/IqSR8rMw2m813grztA1B2MWk4BEloBOaWf qIWoBtx7Azj9gaWcsBjVz2sZN0w4gxVWu8FgnSVUwe+atD9CR7fFJC0UVySQG3lm eGdTKA03OEXSmtlQ5N+s =uvfb -----END PGP SIGNATURE----- -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
