Hi, There is proof of concept code in the svn trunk on DotNetCasClient. See the DotNetCasProxyDemoApp and ExampleWebSite\Restricted\UsersOrAdministratorsRoleOnly.
Your ClickOnce app needs to be configured to accept arguments from the URL. In your web app, you ask the CAS server for a proxy ticket for with the ClickOnce URL as the service. You pass the proxy ticket into the ClickOnce app by passing it in the URL. The ClickOnce app extracts the proxy ticket and validates it against the CAS server. I think the sample code passed some configuration stuff into the app for convenience, but I can't remember It's pretty complicated to get your environment configured correctly & very difficult to troubleshoot. I think my problems boiled down to SSL issues and a few URL-related problems. Make sure you're using FQDN's everywhere and that your certificates or CA certs are trusted by Windows, the CAS server, etc.. The proxy ticket callback will fail if the CAS server doesn't trust your web app's SSL certificate. You can get SSO from the web app into the ClickOnce app, but the opposite direction is a little more difficult (impossible?). I can't remember if we brainstormed a solution. Search the lists for ClickOnce to see the last discussion about this for more details. That was what inspired adding the ClickOnce demo app to the DotNetCasClient code. -ScottH > -----Original Message----- > From: Balendran Thavarajah > [mailto:[email protected]] > Sent: Thursday, May 27, 2010 6:20 PM > To: [email protected] > Subject: RE: [cas-user] Does CAS offer SSO between web applications AND > a .NET fat client deployed with click once ? > > Damien, > I think you will have difficulties if CAS can't forward the user to the > application. I am not sure how cas will do redirects etc. > > Cheers > > -----Original Message----- > From: Damien Azambourg [mailto:[email protected]] > Sent: Monday, 15 March 2010 7:56 PM > To: [email protected] > Subject: [cas-user] Does CAS offer SSO between web applications AND a > .NET fat client deployed with click once ? > > Hello, > > We would like to know if CAS is able to offer a SSO between, in one > hand, web applications (J2EE, .NET) and, in the other end, .NET fat > client deployed with Click.Once of Microsoft and launched from a > browser. > > Currently, the .NET fat client shows a form in the GUI of the fat > client and communicates a login/pwd to IIS. > > In fact, we don't know how to do SSO between theses two worlds (thin > clients and fat clients) and we are hoping CAS can do it. > > Thanks and Regards, > > Damien > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see http://www.ja- > sig.org/wiki/display/JSG/cas-user > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see http://www.ja- > sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
