If the ClickOnce apps launch is always predicated on a visit to a CAS protected web site, then I don't see any reason that SSO behavior from the ClickOnce App to another URL (including another ClickOnce app) would not work as expected.
Bill On Thu, May 27, 2010 at 8:31 PM, Scott M. Holodak <[email protected]> wrote: > Hi, > > There is proof of concept code in the svn trunk on DotNetCasClient. See the > DotNetCasProxyDemoApp and > ExampleWebSite\Restricted\UsersOrAdministratorsRoleOnly. > > Your ClickOnce app needs to be configured to accept arguments from the URL. > In your web app, you ask the CAS server for a proxy ticket for with the > ClickOnce URL as the service. You pass the proxy ticket into the ClickOnce > app by passing it in the URL. The ClickOnce app extracts the proxy ticket > and validates it against the CAS server. I think the sample code passed some > configuration stuff into the app for convenience, but I can't remember > > It's pretty complicated to get your environment configured correctly & very > difficult to troubleshoot. I think my problems boiled down to SSL issues and > a few URL-related problems. Make sure you're using FQDN's everywhere and > that your certificates or CA certs are trusted by Windows, the CAS server, > etc.. The proxy ticket callback will fail if the CAS server doesn't trust > your web app's SSL certificate. > > You can get SSO from the web app into the ClickOnce app, but the opposite > direction is a little more difficult (impossible?). I can't remember if we > brainstormed a solution. Search the lists for ClickOnce to see the last > discussion about this for more details. That was what inspired adding the > ClickOnce demo app to the DotNetCasClient code. > > -ScottH > >> -----Original Message----- >> From: Balendran Thavarajah >> [mailto:[email protected]] >> Sent: Thursday, May 27, 2010 6:20 PM >> To: [email protected] >> Subject: RE: [cas-user] Does CAS offer SSO between web applications AND >> a .NET fat client deployed with click once ? >> >> Damien, >> I think you will have difficulties if CAS can't forward the user to the >> application. I am not sure how cas will do redirects etc. >> >> Cheers >> >> -----Original Message----- >> From: Damien Azambourg [mailto:[email protected]] >> Sent: Monday, 15 March 2010 7:56 PM >> To: [email protected] >> Subject: [cas-user] Does CAS offer SSO between web applications AND a >> .NET fat client deployed with click once ? >> >> Hello, >> >> We would like to know if CAS is able to offer a SSO between, in one >> hand, web applications (J2EE, .NET) and, in the other end, .NET fat >> client deployed with Click.Once of Microsoft and launched from a >> browser. >> >> Currently, the .NET fat client shows a form in the GUI of the fat >> client and communicates a login/pwd to IIS. >> >> In fact, we don't know how to do SSO between theses two worlds (thin >> clients and fat clients) and we are hoping CAS can do it. >> >> Thanks and Regards, >> >> Damien >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see http://www.ja- >> sig.org/wiki/display/JSG/cas-user >> >> ______________________________________________________________________ >> This email has been scanned by the MessageLabs Email Security System. >> For more information please visit http://www.messagelabs.com/email >> ______________________________________________________________________ >> >> ______________________________________________________________________ >> This email has been scanned by the MessageLabs Email Security System. >> For more information please visit http://www.messagelabs.com/email >> ______________________________________________________________________ >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see http://www.ja- >> sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
