> I am stumped with how to access the supplied netID that was used to secure an > application with CAS. I can > access this information inside a protected servlet with : > request.getRemoteUser() in java.
You mention mod_cas, which is deprecated in favor of https://wiki.jasig.org/display/CASC/mod_auth_cas, as well as servlets. The CAS client you are using determines how you will get at the authenticated username. Please clarify what client you are using and we can point you to appropriate documentation. > I think I'm missing a key piece given that I have limited experience in Web > Development. I can see from FireFox that my secured application SITE has > three cookies : > > path : /TmpAlerts -> JSESSIONID > path : /cas -> CASTGC > path : /cas -> JSESSIONID > > Can anyone provide a pointer to what I am missing ? Nothing. The CAS-related cookies are the Tomcat container session identifier (JSESSIONID) and the CASTGC cookie containing the ticket-granting ticket (i.e. SSO session token). The authenticated username is not part of standard cookies. > I have created a servlet filter, which calls the request.getRemoteUser() > method and sets a USER_ID cookie.... Is this a correct approach or is there > something inside CAS that is already canned that I should be using? If you need to provide the username to the browser, you may use either request parameters or cookies, and you took the perfectly reasonable cookie approach. There is no existing functionality in any CAS client that I'm aware of that would allow access to the username in the browser. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
