If you want a web application to access other services on behalf of the user then you should be using CAS's proxy authentication methods.
Are you familiar with those at all? If not, I can find the appropriate documents. Cheers, Scott On Tue, Mar 29, 2011 at 12:05 PM, Eric Turley <[email protected]>wrote: > Sorry, I’m not understanding clearly what you’re saying. (Or, possibly, I’m > not properly explaining what I’m trying to say) > > > > More concretely, the two Clients in my “diagram” are both using ReST calls > to the Webapp. So neither is actually a browser. I’m not sure if that was a > misunderstanding. Does that change anything? > > > > And, tho you don’t support it, can the Webapp get the TGT and pass it > around to Clients to be re-used for authentication without the user having > to provide credentials again? (Or do you mean to say, “We don’t support > this; you’re on your own”? Which is perfectly valid, just asking.) > > > > > > *From:* Scott Battaglia [mailto:[email protected]] > *Sent:* Monday, March 28, 2011 8:46 PM > *To:* [email protected] > *Subject:* Re: [cas-user] SSO and CAS ReST API setup > *Importance:* High > > > > The CAS Restful API does not support User-Agent (i.e. browser) single sign > on. We do not support another application passing credentials to the CAS > server. > > > > On Mon, Mar 28, 2011 at 10:50 AM, Eric Turley < > [email protected]> wrote: > > I want to use the CAS ReST API in a way that supports SSO. > The setup we have is not ideal, but I want to try to support it as is for > the moment. > Our scenario is as follows: > 1. Client1 makes an authz call (including username/password credentials) to > Webapp, which makes an auth ReST call to CAS ( > http://localhost:9010/cas/v1/tickets), acquiring the TGT. > 2. I'd like Client1 to pass the TGT to Client2 so it can ... > 3. Client2 makes ReST calls to the WebApp (for whatever it needs), passing > the TGT. Internally, Webapp will use that to authenticate Client2 with CAS. > > +---+ > |CAS| > +---+------+------+ > |WebApp| > '------+ > 1 Auth/ \3 Auth > / \w/TGT > / -> \ > +-------+ 2 Pass TGT +-------+ > |Client1|------------|Client2| > +-------+ +-------+ > > I'm really pretty confused about CAS, so likely, I'm going about this all > wrong. Please advise. :) > (Tho, I'm limited by the public API in use by the WebApp clients.) > > > > Eric Turley | Sr. Platform Engineer | UTV Ignition Games > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
