We are trying to overcome cross-domain redirection issues for AJAX requests
between a browser client and a CAS-protected resource. I was wondering if
anyone has solved a similar problem and can recommend a solution.
Here is the background:
* We have a FrontEnd server that provides user controls to our application
* BackEnd servers implement requests and generate data
* The FrontEnd and BackEnd servers are on different subdomains
* JASIG CAS is used for authentication between the FrontEnd and BackEnd
On the Front End, the user can open a new browser window to display streaming
data that is generated on one of the BackEnd servers. This data is SSL
encrypted and must only be delivered to authenticated users. This data is
delivered directly from one of the BackEnd servers. (We do not want to route
it through the FrontEnd.)
How should we implement the AJAX requests between the browser and the BackEnd
server so that we can use CAS authentication without the cross-domain policy
violations?
I would greatly appreciate any pointers that experts here would have.
Thank you,
Jon
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
