Hi Rhett, Thanks a lot again for your answer. I was thinking of similar implementation, but I did not use PGTs at all.
To be very honest, the concept of Proxy Granting Ticket is little hazy to me. Here is how I have my prototype configured and I plan on using the same in PROD. Please let me know if you think I am missing something important here. I configured the client to use the following filters in the order listed here org.jasig.cas.client.session.SingleSignOutFilter (and its listener) org.jasig.cas.client.authentication.AuthenticationFilter org.jasig.cas.client.validation.Cas10TicketValidationFilter org.jasig.cas.client.util.HttpServletRequestWrapperFilter So the only tickets I will ever request from the CAS server is TGT and ST. No proxy tickets. I only plan on authenticating to java web applications. All HTTP requests. Its almost like, I have APP1, APP2 and APP3. User can chose to access any one of these and from there he will have links to jump between apps. In same browser window(and/or child windows) He closes the window, end of authenticated session. Did I miss anything important here? Please let me know. My plan for implementing the original session timeout thing is as explained below. I set the CAS TGT to time out in 20 mins each of my APPS will also have 20 mins time out. I will add a timestamp to the Assertion object that the client filter uses from session. I will add an additional URI to CAS server web appp like "/cas/refreshtgt" This will be mapped to a Handler (A new one) inside which I will just invoke the TicketGrantingTicketImpl.updateState() In the client filter, I will check if the Assertion is older than 17 minutes or so. The 17 mins can be configurable If it is, then I will make a redirect to CAS server "/cas/refreshtgt" to update the TGT state. The "/cas/refreshtgt" will ultimately redirect back to the original service which will be passed in the URL as "?service=http://myclient.com/fourthpage.jsp"; If this is the same design you are thinking of, Since you said you completed only the first part, I can share any parts of my code with you if you need it. Thank you, Madhavi -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
