I encountered a similar problem and found a solution. I was about to create a new post when I found this thread. I had a JSON feed that required authenticated access originating from a different web app on our portal. The initial portal content was loaded by via XML/XSL (e.g. not an IFRAME). I found that from a clean browser session the first call to the JSON request (behind a CASFilter) was always getting redirected.
My solution was to acquire an old fashioned 1x1 transparent pixel and place it in my backend web application. I made sure that this pixel gif was not cached by the browser (using a NoCacheFilter) and that it was behind the CASFilter. I then modified my JavaScript so that the JSON request only runs once the pixel gif is loaded. As I understand it the call to the pixel gif establishes the SSO session between browser and the backend web application. Once the SSO session is established subsequent JSON requests will include the relevant SSO cookies (so the redirection does not happen). I hope this helps, Mark On Fri, Apr 8, 2011 at 9:40 PM, Harikrishnan R. <[email protected]> wrote: > JSONP(JSON with padding) is the solution for it.Please search for samples > in google. > > On Thu, Apr 7, 2011 at 6:44 PM, Jon Jaroker <[email protected]> wrote: >> >> We are trying to overcome cross-domain redirection issues for AJAX >> requests between a browser client and a CAS-protected resource. I was >> wondering if anyone has solved a similar problem and can recommend a >> solution. >> >> Here is the background: >> >> * We have a FrontEnd server that provides user controls to our application >> * BackEnd servers implement requests and generate data >> * The FrontEnd and BackEnd servers are on different subdomains >> * JASIG CAS is used for authentication between the FrontEnd and BackEnd >> >> On the Front End, the user can open a new browser window to display >> streaming data that is generated on one of the BackEnd servers. This data >> is SSL encrypted and must only be delivered to authenticated users. This >> data is delivered directly from one of the BackEnd servers. (We do not want >> to route it through the FrontEnd.) >> >> How should we implement the AJAX requests between the browser and the >> BackEnd server so that we can use CAS authentication without the >> cross-domain policy violations? >> >> I would greatly appreciate any pointers that experts here would have. >> >> Thank you, >> Jon >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- "Paradoxically, the more time saving abstractions you are using the more you actually have to know." - Simon Willison -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
