It seems to me the safer was to handle this is to either enable an NTLM solution at the CAS side and then CAS enable Liferay, or to set up liferay as an OpenID provider and enable OpenID at the CAS side. Other then that you risk spoofing via the cookie data.
-Andrew On Jan 25, 2012, at 4:18 PM, Vipin Jain wrote: > Thanks Marvin. > > Is it required to have only REMOTE_USER header or any other header is fine. > > How would i configure the cookie for trust authentication. My plan is have > the NTLM authentication done on Liferay side and then create a cookie which > contains the user's name and then when anyone else accesses the CAS protected > JAVA apps then it will read the header variable and automatically login. > > If it fails to parse the cookie then it will go to CAS Login Page. > > Please let me know > > On Wed, Jan 25, 2012 at 8:12 PM, Marvin Addison <[email protected]> > wrote: > > Is it possible to have a script which can automatically login to CAS Server > > if we getting the userid in the header variable. > > Sure it's possible. This is typically called "remote user" or trust > authentication; see https://wiki.jasig.org/display/CASUM/Trusted for > more information. Warning: you MUST carefully consider the components > providing the header such that the following criteria are met: > - There is sufficient assurance that the authorized components are > the origin of the information. > - You trust the information itself. > > Failure to meet the requirements above would reduce the security > provided by CAS to incidental at best. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
