Hi Kevin, I sure hope it's not possible for applications other than CAS to set (and read) the ticket granting cookie. That would be a problem, since anything in possession of the end user's ticket granting ticket can log in as the user to CAS-using relying parties.
So, yes, you can get a TGT via the restful API. And no, you can't set that TGT as a cookie that will then afford single sign-on through the CAS login screen. Unless, I suppose, you're writing a powerful enough plugin to a web browser or the like. If you want the user to experience single sign-on through the CAS login screen, that is, to have a single sign-on session with CAS, then you'll need CAS to set that ticket granting ticket into the ticket granting cookie. (A more typical use of the restful API might be for non-human principals to obtain CAS tickets to access services as themselves, or for human principals to interact with CAS by means of a fat client application that wanted to validate credentials against the CAS server or to access CAS-using relying parties as the user.) (For instance, I was involved in a proof of concept once upon a time of making Sakai validate credentials against CAS, such that when Sakai is accessed in a web browser, it's simply CASified, but when a user accesses a non-web-based modality of accessing Sakai, such as via WebDAV mount of the file shares associated with Sakai worksites, the enterprise username and password would work, with Sakai validating it against CAS. This had some interesting tradeoffs vs Sakai validating it directly against, say, LDAP, in that it benefited from whatever abstractions CAS was providing, perhaps validating passwords across multiple backing stores.) Maybe this would be an interesting conversation: what are you trying to do with the restful API? Kind regards, Andrew On Feb 24, 2012, at 4:27 PM, Krzewinski, Kevin R wrote: > Hi, > > I’ve read the documentation on using the restful API to get a TGT. But is it > possible to set the ticket granting cookie without going to the login page? > Can someone point me to some documentation? > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
