Ok. Cool. I'm not sure I understand what that Play button's link's URL really looks like, but let's say it's
<a href="playgame://coolgame.exe">Play</a> And you say you can pass a parameter to it. Cool. So, you might do something like: <a href="playgame://coolgame.exe?ticket=ST-123-5897349743789345897">Play</a> that is, obtain a CAS service ticket and put it on the URL. In fact, you could do this: <a href="https://cas.gazillion.com/login?service=playgame://coolgame.exe";>Play</a> and then when the user clicks that, they go to CAS, CAS either prompts for login or determine that they have a perfectly fine single sign on session, and redirects to playgame://coolgame.exe?ticket=ST-123-5897349743789345897 And then in your .exe, you'd read that parameter and make a https:// request to your CAS server's /serviceValidate to validate the ticket. And you'd get back the username in the CAS ticket validation response. And so, I suppose the application could then consider the user "logged in". However. The end user can, of course, trivially adjust their environment to forge the CAS server response as perceived by that .exe running in their local environment. I suppose your application could (and should) validate the SSL cert of the CAS server it validates tickets against, and depending on how you did that, that could make it seriously inconvenient to fake out your application's validation of the service ticket, but really, as they like to say, physical access is root access. With enough determination, one can convince an application running locally of anything -- of course, that doesn't mean access to anything out on the web. What was the goal of logging the user in to the local application? What's the application going to do with that login information? Greet the user by name? Turn around and access other services out on the web? (In which case maybe you want to be doing OAuth?) On Feb 24, 2012, at 6:44 PM, Rex Posadas wrote: > The standalone application is a game which is launched via an exe file. > The exe file resides in the user's machine. > > The application is launched via a link in the browser. We associate the > EXE with a MIME Content Type and when the user clicks it, it will > launch. > > We can pass arguments to the link just like any html link. > > -----Original Message----- > From: Andrew Petro [mailto:[email protected]] > Sent: Friday, February 24, 2012 3:04 PM > To: [email protected] > Subject: Re: [cas-user] Launching a stand-alone application from a web > page > > What's the nature of the standalone application? How are you launching > it from the browser? > > On Feb 24, 2012, at 5:57 PM, Rex Posadas wrote: > >> Hi to all, >> >> I have a standalone application which requires authentication. I want > to >> be able to start this application from a web browser without requiring >> the user to RE-ENTER his credentials. >> >> Here are the steps that I would like to implement. >> >> 1) User logs in via a website. Authentication is handled by CAS. >> 2) On success the user is taken to a page with a "Play" button. He is >> now logged in to the website. >> 3) User clicks the "Play" button and the standalone application is >> launched with him already logged in to the application. >> >> >> Is this possible? >> >> I know how to launch the application, but how can I launch the >> application and not have to force the user to re-authenticate? >> >> >> Thanks, >> >> Rex >> >> -- >> You are currently subscribed to [email protected] as: > [email protected] >> To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
