I have no idea if these would work, but this are things that I would try, since they should work "in principle".
If you homebrewed identity service is cas-protected, you could try the following: 1) When launching the game, pass in the TGT as one of the parameters. This could be found in the CASTGC cookie. Unfortunately, I'm not sure that the javascript security model will let you get at that cookie (perhaps it would if it was javascript running form a page within the path of the cookie). 2) The game will then do a POST to the CAS RESTful endpoint (see https://wiki.jasig.org/display/CASUM/RESTful+API) POST /cas/v1/tickets/{TGT id} HTTP/1.0 service={form encoded parameter for the service url} 3) Retrieve the ST that is returned and use it to access your homebrewed service with ?ticket=<ST> Other approach to try: Inside the browser application, do a get to the cas login uri with "gateway=true". Intercept the 302 redirect and pull of the "ticket=" parameter. Something like this: https://server/cas/login?service=http%3A%2F%2Fwww.service.com&gateway=true Pass that to your game to use a the service ticket. David Ohsie EMC Corporation -----Original Message----- From: Rex Posadas [mailto:[email protected]] Sent: Wednesday, February 29, 2012 12:27 PM To: [email protected] Subject: RE: [cas-user] Launching a stand-alone application from a web page Hi All, I haven't been able to solve this issue. If SSO can't happen with a standalone application, then can someone suggest a workaround? Thanks in advance. Rex -----Original Message----- From: Rex Posadas Sent: Monday, February 27, 2012 9:38 AM To: [email protected] Subject: RE: [cas-user] Launching a stand-alone application from a web page Hi Andrew, The application calls a webservice to validate the user's username and password. This webservice is not a REST call to CAS, but a REST call to a homebrewed identity service. The application sends credentials to the homebrewed service which returns user data on success and a fail message on an error. Thanks, Rex -----Original Message----- From: Andrew Petro [mailto:[email protected]] Sent: Monday, February 27, 2012 6:01 AM To: [email protected] Subject: Re: [cas-user] Launching a stand-alone application from a web page Rex, What happens in step 3? Does the application running on the user's desktop validate that password against some service on the Web? Does it do this merely to "unlock itself" and allow the user to exercise it, or does it do this to, say, authenticate to some web services to get data to include in the game experience? Kind regards, Andrew On Feb 26, 2012, at 12:48 PM, Rex Posadas wrote: > I'm not sure what you mean by "authenticate locally". Did you mean that > he needs to be at the right machine in order to play the game. If so, > the answer is "no". > > The current flow is: > 1) User logs into the website. > 2) User launches the game via a button. > 3) User re-enters his username and password > 4) user plays the game. > > > I want to get rid of step 3 and have the player start playing the game > right after step 2. > > Sorry if I didn't answer your question. > > -----Original Message----- > From: Dmitriy Kopylenko [mailto:[email protected]] > Sent: Friday, February 24, 2012 4:52 PM > To: [email protected] > Subject: Re: [cas-user] Launching a stand-alone application from a web > page > > Does the exe executable require user to authenticate locally? > > Dmitriy. > > Sent from my iPhone > > On Feb 24, 2012, at 18:44, Rex Posadas <[email protected]> > wrote: > >> The standalone application is a game which is launched via an exe > file. >> The exe file resides in the user's machine. >> >> The application is launched via a link in the browser. We associate > the >> EXE with a MIME Content Type and when the user clicks it, it will >> launch. >> >> We can pass arguments to the link just like any html link. >> >> -----Original Message----- >> From: Andrew Petro [mailto:[email protected]] >> Sent: Friday, February 24, 2012 3:04 PM >> To: [email protected] >> Subject: Re: [cas-user] Launching a stand-alone application from a web >> page >> >> What's the nature of the standalone application? How are you > launching >> it from the browser? >> >> On Feb 24, 2012, at 5:57 PM, Rex Posadas wrote: >> >>> Hi to all, >>> >>> I have a standalone application which requires authentication. I want >> to >>> be able to start this application from a web browser without > requiring >>> the user to RE-ENTER his credentials. >>> >>> Here are the steps that I would like to implement. >>> >>> 1) User logs in via a website. Authentication is handled by CAS. >>> 2) On success the user is taken to a page with a "Play" button. He is >>> now logged in to the website. >>> 3) User clicks the "Play" button and the standalone application is >>> launched with him already logged in to the application. >>> >>> >>> Is this possible? >>> >>> I know how to launch the application, but how can I launch the >>> application and not have to force the user to re-authenticate? >>> >>> >>> Thanks, >>> >>> Rex -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
