My comments below. Thanks! javier On Tue, 2012-07-10 at 14:20 -0400, William G. Thompson, Jr. wrote:
> On Tue, Jul 10, 2012 at 1:52 PM, Javier Fradiletti <[email protected]> > wrote: > > Two more things. Sorry for the too-many-questions but I'm new in the > > community and evaluating CAS to be strongly used as part of our production > > environment. > > > > 1.- CAS versions 4 and 5: > > What does the community thinks about CAS versions 4 and 5? Maturity? Just > > transition releases to achieve the mentioned "multi-protocol" support? > > Just to know if it worth to give it a look and try them. > > The latest production release of CAS is 3.5. You'll want to start > there. It has support for CAS, some SAML, and OAuth already. Got it. > > > > 2.- RESTful support > > Trying to setup RESTful authentication on mu CAS server and followed this > > page instructions: > > https://wiki.jasig.org/display/CASUM/RESTful+API > > What's your use case for the REST API? I want it to be used for both: 1.- JS client applications who eventually will obtain a ticket grant through login page and store it "somewhere" and pass it through on every subsequent REST API call to security-enforced resources. 2.- Generic clients who will authenticate through REST API and again, pass ticket through on every subsequent REST API call to security-enforced resources. On both scenarios, you can see RESTful services are going to ONLY validate if request call is already authenticated, otherwise fail. Assuming an additional leg from the secured services to CAS farm for doing that...just like you would do when using OAuth authorization (i know this is only authentication). > > Best, > Bill > > > > > > Using Python example, I am been wrongly redirected to site root instead of > > the protected resource itself. My "hello world cassified" application is > > working fine when used from an internet browser. > > > > send: 'GET /HelloWorld/ HTTP/1.1\r\nAccept-Encoding: identity\r\nHost: > > localhost:8080\r\nCookie: > > JSESSIONID=6DB6E2D7FC25217510FACB357C2F25FB\r\nConnection: > > close\r\nUser-Agent: Python-urllib/2.7\r\n\r\n' > > reply: 'HTTP/1.1 403 Forbidden\r\n' > > > > Rgds, > > > > javier > > > > > > > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
