Actually, the CAS client does NOT validate the ticket on each request. Tickets can actually each only be validated once, as per the CAS specification. Instead, the CAS filter validates the ticket ONCE and then stores the result of the successful validation information in the user's session. Subsequent requests will simply use the information now stored in the session, so the CAS server is not needed after initial ticket validation.
-Nathan From: Nicolas Geraud <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Wednesday, August 22, 2012 10:44 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [cas-user] Validation Filter and effective validation hi all, there is something that I don't understand in the CAS authentication workflow. my webapp is protected via web.xml filters. The SSO works well because i can display request.getRemoteUser() on the client side. But after that, if i stop the cas server, nothing appear on the client side and I could refresh my client application without any error. Is it normal? I thought I understood that the client application validate the ticket on each request. When I look at source code I can see in AbstractTicketValidationFilter.doFilter the code below : if (CommonUtils.isNotBlank(ticket)) { //validate the ticket } else filterChain.doFilter ... So do I understand that my ticket is blank ? -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
