The example in https://wiki.jasig.org/display/CASUM/RESTful+API shows that
username and password is needed to call cas to generate TGT. In our case, the
user is already logged in in our own application. Can we not pass the password
to the CAS server, since the user is already authenticated in our application.
The second question is that can we append the generated ST to service url only
we need to go through cas? We only need to check with cas for a few service
calls. The majority requests in our application does not need to go through cas
as our application has its own authentication.
The third question is that if a thrid party application wants to authenticate
our request (with ST appened) with cas server, what api the third party
application can use to make sure that our request is from a trusted source.
Sorry if the questions do not make sense. I am a newbie and we do not want to
go through cas for all requests.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
