Correct. The encryption key is shared ahead of time between the CAS server and the client application.
Sent from my iPhone On Jun 19, 2013, at 4:16 PM, "James Sumners" <[email protected]> wrote: > I'm a little fuzzy on how this works. Are you suggesting that the client > application would make up a JSON encoded object that has the required > properties, encrypt it with a pre-shared key, send it to the CAS server, and > then the user would be logged authenticated to the CAS server? There's no > need to ask the CAS server for a key before encrypting? > > ~ James > > On Jun 19, 2013, at 12:13 PM, "Pierce, Eric" <[email protected]> wrote: > >> Once the extension is installed and configured, your registration app can >> generate the encrypted JSON and pass it as the 'auth_token' parameter to the >> CAS server. The extension will authenticate the user by decrypting the >> token and verifying the data it contains. > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
