[Apologies if this is a duplicate post; my first effort redirected to the login screen and I assume didn't go through.]
I'm trying to understand the CAS protocol... I'm writing a web app that accesses CAS-protected web services on the same host multiple times on behalf of the same user. Does each request require its own proxy ticket? In other words, is the pseudocode like this: use PGT to generate a proxy ticket for https://mywebservice.com/ call https://mywebservice.com/ws1&ticket=ST... call https://mywebservice.com/ws2&ticket=ST... call https://mywebservice.com/ws3&ticket=ST... call https://mywebservice.com/ws4&ticket=ST... assemble the results and return the page to the user OR is it like this: use PGT to generate a proxy ticket for https://mywebservice.com/ws1 call https://mywebservice.com/ws1&ticket=ST... use PGT to generate a proxy ticket for https://mywebservice.com/ws2 call https://mywebservice.com/ws2&ticket=ST... use PGT to generate a proxy ticket for https://mywebservice.com/ws3 call https://mywebservice.com/ws3&ticket=ST... use PGT to generate a proxy ticket for https://mywebservice.com/ws4 call https://mywebservice.com/ws4&ticket=ST... assemble the results and return the page to the user If it's the first one... The web app would strip the /ws[1234] before validating the ticket and would need to cache the ticket at least temporarily. If it's the second one... Wow, that's a lot of web traffic. Thanks, Byron -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
