Hi Joe, I have a CAS server extension in GitHub (https://github.com/epierce/cas-server-extension-token) that includes an AuthenticationHandler that does what you're looking for. After validating the user's authentication code, you application would create a JSON document with the user's username and attributes, encrypts it (AES-128) with a secret shared with the CAS server and redirects the user to the CAS login page with the "token" as a GET or POST parameter. The CAS extension decrypts the token, validates the contents and authenticates the user. There are examples of how to create a compatible token in multiple languages here: https://github.com/epierce/cas-token-auth-examples
-Eric -- Eric Pierce Identity Management Architect Information Technology University of South Florida (813) 974-8868 -- [email protected] ________________________________________ From: Joe <[email protected]> Sent: Friday, December 27, 2013 5:17 PM To: [email protected] Subject: Re:[cas-user] CAS Automatic Login... best practices Sorry, rereading what I want to do, I can see now, how it's a bit misleading. So (on the application server side) I have authenticated the user via an authentication code, and have created the account. CAS has not yet authenticated the user. I want to tell CAS that the current user and session is authenticated without passing the password back over the public wire .(The application server might pass the user/password to CAS). I can think of a few ways to do this, but is there a recommended way? -Joe -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
