On Tue, 20 May 2014, Carlos wrote:
Hi,
I have successfully used the CAS Restful API to get the ST- ticket.
I would like to get the CASTG cookie as well. Can I get it with the API?
??If I generated the CASTG cookie in my servlet with the TGT cookie ,
would other applications work with the CASTG cookie even though every
different application had its own jsession?
The CASTGC cookie follows the same rules as any other browser cookie. It
must have a valid domain. The web server can only set cookies in the same
domain as the web server, and browsers will only send cookies to servers
that are part of the cookie's domain.
Your application could set a value for the CASTGC cookie, but it would
only be present in your application's domain. Therefore, the cookie would
not be sent to the CAS server and CAS SSO would not function.
Here is an example:
CAS server name: cas.example.com
Application name: www.app.com
Your application sets CASTGC with domain "www.app.com". When the browser
visits https://cas.example.com at some later time, it will not send the
CASTGC cookie because the domains don't match.
Remember, the CASTGC cookie is only used by the CAS server, not by CAS
clients. CAS clients rely on Service Tickets, not the TGT.
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
