Am 24.06.14 19:05, schrieb George Brink: > Michael, > > Well... > I was hoping that CAS itself can be used as a 'session state' system.
CAS does maintain a session with the browser, but your webapp won't be able to access that for general security reasons > If it is not the case and we cannot "validate the ticket" several times > during the actual user session, you can actually, but it is not encouraged for security reasons, but see cas-server-webapp-3.5.2/WEB-INF/spring-configuration/ticketExpirationPolicies.xml and set c:numberOfUses="1000000" instead 1 > then I guess the traditional approaches > would be the answer. > > So the CAS is just an id/password checker? I would not say that, but yes one can use it for that purpose :-) Thanks Michael > > > > -- > George Brink > Application System Developer > Enterprise Business Intelligence Solutions - SIS Reporting > Phone: 854-1466 > http://www.columbia.edu/cu/sis > > Please remember that Social Security Numbers should never be sent (via > e-mail or any other electronic transmission) in an unencrypted form. > Contact SIS at [email protected] for more information and guidelines. > > > On Tue, Jun 24, 2014 at 12:09 PM, Michael Wechner <[email protected] >> wrote: >> Am 24.06.14 17:36, schrieb George Brink: >>> Hi all, >>> >>> Right now I am making a web site which would use CAS to recognize >> users.The >>> site is based on a set of Perl scripts. >>> I am looking for a comprehensive tutorial on how I am supposed to use >> CAS. >>> I see a lot of documentation (and it is discussed here a lot) on how to >>> create a CAS server in Java, but I need to _use_ CAS... >>> >>> So far I found AuthCAS module on CPAN, but I am not sure how to use it. >> All >>> examples ends on initial authentication, but what to do next? How can I >>> make sure that the user who is looking on other pages of my site did pass >>> the CAS authentication on the "welcome" page of the web site? >>> Ideally, I would like to have some "validateUser" function on each every >>> page of my site, but as far as I understand, CAS do not have such >> ability? >>> Once 'ticket' is validated it is not usable anymore? >> when your webapp has validated the ticket, then your webapp can consider >> the user as authenticated >> and hence your webapp could set a session state accordingly, but I don't >> know how you do something like >> this with a perl script based web site. Maybe the following helps >> >> http://search.cpan.org/~sherzodr/CGI-Session-3.95/Session/Tutorial.pm >> >> HTH >> >> Michael >>> >>> -- >>> George Brink >>> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
