Hi Carl, Superb explanation. Really articulated well.
Thanks much. Regards, Prasad On Mon, Feb 9, 2015 at 10:33 PM, Waldbieser, Carl <[email protected]> wrote: > Prasad, > > 1. CAS uses a Ticket Granting cookie (TGC) to track the TGT issued during > authentication. > 2. CAS does not specifically protect from these attacks. However, if you > are using TLS as the transport layer for your services, that protects > againast MITM and replay attacks. Cross Site Request Forgery protection is > something each service provider must provide for itself where applicable. > 3. A TGT is a long-lived ticket that allows you to request service tickets > for specific services from CAS without having to re-present primary > credentials. A service ticket (ST) is a short-lived, one time use ticket > that a service provider validates with CAS in order to authenticate the > user. It is kind of like: > > user: CAS, please give me a one-time ST good for service "foo". > CAS : You don't have a TGT, so please provide me with credentials. > user: Here is my username and password. > CAS : Looks good. Here is a TGT that is good for 8 hours. > You can use that next time instead of having to type in your > credentials. > Also, here is the ST you asked for. It is only good for 10 > seconds. > user: Service "foo", here is a service ticket that identifies me. > foo : CAS, I received this ST-- could you validate it please? > CAS : This ST is good. It is for user "jdoe". > foo : User "jdoe", welcome to the "foo" service! > > Thanks, > Carl Waldbieser > ITS System Programmer > Lafayette College > > ----- Original Message ----- > From: "Durga Prasad" <[email protected]> > To: [email protected] > Sent: Sunday, February 8, 2015 10:35:43 AM > Subject: [cas-user] How does CAS perform Sessioln Management? > > Hi Folks, > > I have few doubts on CAS. > > 1. How does CAS maintain session between multiple aplications? > > 2. How CAS is secure from Man in the middle attack & Replay, CSRF attacks? > > 3. What is the differene between TGT & service ticket? > > Kindly clarify my doubts. > > Thanks in adavnce. > > Regards > Prasad > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
