Nancy, If you use the RESTful API, I think your "robot" would need to present a credential to CAS to authenticate. If you are using proxy-CAS, the user presents a credential to the CAS server and then some service the user authenticates to via CAS is allowed to authenticate to another service *without presenting credentials*.
I think of these mechanisms as being used in different ways. At Lafayette College, we have a portal page that uses CAS for authentication. Webmail also uses CAS for authentication. If a user logs into the portal, it uses proxy-CAS to access webmail and display the top 10 email subjects in the user's inbox. This is interactive, but the user does not directly interact with the webmail service in this case. The REST API seems more useful when there is no user interaction whatsoever, but in that case the credentials have to be stored in such a way that the "robot" that uses the service can present them to CAS. For example, if an IMAP mail client for supported CAS as an authentication method, I would expect it to use something like the REST API. Thanks, Carl Waldbieser ITS System Programmer Lafayette College ----- Original Message ----- From: "Nancy Snoke" <[email protected]> To: [email protected] Sent: Monday, April 6, 2015 5:15:56 PM Subject: [cas-user] webservice authentication via cas So we have CAS running wonderfully for user applications. We are running CAS 4.01, using LDAP authentication and have attributes being returned for authorization when needed. We want to require authentication on a couple web services, and would like to do it through our existing CAS server. There needs to be no human interaction necessary between the web application and the web service requests. I think I could do this either by using proxy authentication or the CAS REST API. So I thought I would see if anyone wants to weigh in on the best way to implement web service authentication without human interaction. If there are any other ways to implement this, I would love to evaluate all my options. Does anyone have a preference one way or the other? Are there any security concerns (besides the obvious) I need to be careful of? Thanks for the advice, Nancy Snoke -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
