Hello, Even I am trying to use CAS with my desktop application. Do you know how to go about doing this. This is what I am trying to do:
The desktop appln contact the Tomcat server using webservices and gets back the result. Now I want a user to fill in a username and password and this be sent to the Tomcat server which uses CAS to authenticate. It should return a ticket back to the desktop application so that it can make future calls to webservices with that ticket. I just want authenticated user to be able to make calls to my webservices Any idea how I can achieve this Thanks Deval >From: Ingeneur <[EMAIL PROTECTED]> >Reply-To: Yale CAS mailing list <[email protected]> >To: "Yale CAS mailing list" <[email protected]> >Subject: Re: casify applets >Date: Sun, 18 Jun 2006 11:07:37 +0530 > >Well, I am initially planning to try the VNC Viewer applet. Actually, >it is not just about applets alone. I ve had this requirement for some >desktop applications too!! Maybe be I am sounding ridiculous. > >I think I like the proxying idea! It would greatly reduce the >possibility of faking identity. I dont want to access the CAS cookie >at all. I still havent got the idea of proxying CAS. Well I ll get >back after doing my homework. > >Thank You. In case of issues, I ll get back with a useful usecase too. > >Regards, >Abishek Goda > > > >On 6/18/06, Andrew Petro <[EMAIL PROTECTED]> wrote: > > I don't know much about applets. Here's my stab at a reply anyway: > > > > As I understand it, a Java applet is strongly associated with some > > authoritative website from which it is loaded. > > > > So make the user CAS authenticate to that website and then have that >website > > communicate the authenticated user (perhaps cryptographically signing >this > > assertion?) to the applet. This is pretty easy as a gateway to get the > > applet in the first place (and then just deliver an > > authentication-provisioned applet.) > > > > If you really want the user to start from the applet and "get > > authenticated", then produce a URL in the applet to the website with an > > identifying session key, and then the website can require CAS >authentication > > and provide a service that the applet call with the key to see who's > > authenticated for that key. > > > > However, providing any authentication to a Java applet is a tough way to >go. > > The code is running on the end user's computer. He can do arbitrarily > > clever things like replace the local JVM with a compromised JVM. So >more or > > less whatever you come up with, there will be some way for the end user >to > > fake out the applet once received to believe he is someone he is not. > > > > However, if the applet in turn uses CAS proxy tickets to proxy > > authentication to access whatever it is that it accesses, then security >can > > be restored inasmuch as it will not be possible to get valid proxy >tickets > > in the name of anyone other than the user who received the ST from which >the > > PGT was derived. You'll have to solve interesting problems to use proxy > > tickets including what the proxy callback URL is going to be -- >presumably > > also a service provided by the website hosting the applet. > > > > In any case, I would strongly recommend against the applet accessing the >CAS > > TGT cookie directly. That cookie is intended to be only available to >the > > CAS server. No CAS-using services should ever see or touch that cookie, >and > > widening the scope of that cookie or making it visible over non-SSL'ed > > connections seriously compromises the security of the CAS protocol. > > > > > > Use case? What will your applet do? > > > > Andrew > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >On > > > Behalf Of Ingeneur > > > Sent: Saturday, June 17, 2006 6:27 AM > > > To: Yale CAS mailing list > > > Subject: casify applets > > > > > > Hi All, > > > > > > I need some starter ideas on how to casify a java applet. Is this > > > possible at all?? I can have the page casified. Can I then try a > > > URLConnection to the cas server to get the User Logged In?? Will the > > > applet need to read the CAS cookie information?? > > > > > > Am I talking sense at all???? > > > > > > Thank You > > > -- > > > Regards, > > > > > > Abishek Goda > > > http://www.geocities.com/abi_gt > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > >-- >Regards, > >Abishek Goda >http://www.geocities.com/abi_gt >_______________________________________________ >Yale CAS mailing list >[email protected] >http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
