This seems like
it will work, but seems very heavy to me. I know that the pages being served
will never be secure pages, like a home page, but there are sections of that
page that will change if you are authenticated. If I use the "gateway" feature
every request to the home page will be sent to the CAS server and then
redirected to the home page. On top of that if there is a ST then that will need
to be validated everytime in order to obtain the netId. That is a lot of
requests to serve a single page.
What I think I
need is a way to either drop another custom cookie with the netId or change
the content of the CASTGC to include the netId. That way the home page just
needs to check for the cookie, grab the netId and deliver. No multiple
redirects.
I have looked at
the CAS server code and can easily add code to drop another cookie. Getting the
netId is still unclear. However, I don't like the idea of customizing the CAS
code. Any thoughts would be appreciated.
--Pete
-----Original Message-----As Velpi pointed out, CAS has a "gateway" feature. What "gateway" does is when you are redirected to CAS, CAS will generate a service ticket IF a SSO session exists, but it will not create an SSO session. So what happens in that scenario is that if there is an SSO session, the client application will receive an ST, otherwise it will not. But the user will never be prompted to provide a username/password. So your application can detect an authenticated user that way.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Scott Battaglia
Sent: Friday, September 22, 2006 7:46 AM
To: Yale CAS mailing list
Subject: Re: CASTGC Cookie & NetID
The link has a more detailed explanation.
-Scott
On 9/22/06, Velpi <[EMAIL PROTECTED]> wrote:> After successfully authenticating, is it possible to obtain the netId from the CASTGC cookie on subsequent requests? Otherwise would it be possible to modify the CAS login process to drop the netId into a cookie. I have a 3rd party application that needs to know if a user is authenticated and how that user is, but doesn't have any secure resources. It will basically display different data depending on the users status.
Might this be something that you're looking for?
http://www.ja-sig.org/products/cas/client/gateway/index.html
-- Velpi
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
